(In the case of JST) EITest has been observed again since last night, but many researchers say that they can not observe it. In conclusion, It seems that EITest this time is targeting only some Asian countries including Japan.
I accessed EITest 's Compromised site using IP from various countries, and the results are as follows.
I found out that there were three types of EITest inject codes. They are switched with Geo. I don't know the details, but UK and America seem to be redirected to a different place from RigEK. It seems that only some Asian countries, such as Japan and Hong Kong, are redirecting to RigEK.