Confliciting scan results - suspicious only or malware?

Unknown_html detected at MX Viruswatch archives.
Flagged once here: https://www.virustotal.com/nl/url/150e93b76c8f191d99a2dca8ec5bc9532e772f208b9e6c6544f71b34460f0198/analysis/1418310683/
Nothing detected here: https://www.metascan-online.com/en/scanresult/file/b7a12614257445178ca6bf5ee9f248ec
Suspicious file: fpsxqdzliof
Severity: Potentially Suspicious
Reason: Detected unconditional redirection to external web resource.
Details:
Threat dump: http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http%3A%2F%2Fwww.qualigo.de%2Fdoks%2Fsearch%2Fsource%2Fstd%2Fcharge_direct.php%3Fds%3Dsubdomzz%2526subds%3D000a.de%2526fallback_url%3Dhttp%253A%252F%252Fwww.000a.de&useragentheader=&acceptheader=
Threat dump MD5: 14618E2EBB6D467FDBBEBE1AFEC1BAFD
File size[byte]: 2265
File type: HTML
Page/File MD5: 262F25329D5260293326576F62E3ADA1
Scan duration[sec]: 0.006000

IP listed as PHISH: http://comments.gmane.org/gmane.comp.security.phishings/12667
wp_logout action hook is triggered - pay per click search service qualigo opposed to Overture and Google
Site with bad web rep: https://www.mywot.com/en/scorecard/khizar-waheed.000a.de?utm_source=addon&utm_content=warn-viewsc

polonus

html clean
https://www.virustotal.com/en/file/9bf1f11cc8b183d7feef7c9200d8ddffc4a26f3b4439763d776885b6e02e5494/analysis/1418311543/

URL show a login site … see pic http://urlquery.net/report.php?id=1418311607265

The main naked domain, see https://www.mywot.com/en/scorecard/000a.de , is a known spam domain.
So this sub domain takes after that one.
It is mainly WOT that gives the bad web rep → https://www.robtex.com/en/advisory/dns/de/000a/
PHP vulnerabilities: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-130365/PHP-PHP-5.3.14.html

Log deletes: htxp://khizar-waheed.000a.de/fPsxQDZLioF with suspicious code as shown here:
http://jsunpack.jeek.org/?report=f79b4828bcbd982fa06459aa74fcf642a716957f
Open up this link report in a browser with NoScript active and inside a VM/sandbox.
The above link is meant for security research only! iStart Websearchers adware? :-X Intrusive Web Advertising:
htxp://jsunpack.jeek.org/dec/getfile?hash=9a08/fd3cc788fe13267a295249f2fd96b4b204bc
Also found from code this detection for ///i1.cdn-image dot com/___/js/min.js?v1.6
Re: https://www.virustotal.com/nl/url/aa8c04ea4065c03bdba8f619fd8424849d3d2af227dec3a382761cd91a6ad88b/analysis/
error: undefined variable s in code

Pondus I think I have found up enough to put this website under scrutiny. I would like to block it i.m.p.h.o.

polonus (volunteer website security analyzer and website error-hunter)