Found here: http://urlquery.net/report.php?id=1984240 (see javascript 3)
See: http://wepawet.iseclab.org/view.php?hash=2fc8e2dea956145c4caceefc545c20c3&t=1365592502&type=js
avast detects this URL as infected with JS:Agent-AXQ[Trj] url|{gzip} by the avast! Web Shield.
See: http://jsunpack.jeek.org/?report=6ce8d0801320f1228fe1d7a4eff2e5d9dafb6dcc (visit with script blocker active and in a VM)
About NXDOMAIN read: http://www.dnsknowledge.com/whatis/nxdomain-non-existent-domain-2/ (and the abuse thereof by some parties)
also read: https://www.usenix.org/conference/usenixsecurity12/throw-away-traffic-bots-detecting-rise-dga-based-malware
(link - Damballa & Georgia Institute of Technology)
See: http://hosts-file.net/default.asp?s=gmstat230.info%2F
Also consider this: http://sitecheck.sucuri.net/results/gmstat230.info
& http://whois.domaintools.com/gmstat230.info

polonus