Script malicious?

Detected by DrWeb’s URL checker, not by avast’s. → >htxp://cp.ph probably infected with SCRIPT.Virus
https://www.virustotal.com/nl/url/531bc04fcbc8f4b176431d31ef0fbb3faa611b702eb5c4b22581ca881b13e88e/analysis/
and https://www.virustotal.com/nl/file/af47ec90f9b69ce21c23de705be61f809bdfb30c5d9b6675466fd21f4b07b48d/analysis/1379944202/
Missed here: http://urlquery.net/report.php?id=9614270 Citadel cybercrime server
ThreatSTOP detects IP as last seen 3 days ago with threats like Zeus, Botnets Threat danger level: 5
Now I get a failure: https://zeustracker.abuse.ch/monitor.php?search=91.214.203.132

polonus