Hi Asyn,

See analysis here: htxp://jsunpack.jeek.org/dec/go?report=fd5d456a4c437907cac027c23dc5b80c04201d02 (link to temi4.pochta dot ru)
Visit above link (for security aware only) go there with ample script protection and sandboxed,
Certain domains on 66.197.186.37 have “exploit kit” (hostnoc dot net - > trahme dot ru)

polonus