Unknown_html_RFI_shell and also iFrame malware?

[polonus]

Yandex flags and blacklists: htxp://www.orienthotelistanbul.com -> https://www.virustotal.com/en/url/9620bcf643e21482d0af826722dd58a7effe548e25f79c80038ce7ca50d11e53/analysis/1438781058/
Quttera blacklists 72 blacklisted external links, main domain blacklisted.
iFrame for htxp://www.bestreserver.com/sistemonline/ClientRoomSearchWR.aspx?sid=orient&Tema=bordo_transparent&TakvimCssAd=creamsicle&ReturnUrl=http://www.orienthotelistanbul.com/hotelbooking.htm&lang=en-US -> http://toolbar.netcraft.com/site_report?url=http://www.bestreserver.com
Same 1 Fail, 2 Warnings: https://asafaweb.com/Scan?Url=www.bestreserver.com%2Fsistemonline%2F%3Fsid%3Ddemo
I see a 78.129.137.155
HTTP/1.0 301 Moved Permanently

Code: [Select]

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="htxp://orienthotelistanbul.com/">here</a></body> Re: https://asafaweb.com/Scan?Url=www.orienthotelistanbul.com  Fail & 2 Warnings.
Re: https://yandex.com/infected?l10n=en&url=www.orienthotelistanbul.com&redircnt=1438781997.1
Vulnerable: http://www.domxssscanner.com/scan?url=http%3A%2F%2Forienthotelistanbul.com%2F
AC_RunActiveContent.js. could be hacked
Is sizzle.js not malware?
Invalid code link to  htxp://gadgetronx.com/ bad site, from see: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.bestreserver.com%2Fsistemonline%2F%3Fsid%3Ddemo
Re: http://toolbar.netcraft.com/site_report?url=gadgetronx.com -> http://whois.domaintools.com/gadgetronx.com
This was blocked for me: uMatrix has prevented the following page from loading:
hxtp://mproxy.banner.linksynergy.com/ by uMatrix.

polonus