See: https://www.virustotal.com/nl/url/3199bd2b95208487a4561e2b667784e38dad39626d949f74ce22f03421f2f16b/analysis/1406828984/
See: https://www.virustotal.com/nl/file/a5c170367d3426bb0489616ca038c34fd5d13df5f11c5656005d2f16370bdef7/analysis/1406785110/
Considered a high risk page here: http://app.webinspector.com/public/reports/23588958?cache=true
Trojans detected:
Object: htxp://du.mqchengyi.com/20130130/19.html
SHA1: ad663186744e3836b8bcef0b60051324f1907896
Name: TrojWare.JS.Redirector.PS
Site is protected by WAF/2.0

Quttera flags 3 malicious sites: /20130613/159.html & 20130709/319.html & /20130212/33.html
Also see: http://urlquery.net/report.php?id=1406829856567 & more recent, see: http://urlquery.net/report.php?id=1406829979486

There are some attacks that cannot be detected by an application. These usually involve the exploitation of a protocol such as HTTP or TCP and appear to the application to be legitimate requests. These "ninja" style attacks take advantage of the fact that applications are generally only aware of one user session at a time, and not able to make decisions based on the activity of all users occurring at the same time. The application cannot prevent these attacks

like the so-called Ninja Attack. Quote taken from Lori MacVittie at DevCentral.

IP Badness history at VT: https://www.virustotal.com/nl/ip-address/142.91.94.12/information/

example of defacement on IP → abused server: http://www.xatrix.org/def.php?d=mqchengyi.com

polonus