See: http://killmalware.com/681-beauty.com-cst.net/
PHISH and malware: https://www.virustotal.com/nl/url/8dee350dca6d4a98c118f5d9a21fc70998ebe1aaff8ff7831d4a72fa7d18b347/analysis/1432898003/
Detected at Sucuri’s → Known javascript malware. Details: http://labs.sucuri.net/db/malware/mwjs-iframe-injected530?v22
Blacklisted domain by ESET. PHP files - Stolen FTP password.
Code obfuscator: http://www.colddata.com/developers/online_tools/obfuscator.shtml → wbs creaor code…
Quttera fails to detect website. → http://www.domxssscanner.com/scan?url=http%3A%2F%2F681-beauty.com-cst.net%2Fintiwbd%2Fdeiwbd%2F - So when you create content via XSS on that page, you can access the functions in the .js file.
polonus