Is this unknown_html_RFI_eval detected?

Another detetion Up(nil): unknown_html_RFI_eval RIPE RU abuse at yandex dot ru 213.180.204.46 to 213.180.204.46 narod dot ru htxp://narod.ru/disk/54550387001.6c5f571d860d8fe5601f1a090e9ec359/FortiClient_Help_ru.zip.html
Error: Supplied URL could not be fetched.Error: Supplied URL could not be fetched.
On hxtp://css.yandex.net/css/narod/disk/jquery.comments.js?v5 there is eval(function(p,a,c,k,e,r) code found…also on: htxp://narod.ru/js/jquery.flash.js
IDS flagged earlier for

3 FILEMAGIC Macromedia Flash data (compressed),
all closed/dead after a maxumum of 2.2 hrs…
See two detections here: https://www.virustotal.com/url/d8d8762927ca30a50ea65e1e9947f4e890932d717641bf4f741c6ff80f598326/analysis/1358714646/
see the suspicious code image attached…also see: http://anubis.iseclab.org/?action=result&task_id=1d8085d7890903be4e5e6273c47a743f7

polonus

VirusTotal
https://www.virustotal.com/file/978f0d329d2d969d88b94249f29a5d127165558c2e27437e682e4eb73bd11fc2/analysis/1358715402/

Hi Pondus,

What about this? https://www.virustotal.com/url/d8d8762927ca30a50ea65e1e9947f4e890932d717641bf4f741c6ff80f598326/analysis/1358714646/
and this? http://zulu.zscaler.com/submission/show/1828800622c93e67bc39559fa6ec5a8d-1358714051
see: htxp://jsunpack.jeek.org/?report=dd2ca3df05b97001d02ebb0b56a8b25dee92759e (for the security aware only -view with NoScript active and in a VM)
Or is this just obfuscated eval packer protection for the yandex tracking script code, which is suspicious but benign…

polonus

well Zulu is supicious to russian IP and server

Geo-location Risk Risk associated with country location of server: RU (Russia)

Zscaler IP Reputation IP address has been identified as risky by one/more sources

Comodo site inspector http://siteinspector.comodo.com/public/reports/8831440

The only issue was that the start url was directed to another page of the website: http://narod.yandex.
And again I get a

eError: Supplied URL could not be fetched.Error: Supplied URL could not be fetched

generated DOM source from there is

 <html><head></head><body></body></html>

nothing more…
href, location & data found as sinks in the code,

polonus