Hacked and defaced website - insecurities!

See: http://killmalware.com/zuurbergchallenge.co.za/#
See: http://toolbar.netcraft.com/site_report?url=http://zuurbergchallenge.co.za
-http://www.zuurbergchallenge.co.za
Detected libraries:
jquery-migrate - 1.2.1 : -http://www.zuurbergchallenge.co.za/media/jui/js/jquery-migrate.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.1 : (active1) -http://www.zuurbergchallenge.co.za/media/jui/js/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432

Ready for the hall of shame here: https://securityheaders.io/?q=http%3A%2F%2Fwww.zuurbergchallenge.co.za
hosting server vulnerable to DROWn: https://test.drownattack.com/?site=srv20.hostserv.co.za
Domain health check, 7 problems: http://mxtoolbox.com/domain/www.zuurbergchallenge.co.za/

polonus
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

I analyzed the site via Live HTTP Headers extension and found this link:
GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http%3A%2F%2Fzuurbergchallenge.co.za&oit=3&cp=30&pgcl=7&gs_rn=42&psi=JfUNPIXoNyKg7jh_&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
Host: www.google.nl:443 (unsafe inline 404)
Accept-Encoding: gzip, deflate, sdch
Accept-Language: xxxxxxxxx
Cookie: SID=xxxxxxx DNT: 1
User-Agent:
X-Client-Data: CIxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj9lcoB

HTTP/1.1 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename=“f.txt”
content-encoding: gzip
content-length: 140
content-type: text/javascript; charset=UTF-8
date: Fri, 25 Mar 2016 23:13:46 GMT
expires: -1
pragma: no-cache
server: gws
status: 200
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Consider on chrome-omni(box), that it checks on all your keystrokes on searching: https://bugs.chromium.org/p/chromium/issues/detail?id=253584
Read: http://jordan-wright.com/blog/2014/12/18/chrome-tracks-every-key-typed-into-omnibox/

polonus