See: http://maldb.com/technofarm.ru/
Conditional redirects found. Visitors from search engines are redirected
to: htxp://spywarepc.info/0/go.php?sid=2
Redirect to this URL found in 123 sites
Not detected or low risk given: http://www.brightcloud.com/tools/url-ip-lookup.php
Site with warnings: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Ftechnofarm.ru
Suspicious conditional redirect: http://sucuri.net/malware/entry/MW:HTA:7
Kraken’s Virus Tracker classification: technofarm dot ru,213.189.197.228,dns0.zenon dot net,Criminals,
meaning there is active malware up there.
pol
See: http://maldb.com/motabitz.net/
On the original hack: http://forum.directadmin.com/archive/index.php/t-29370.html (link reply = scsi)
Redirect site is a known infection source: https://www.virustotal.com/nl/url/820cdccaaa8472570b43dbe2fd55198408e06193b26d465d755997ea1198d0f8/analysis/
and is found here: htxp://gpt0.ru/in.cgi?3 is in Dr.Web malicious sites list!
https://urlquery.net/report.php?id=1396050571854
Flagged there is ET CURRENT_EVENTS TDS Sutra - request in.cgi an IDS alert for Detected SutraTDS URL pattern.
Also site alerted as belonging to ET RBN Known Russian Business Network IP group 323 (IDS alert)
GET /in.cgi?3 HTTP/1.1
Host: gpt0 dot ru is infested! → http://scanurl.net/?u=gpt0.ru%2Fin.cgi%3F3&uesb=Check+This+URL#results
Avast! Webshield detects an object |{gzip} infested with JS:ScriptPE-inf[Trj].
kraken’s Virus Tracker classification:
gpt0 dot ru,72.52.4.90,ns1.sedoparking dot com,Criminals, missed detection? http://zulu.zscaler.com/submission/show/c8e7c23d09232a9db523a81841de309b-1397064561
pol