VW gives: Up(nil): unknown_html RIPE GB abuse at compubyte dot vg 213.174.157.134 to 213.174.157.134 moy dot su htxp://livezimbra.moy.su/btry.htm
Site blacklisted and compromised: http://sitecheck.sucuri.net/results/livezimbra.moy.su/btry.htm
See: https://www.virustotal.com/nl/url/3e784a5e6b423e65f2edbaef37e05e7f8b6f5bb173c1c0076263402964475dee/analysis/1388321386/
and: http://urlquery.net/report.php?id=8605033 IDS alert for “ET RBN Known Russian Business Network IP group 170”
Potentially suspicious file:
s104.ucoz.net/src/uwnd.js?2
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘

<td style="width:8px;height:’]] of length 19456 which may point to obfuscation or shellcode.
Threat dump: View code → http://jsunpack.jeek.org/?report=131e820b0271bc2738d0472389d771890acf5297
File size[byte]: 228800
File type: ASCII
MD5: 512FA0F362B02FE6A8EDA5B26A3F1BC7
Scan duration[sec]: 17.925000
Malware from site now probably closed: http://support.clean-mx.de/clean-mx/viruses.php?ip=213.174.157.134&sort=id%20DESC

pol

This site on same IP is still spreading live malware, HTML/Badsrc.K!tr or has it also been taken down? Re; http://maldb.com/bodrich.kharkov.org/
or cleansed? Re: http://sitecheck.sucuri.net/results/bodrich.kharkov.org & http://urlquery.net/report.php?id=8605381
WOT and CleanMX do not seem to like this Ukranian site: https://www.virustotal.com/nl/url/0c7d2dfaa153ef081f44f4f460ad6697b59bb7ac1c799925e8b3d61796cd0625/analysis/1388322533/
I get a "Welcome !
Site bodrich.kharkov.org just created.

Real content coming soon." Will be interesting with it will be spraeding next? ;D
It already is getting an Excessive Header and a Clickjack Vuln Warning. So, Shhh… don’t let your response headers talk too loudly
See what info we get here: http://jsunpack.jeek.org/?report=a1ede643e0c9c204bc16291388a568212eb99d0f

polonus