Hi Polonus,
I get:
HTTP/1.1 200 OK
Date: Fri, 30 Nov 2012 22:09:16 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 30 Nov 2012 21:56:41 GMT
ETag: "3c80d6-1a6-797f5840"
Accept-Ranges: bytes
Content-Length: 422
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
See the image attached. It's a pretty simple JavaScript redirect, no obfuscation or any of those sorts. There is also no use of HTML's meta refresh tag, so disabling JavaScript for that website will prevent the redirect. Since the redirected file is .php, you have the ability to check the referrer and return different content based upon that knowledge. For example, accessing the site directly redirects you to Google whilst the defined 'exploit sites' will be validated and the exploit code will be executed.
~!Donovan