Those types of code are often used to distribute malware from external web sites while not being visible to the user.
This is not a signature-based rule, but looks at anomaly behaviors on how the web site is being loaded. Our engine found it to be malicious (related to remote includes).
Any web site sites (no specific target)
Malware dump (sample of malware):