Suspicious conditional redirect not detected or taken down?

See: http://maldb.com/villasmarche.com/# (name or service not known → http://jsunpack.jeek.org/?report=5a0d19da0d87cbb8c9622febee2d1b0047dc9adb
Confirmed by Sucuri’s as http://sucuri.net/malware/entry/MW:HTA:7
Suspicious site given at Quttera’s: index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to htxp://cartographicglobs.net/markersity?8.
File size[byte]: 18446744073709551615
File type: Unknown
MD5: 00000000000000000000000000000000
Scan duration[sec]: 0.001000

Visitors from search engines are redirected to: htxp://cartographicglobs.net/markersity?8 Redirect to this URL found in 47 sites

Part of unknown java exploit: https://lists.emergingthreats.net/pipermail/emerging-sigs/2012-September/020383.html
http://evuln.com/labs/cartographicglobs.net/https://www.virustotal.com/nl/url/5a86a174c68c220c22c1b8579119155e302617c705d483b6022697dd84eb022b/analysis/

redirect site seems down now, 11004 [11004] Valid name, no data record (check DNS setup).

polonus

Another one that was not taken down yet → http://maldb.com/fruitofthevineyoga.com/ and not blocked by avast! either.
Probably compromised via outdated Joomla CMS: Joomla Version: 2.5.14
Joomla Version 2.5.x - 3.0.x for: htxp://fruitofthevineyoga.com/media/system/js/caption.js
Joomla version outdated: Upgrade required.
Conditional redirects found. Visitors from search engines are redirected
to: htxp://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php
Redirect to this URL found in 3770 sites
See other similar infestations on IP: http://support.clean-mx.de/clean-mx/viruses.php?ip=184.168.248.1&sort=id+DESC
See: https://www.virustotal.com/nl/url/933fbbe4eb0fe7b7a982d713943d637f903f32eaf38c865568275b4227bcb058/analysis/
See: http://sitecheck2.sucuri.net/results/www.cibonline.org
See: http://quttera.com/detailed_report/www.cibonline.orghttp://jsunpack.jeek.org/?report=1eeb1ab7f114714119db6dc0ccb3c5b7a50c9005
flagged on site 256 times as Not supported malicious buffer type.
Potentially suspicious: plugins/system/cd_scriptegrator/utils/js/highslide/highslide.packed.js.php
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method eval __tmpvar1886438521 = eval;
Threat dump: → http://jsunpack.jeek.org/?report=fd5492cf0aecd6a33d9307870c8aebf6af02c962
File size[byte]: 32328
File type: ASCII
MD5: 091A36204A929EB1437C1E744E9E3D42
Scan duration[sec]: 0.347000
External link check benign: hxtp://newmandoesit.com/ → http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://www.fruitofthevineyoga.com/&uag=MSIE+8.0+Trident&ref=http://www.google.com&aen=&req=GET&ver=1.1&fmt=AUTO

polonus