Why this Stumble Upon malware is not found?

Where apparently malware resides? - see attached top gif for URL,
what is loaded? see second attached gif
Scanned that at virustotal: http://www.virustotal.com/url-scan/report.html?id=9192b84cb2195411ebe7243eb7c4d6bf-1301168581
file analysis there: http://www.virustotal.com/file-scan/report.html?id=6a5ed15af285547d52abb97b245f860949e23a8d515d30117db019aa0a282724-1301172440
wepawet has benign: http://wepawet.iseclab.org/view.php?hash=29846ea6cd5a75dae9467c342cfa4556&t=1301173016&type=js
So what is out there?

polonus

Avira analysis

File ID Filename Size (Byte) Result 19821246 stumble.png 1.3 KB KNOWN CLEAN

Please find a detailed report concerning each individual sample below: Filename Result stumble.png KNOWN CLEAN

The file 'stumble.png' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'uCertify 117-102 Junior Level Linux Prof 8.03.05 '.

But the long url sure gives me enough reason to think it is at least a tiny bit suspicious…
look here: htxp://jsunpack.jeek.org/dec/go?report=f1879941a1e349af6b7076ce950f0c05f3d0fb84
(the above munged link is for experienced users only, open up sandboxed and with script blocker active,
so nothing malicious may spill over, when active script found your avast may alarm, could also view it inside a proxy like: http://www.idoproxy.com/ see attached gif)

And what does avira go on about here? http://www.avira.com/en/support-threats-description/tid/6191/threat/TR.Dldr.Nirava.psd
If the attentive readers sees where it tries to connect:
htxp://crazyleafdesign.com/blog/images/share/stumble.png?**********; Why?

polonus

Not actually sure what it is now. Could be an avira FP, but as it was given at a malcode domain site I felt I had to mention it,
&Pondus, thanks a lot for assisting in verifying these results. It is nice how we seem to inspire each other again and again,

polonus