This scan does not detect: https://www.virustotal.com/nl/url/284ec2a8f2b47a01a22de84af4d0a12164c9cc4b5325857aed56f0b382933484/analysis/
Request to hpcgi3.nifty dot com
Unsatisfactory web rep: http://www.mywot.com/en/scorecard/vhow.byethost4.com
Risk: https://www.google.nl/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fsameid.net%2Fip%2F185.27.134.95%2F&ei=KgpjUsLFHeGc0AX9iYCQDA&usg=AFQjCNFk_4Bwwahw7a_IWHWcvDBfMJH2qA&bvm=bv.54934254,d.Yms
But I think this is being flagged there: htxp://c.statcounter.com/t.php → http://www.threatexpert.com/report.aspx?md5=5c978f95f0590915ee4a6537e0269c3d or is this a false positive?

polonus

Has it been tested in a VM?

I went through the code with an online websniffer and this is the only bit that could arouse my concern

<script type="text/javascript"> 
document.write('<img src="htxp://hpcgi3.nifty.com/vvhome/countOW.pl?'+document.referrer+'" height=1 width=1 >');
</script>

and the link there(broken by me, pol) I get an internal server error

500 Internal Server Error
実行エラー
CGIの実行時にエラーが発生しました

see; http://jsunpack.jeek.org/?report=04a010d9d82c98d2a98a2cdaedb6c5e9cfbdfbe2 (= exel code).
For the analysis in a VM: http://anubis.iseclab.org/?action=result&task_id=10e9ecaac9bc5b284d512d5bce6c1ee94
Going through that later,

pol