Hi Dim@rik,
DrWeb URL Checker is improving detecting this as suspicious:
Checking: -http://fdp2.ph
Engine version: 7.0.0.11250
Total virus-finding records: 2477912
File size: 6751 bytes
File MD5: 996b414c14af0215cf11b03cce489b6d
-http://fdp2.ph - archive JS-HTML
>-http://fdp2.ph/JSTAG_1[51f][391] - Ok
>-http://fdp2.ph/JSTAG_2[8db][681] - Ok
>-http://fdp2.ph/JSTAG_3[f91][1ab] - Ok
>-http://fdp2.ph/JSTAG_4[1164][37a] - Ok
>-http://fdp2.ph/JSTAG_5[1506][3a4] - Ok
>-http://fdp2.ph/JSTAG_6[18e4][dd] - Ok
>-http://fdp2.ph/JSTAG_7[19ed][55] - Ok
>-http://fdp2.ph/JSTag_8[8e0][67c] - Ok
>-http://fdp2.ph/JSTag_9[f96][1a6] - Ok
>-http://fdp2.ph probably infected with SCRIPT.Virus
>-http://fdp2.ph/JSTag_10[1169][375] - Ok
>-http://fdp2.ph/JSTag_11[150b][39f] - Ok
-http://fdp2.ph - Ok
Just feed "pid=5POLF2X98" as a google search query to google and you will see it is looking up adware "adsph\index" results - these come from a Singapore phish tracker - Metro Manilla,
So the suspicious script is an adware Phishing Script,
polonus