Several days ago we received a complaint about javascrpt.ru. After a bit of research, we found that it tries to mimic ajax.google.com and jquery, but the code is an obfuscated/packed redirector.
After removing two layers of obfuscation, we found a list of conditions checking visitors’ user Agent. From these conditions. we got a clue and focused on mobile devices.