Ha Eddy,
Delving in the direction you pointed at and yes Artemis botnet C&C probably comes in view.
Server nginx/1.4.4 on that website jaoohqvqda dot ru is vulnerable to conditional redirects.
The WOT rep of the Cert. hoster, megasml dot ru is very low - Trustworthiness Very Poor (15/100)
04/14/2014 SURBL Site blacklisted at ws.surbl.org (sa-blacklist web sites). [link]
htxp://jaoohqvqda.ru/ -> something bad out there, the host you provided doesn't allow incoming HTTP HEAD requests.
web bug results:
HTTP/1.1 403 Forbidden
Server: nginx/1.4.4
Date: Tue, 30 Sep 2014 22:16:43 GMT
Content-Type: text/html
Content-Length: 168
Connection: close
Vary: Accept-Encoding
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.4.4</center>
</body>
On that Autonomous System:
AS39572
AS Name: ADVANCEDHOSTERS-AS ADVANCEDHOSTERS LIMITED
IPs allocated: 34816
Blacklisted URLs: 730
Hosts...
...malicious URLs? Yes
...badware? Yes
...botnet C&C servers? Yes
...exploit servers? No
...Zeus botnet servers? No
...Current Events? Yes
...phishing servers? No
...spam servers? No
...spam bots? No
...spam activity? No
This domain was hosted in the Netherlands and here, Eddy, you could be right:
https://www.virustotal.com/nl/domain/cnt1.xhamster.com/information/See:
http://urlquery.net/report.php?id=1412105524298Asprox Criminal botnet for Artemis, see:
https://www.virustotal.com/nl/file/5fd0c62db91b93bf5630838a66635a5516fd8863e06db036d0ca2dae2983de58/analysis/polonus