Earlier Google Safebrowsing blacklisted website with flagged uri.....

See: http://killmalware.com/irisocean.com/ That link we checked: https://www.virustotal.com/nl/url/6bcc6f48712a126bb6f6c2488b4c1c472fb33b4dd24975d9abdbeb1c4d18f14e/analysis/
IP badness history: https://www.virustotal.com/nl/ip-address/202.108.15.75/information/
and the s2.php file scan: https://www.virustotal.com/nl/ip-address/202.108.15.75/information/
With what preferable code such a site should have in it´s first lines, according to Stackoverflow´s Alex Szabó
in the case of multiple functions:

 
if (!function_exists('geoip_load_shared_mem')) {
    // ... proceed to declare your function
}
[-code] See where it lands? http://www.domxssscanner.com/scan?url=http%3A%2F%2Fskype.tom.com%2F
and for instance: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fnews.tom.com%2Fuldf%2F2009%2F1121%2Fluhaiyan
and then this: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fnews.tom.com%2Fscript%2F2009v2%2Ffocus.js

Landing where we find these retirable code: -http://contact.appfly.mobi
Detected libraries:
jquery-migrate - 1.2.1 : -http://contact.appfly.mobi/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://contact.appfly.mobi/wp-includes/js/jquery/jquery.js?ver=1.11.3
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

polonus (volunteer website security analyst and website error-hunter)