Malicious website pages only flagged by DrWeb's & killmalware scanner?

DrWeb flags as “known infection source/not recommended site”.

See: http://killmalware.com/muzico.ru/#
See: http://fetch.scritch.org/%2Bfetch/?url=muzico.ru&useragent=Fetch+useragent&accept_encoding=
Detected libraries:
jquery - 1.10.2 : (active1) -http://muzico.ru/static/js/jquery.js
(active) - the library was also found to be active by running code
which does not need to be retired, but with sinks and sources on a dom xss scan:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fmuzico.ru%2Fstatic%2Fjs%2Fjquery.js
landing here at -Results from scanning URL: htxp://www.greatis.com/unhackme/js/jquery/jquery.easing.1.3.min.js
Number of sources found: 0
Number of sinks found: 0
and esults from scanning URL: htxp://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
Number of sources found: 3
Number of sinks found: 3
and Results from scanning URL: -http://www.greatis.com/unhackme/js/jquery/jquery.easing.1.3.min.js
Number of sources found: 25
Number of sinks found: 12
and
Results from scanning URL: -http://www.statcounter.com/counter/counter.js
Number of sources found: 27
Number of sinks found: 14

Sucuri flags it as potentially unsafe: https://sitecheck.sucuri.net/results/muzico.ru#blacklist-status
swf request code detected. uBlock protected against: -http://am15.net/bn.php?s=4153&f=3&d=71647
Because of the following filter
||am15.net^
Found in: hpHosts’ Ad and tracking servers • MVPS HOSTS
link to Notice: Undefined index: HTTP_REFERER in -/var/www/igorvas/data/www/videoroll.net/kod.php on line 23

Notice: Undefined offset: 0 in -/var/www/igorvas/data/www/videoroll.net/kod.php on line 35

Quttera flags: -jsc.dt00.net/m/u/muzico.ru.8506.js?t=
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Potentially suspicious obfuscated PHP threat
Offset: 36980 code see attached image… jsc.dt00.net/m/u/muzico.ru.1536.js?t=
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Potentially suspicious obfuscated PHP threat see attached…

polonus

html scan
https://www.virustotal.com/en/file/29547ab3f15a1789cdcb554abdcec7b156b8bcdc07997e16fa9e88091be9d1f7/analysis/1452462079/

Thank you Pondus for confirming, with some more identical scan results we could speak of a real detection and not a false positive maybe.

polonus

AVG just reports a presence of a script being loaded from am15.net.
So, the question should be: Do we want to block am15.net?

Hi HonzaZ,

Script blockers already block -http://am15.net/ like uMatrix. This domain am15.net and all its subdomains are the parts of advertising network: https://advmaker.net/">Advmaker.net (not flagged). This website sent a 404 Not Found message as a response.
Server: nginx/1.8.0
X-Powered-By: PHP/5.5.22-1~dotdeb.1 and on their blog: PHP Version: 5.4.4-14+deb7u7 (Outdated)
IP Address: 95.213.144.72
Provider: OOO Network of data-centers Selectel
Country: Russian Federation

What you probably wanna block there = Compromised sites will often contain embedded iframes that can also deliver malicious code to visitors of the web site. Check any discovered iframes and ensure they are legitimate.

-//am15.net/x/rmpx.php?key=iK8uRF5 -

https://www.mywot.com/en/scorecard/am15.net?utm_source=addon&utm_content=popup
-//am15.net/x/rmpx.php?key=FzjjqdHhttps://www.virustotal.com/en/ip-address/148.251.11.44/information/
IP has been a source of an executable that is variant of MSIL/GameHack.BD = cheat_ru.exe

But I do not grasp it actually has malware infested code there.

polonus (volunteer website security analyst and website error-hunter)