I found the malicious code. It was in assets/js/jquery-1.2.3.js and assets/js/jquery-1.2.6-mod.js in form of:
eval(String.fromCharCode(<BUNCH INTEGERS SEPARATED BY COMMA HERE>)) which translates to a malicious code that sets the location source to "news.weatherplllatform.com" which injects two javascript scripts into the page: counter.js and stat.js which are setting some cookies and so on.
I removed the code from the jquery-1.2.6-mod.js that is used, but if you want i can revert it cause i saved a backup .bak file of it.
Due to some investigation purposes on our end, i left the jquery-1.2.3.js as it is (with the malicious code in it).
Please let me know if i should provide anything else or if i should revert back the malicious code so you can check if it came from your side somehow, and if not, confirm that to us so we can count that out and continue with our investigation deeper.
Regards,
Zhivko
Since i removed the malicious code from the jquery-.1.2.6-mod.js, you are no longer able to experience the redirect, just to clarify.