The Department of Statistics at Carnegie Mellon University (www.stat.cmu.edu) happens to be one of them. Thousands of websites have been hacked and are performing malicious redirections, unbeknownst to their owners. A malicious piece of code is inserted at the very bottom of the main pages source code. The code is only injected once per visit of the site (IP address logging) If you revisit the page again you get this (notice the blank line space between the script and body tags where the code was once injected): This could make it tricky for a website owner to identify since their own IP address would most likely already have been flagged.”]
Source: https://blog.malwarebytes.com/threat-analysis/2014/10/exposing-the-flash-eitest-malware-campaign/