Look at the image on the left. See anything that shouldn't be there?
I'll give you a hint - it's got a black background.
I identified this whilst doing a routine enquiry on an IP housing a plethora of fake meds sites. I dropped a note to the sites owner and registrar, who informed me it most definitely should NOT be there.
The content in question, is;
The IP (184.108.40.206) belongs to Airtel customer, TELEMEDIA SERVICES;
The script itself, loads content that leads to search.keywordblocks.com (aka searchwe.com), which then leads unsuspecting victims to counterfeit sites such as jewelly.co.uk.
The webhosting.info server admin has been notified by the registrar, so it should be cleaned up and secured shortly.