Website compromised?

[polonus]

IDS alert for MALWARE-OTHER - a snort message in the so-called rule-group -> http://comments.gmane.org/gmane.comp.security.ids.snort.sigs/9576 - James Lay - classtype trojan activity
Compromised website response - leads to Exploit Kit here: http://urlquery.net/report.php?id=3218051
Site is given clean here: https://www.virustotal.com/pt/url/c4648f561502cd23790b7960469b22c1a1e6644e878c55877c4a74d0797de9f9/analysis/
and here: http://zulu.zscaler.com/submission/show/2724dff3ce629adb1ef725bbc8c1f017-1371647689
Not flagged here: http://scanurl.net/?u=http%3A%2F%2Fanea.es%2Fmodules.php%3Fname%3DNews&uesb=Check+This+URL#results
Site is flagged by Bitdefender's TrafficLight as infested...
PHP-Nuke vulnerable to SQL injection...PHP version vulnerabilities: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-20094/PHP-PHP-4.3.9.html
Bitdefender also flags this:anea dot es/themes/anea/banner.swf
Important for our evaluation are these results: https://www.virustotal.com/pt/ip-address/91.142.208.66/information/ (where avast detected on both occasions!)

polonus

[polonus]

This one sure is - having

Detected Styx exploit kit URL pattern detection

.
Good it is being immedeately blocked in your browser by Google Safebrowsing, see: -> http://scanurl.net/?u=http%3A%2F%2Fborrowfinetune.biz%2FFPOgXe0kB4g11xXP09Tb312J5b09B8K0BGen0T3d10IGcU17BBP0el6z0ySjO13Fj9%2F&uesb=Check+This+URL#results
16 IDS alerts here: http://urlquery.net/report.php?id=3218466
See: http://zulu.zscaler.com/submission/show/ed7e0689b32fc389377e8b5a9b0c2449-1371649885 (100/100% malicious)
But AVG sees the site as all green: http://www.avgthreatlabs.com/website-safety-reports/domain/borrowfinetune.biz/

polonus