See: http://maldb.com/motabitz.net/
On the original hack: http://forum.directadmin.com/archive/index.php/t-29370.html (link reply = scsi)
Redirect site is a known infection source: https://www.virustotal.com/nl/url/820cdccaaa8472570b43dbe2fd55198408e06193b26d465d755997ea1198d0f8/analysis/
and is found here: htxp://gpt0.ru/in.cgi?3 is in Dr.Web malicious sites list!
https://urlquery.net/report.php?id=1396050571854
Flagged there is ET CURRENT_EVENTS TDS Sutra - request in.cgi an IDS alert for Detected SutraTDS URL pattern.
Also site alerted as belonging to ET RBN Known Russian Business Network IP group 323 (IDS alert)
GET /in.cgi?3 HTTP/1.1
Host: gpt0 dot ru is infested! → http://scanurl.net/?u=gpt0.ru%2Fin.cgi%3F3&uesb=Check+This+URL#results
Avast! Webshield detects an object |{gzip} infested with JS:ScriptPE-inf[Trj].
kraken’s Virus Tracker classification:
gpt0 dot ru,72.52.4.90,ns1.sedoparking dot com,Criminals, missed detection? http://zulu.zscaler.com/submission/show/c8e7c23d09232a9db523a81841de309b-1397064561
pol