Malicious javascript on this french website?

I’ve ran trough some third party website scans for the website “en.codelyoko.fr” which is a fan site for a french cartoon show. Nothing else found, but killmalware.com points out one malicious javascript:

http://killmalware.com/en.codelyoko.fr/

Shows clean here:

https://sitecheck.sucuri.net/results/en.codelyoko.fr/

http://quttera.com/detailed_report/en.codelyoko.fr

No blacklists:

https://www.virustotal.com/en/url/97b2f602c30a54fd133e1faaa465cf187b91192f4d78b74a3c5abf538135d493/analysis/1449096453/

Virustotal does not scan websites.

I know that, included it just to show that the website doesn’t appear blacklisted.

PHP seems stable and fully patched: PHP/5.4.45-0+deb7u1
Insecure log-in and id-tracking issues: 50% of the trackers on this site could be protecting you from NSA snooping. Tell codelyoko.fr to fix it. Unique IDs about your web browsing habits have been insecurely sent to third parties (to that domain and twitter). Insecure login (1)
Password will be transmited in clear to -http://en.codelyoko.fr/inscription-passperdu.cl
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encryptedNo vulnerable libraries found

Scanner output:
Scanning -http://en.codelyoko.fr/
Script loaded: -http://en.codelyoko.fr/js/mootools.svn.js
Script loaded: -http://en.codelyoko.fr/js/slimbox/slimbox_ex.js
Script loaded: -http://connect.facebook.net/fr_FR/all.js
Script loaded: -http://platform.twitter.com/widgets.js
Script loaded: -http://www.google-analytics.com/ga.js
Script loaded: -https://platform.twitter.com/js/button.c44c2dc193c555561d5830b3b543eb26.js
Status: success
Script loaded: -https://static.xx.fbcdn.net/rsrc.php/v2/yS/r/QzckbwDhrpu.js
Load time: 2654ms
Static BeEF script detected for -http://s-static.ak.facebook.com/
Site has links to -ipv6-test.com

Netcraft website risk stattus…http://toolbar.netcraft.com/site_report?url=http://en.codelyoko.fr
Consider also this possible hick-up: http://stackoverflow.com/questions/18239405/php-fatal-error-call-to-undefined-function-json-decode

See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fen.codelyoko.fr%2Findex.php

polonus (volunteer website security analyst and website error-hunter)