Even Sucuri missed it https://sitecheck.sucuri.net/results/subzerofroyoandcafe.com/index.php
Re: http://killmalware.com/subzerofroyoandcafe.com/index.php
Look at skins hacked in the code: https://oscarotero.com/embed/demo/index.php?url=http%3A%2F%2Fsubzerofroyoandcafe.com%2Findex.php&options[minImageWidth]=0&options[minImageHeight]=0&options[facebookAccessToken]=&options[embedlyKey]=&options[soundcloudClientId]=YOUR_CLIENT_ID&options[oembedParameters]=
Yahoo com abuse: http://toolbar.netcraft.com/site_report?url=http://subzerofroyoandcafe.com
And the scan of customized XSS malware here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fsubzerofroyoandcafe.com%2Fjs%2Fems_visual_options.js
possibly landing for something like this: --/assets/application-1726b46fe75c21349af9ca74ec8c7498.js
Number of sources found: 135
Number of sinks found: 39
3 errors and 9 warnings on website: https://mxtoolbox.com/domain/subzerofroyoandcafe.com/
For https I get a certificate from website -websitewelcome.com
attacker intercepting the connection - ??? privacy error and a google safebrowsing alert and block…
polonus (volunteer website security analyst and website error-hunter)