Re: http://killmalware.com/rus-linux.net/
Consider: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Frus-linux.net%2Flib.php%3Fname%3D%2FMyLDP%2Findex.html&useragent=Fetch+useragent&accept_encoding=
Fortinet flags it here: http://urlquery.net/report.php?id=1475063645794
Retirable code: http://rus-linux.net/
Detected libraries:
jquery - 1.6.2 : https://yastatic.net/jquery/1.6.2/jquery.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
1 vulnerable library detected
And then there is this: http://fetch.scritch.org/%2Bfetch/?url= http%3A%2F%2Fwww.acint.net%2Faci.js&useragent=Fetch+useragent&accept_encoding= (see under source)
and see here: http://stackoverflow.com/questions/23411188/hidden-malicious-script-inserting-code-into-html-web-page-how-to-remove-clean
where this malware counter javascript has been discussed. See it alerted for here: http://urlquery.net/report.php?id=1473698524283
But sucuri does not alert for it on their SiteCheck scan site: https://sitecheck.sucuri.net/results/rus-linux.net/
Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Frus-linux.net%2Fkos.php%3Fname%3D%2Finc%2Fkos.html
PHP vuln: https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/PHP-PHP.html
Moreover nameserver of website is DROWn vulnerable: ns1.mchost.ru
SRI hash scan produces a meagre F-Status: https://sritest.io/#report/7b4ad4f8-d6b6-4c1e-b84b-5051a1be32d9
So that website could be a tad more secure anyway,
polonus (volunteer website security analyst and website error-hunter)