Via: htxp://jasarchitects.co.uk/spryassets/clicker.php
SE visitors redirects
Visitors from search engines are redirected
to: htxp://jasarchitects.co.uk/spryassets/clicker.php
3 sites infected with redirects to this URL
This going on on, see: http://killmalware.com/tanzed.org.uk/
Server redirect status: Code: 301, htxp://jasarchitects.co.uk/spryassets/clicker.php
Redirect to external server!
IP badness history: https://www.virustotal.com/nl/ip-address/91.103.217.35/information/
Avast detects JS:Iframe-AMQ [Trj] there and JS:Decode-AJU [Trj] on Application: Serif WebPlus X6 (14.0.2.025) code.

See: http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?
url=http%3A%2F%2Fjasarchitects.co.uk%2Fspryassets%2Fclicker.php&useragentheader=&acceptheader=

redirecting finally to: htxp://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js
See: http://jsunpack.jeek.org/?report=2393bde1de5d16be3345673540d10c8ff33f211d
For security research only. Open link in browser with NoScript extension active and inside a VM/sandbox.

Where we find: http://serverfault.com/questions/582962/unused-domain-name-getting-routed-to-double-click
First domain registrar point the domain to what they call a “Standard Under Construction” page unless and until you change that.
thereafter hijacks customer sub-domains for an ad fest- Read: http://www.theregister.co.uk/2008/04/11/network_solutions_sub_domain_parking/

Something quite similar but non-SEO redirection related desribed here by me: https://forum.avast.com/index.php?topic=103021.0
Here it was blacole that was at the culprit if this abuse.

polonus (volunteer website security analyst and website error-hunter)