Hack and defacement flagged by Avast Webshield!

Viruses and worms
1

See: http://killmalware.com/xck.pl/
-http://xck.pl/
Detected libraries:
jquery - 1.10.2 : (active1) -http://rozup.ir/up/nootepad/def/js/jquery-1.10.2.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery.prettyPhoto - 3.1.5 : (active1) -http://rozup.ir/up/nootepad/def/js/prettyphoto.js
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
-https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

Scanner output:
Scanning -http://xck.pl/
Script loaded: -http://maps.googleapis.com/maps/api/js?sensor=false
Script loaded: -http://rozup.ir/up/nootepad/def/js/easing.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/modernizr.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/jquery.fitvids.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/contact.form.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/jquery.countTo.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/owl.carousel.min.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/prettyphoto.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/pace.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/jquery-1.10.2.min.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/jquery.parallax.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/jquery.superslides.min.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/jquery.appear.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/scripts.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/jquery.isotope.js
Script loaded: -http://rozup.ir/up/nootepad/def/js/jquery.nicescroll.min.js
Status: success
Detected library: jquery - 1.10.2
Detected library: jquery.prettyPhoto - 3.1.5
Load time: 3643ms

Avast detect this as HTML:Defacement-V [Trj].
Status codes
These should normally all be the same.

Google Chrome returned code 301 to -http://www.xck.pl/
GoogleBot returned code 301 to -http://www.xck.pl/

-RozUp.Ir - آپلود سنتر اختصاصی رزبلاگ padlock icon
rozup.ir
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://rozup.ir/Login
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted

Hoster vulnerble to DROWn and MiM attacks: https://test.drownattack.com/?site=nic.ir
nameserver too: https://test.drownattack.com/?site=onlinenic.com

polonus

polonus