See: https://www.virustotal.com/nl/url/35979554e674107cd3d0bfa1ee6b9bd79e3bf1b1ecadc5e6a0d61fca54f85adb/analysis/1441263666/
Where detecte, see: http://killmalware.com/whitehousepresssecretary.org/
Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwidget.supercounters.com%2Fonline_i.js
See: http://caja.appspot.com/#http://widget.supercounters.com/online_i.js
Detected as Trojan.GenericKD.1524050 (B)
http://evuln.com/tools/malware-scanner/http%3A%2F%2Fwidget.supercounters.com%2Fonline_i.js
But there are no suspicious redirects found.
System Details:
Running on web server: nginx/1.6.3 OpenSSH 6.4 (protocol 2.0)
Unable to properly scan your site. Site returning error (40x): HTTP/1.1 404 Not Found
-http://widget.supercounters.com/ is blocked by uMatrix for me
I get a "HTTP/1.1 404 Not Found" now.-> http://toolbar.netcraft.com/site_report?url=+WIDGET.SUPERCOUNTERS.COM
Other abuse there: https://urlquery.net/report.php?id=1441249521936
Now active as new.supercounters.com → http://www.domxssscanner.com/scan?url=http%3A%2F%2Fnew.supercounters.com consider: https://urlquery.net/report.php?id=1441267061683
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwidget.supercounters.com%2F%2Fonline_t.js+

polonus

Update: this detected 4 days ago as victim of that same hack? Defacement signatures
-thesanfranciscochroniclewebsite.com is defaced! -
The following signature was found:
and Select This site was constantly hacked by J.P. Morgan and Chase and Select Portfol
This signature was found in 119 websites.
Now clean? → http://evuln.com/tools/malware-scanner/thesanfranciscochroniclewebsite.com/
Website Risk Status 1 red out of 10: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fthesanfranciscochroniclewebsite.com
Blacklisted here is code from here: http://labs.sucuri.net/?details=widget.supercounters.com
See: http://toolbar.netcraft.com/site_report?url=widget.supercounters.com
Nginx 1.6.2 vuln.: http://www.saintcorporation.com/cgi-bin/demo_tut.pl?tutorial_name=nginx_HTTP_vulnerabilities.html
Service down for maintenance now at -http://widget.supercounters.com/online_t.js

polonus

Another one: http://killmalware.com/merrilllynchwebsite.com/#
Pattern found in 121 websites now. See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fmerrilllynchwebsite.com
Given as OK here: Checking: -http://widget.supercounters.com/online_i.js
File size: 4233 bytes
File MD5: 125dc296bf12f02efa5356d2acc87faf

-http://widget.supercounters.com/online_i.js - archive JS-HTML

-http://widget.supercounters.com/online_i.js/JSFile_1[0][1089] - Ok
-http://widget.supercounters.com/online_i.js - Ok

Checking: -http://widget.supercounters.com/hit.js
See example:
File size: 3785 byteshttp://www.domxssscanner.com/scan?url=http%3A%2F%2Fwidget.supercounters.com%2Fonline_i.js
Going to cashquickz.com → http://www.kiwiseo.com/cashquickz.com
File MD5: a8f2580bdb5afe54d641ea8f05453a3c

-http://widget.supercounters.com/hit.js - archive JS-HTML

-http://widget.supercounters.com/hit.js/JSFile_1[0][ec9] - Ok
-http://widget.supercounters.com/hit.js - Ok

Checking: -http://merrilllynchwebsite.com
Engine version: 7.0.15.8310
Total virus-finding records: 6415530
File size: 143.67 KB
File MD5: 9cacbe114af7c3dbae6bdb96f6608b7c

-http://merrilllynchwebsite.com - archive JS-HTML
-http://merrilllynchwebsite.com - Ok

uMatrix has prevented the following page from loading:
-http://widget.supercounters.com/hit.js & http://widget.supercounters.com/online_i.js

-https://www.mywot.com/en/scorecard/widget.supercounters.com

SiteTrrivia report: http://com.usbankwebsite.sitetrivia.com/ & http://merrilllynchwebsite.com.sitetrivia.com/www/merrilllynchwebsite.com?search_bar=True

polonus