How can I drill down to find out what’s behind this malware? Get it in three different browsers (see attachements)

Presumably this URL (in the image) wasn’t the site that you were visiting ?

Do you know the icims.com site ?
Just having us-amazon as a sub.domain doesn’t mean it is amazon.

EDIT: Typo.

Opera list the site as fraudulent.
Phistank reports it as fishing.
Websicherheit reports suspicious scripts and browser difference.
Multiple blacklistings on VT for that IP
https://www.virustotal.com/en/ip-address/69.192.215.14/information/

List of blacklisted iframes: 31
List of blacklisted external links: 221
etc.

URL:Mal means that the domain and/or IP is blacklisted and that is true.