See: http://killmalware.com/offertepagina.nl/#
Analyzed: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Foffertepagina.nl%2F&ref_sel=GSP2&ua_sel=ff&fs=1
Scan:
Script loaded: -https://s.ytimg.com/yts/jsbin/www-embed-player-vflLu5GuU/www-embed-player.js
Script loaded: -https://s.ytimg.com/yts/jsbin/player-en_US-vflduS31F/base.js
Script loaded: -https://static.doubleclick.net/instream/ad_status.js
Script loaded: -https://www.google.com/js/bg/VCgMjc_YoboTLie634IuF555IlSRYnXEYWf_w10QzQ8.js
Re: http://toolbar.netcraft.com/site_report?url=http://www.offertepagina.nl
Hacked and defaced. Re: http://toolbar.netcraft.com/site_report?url=http://6.host-services.nl
See: view-source:http://www.offertepagina.nl/ → -href=“-http://www.offertepagina.nl/wp-content/themes/twenty-one-wordpress-theme/ie6.css” /> Also checked: -http://www.fruitkings.com → https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.fruitkings.com&ref_sel=GSP2&ua_sel=ff&fs=1

Links to -http://www.fruitkingspartners.com

Detected libraries:

jquery - 1.4 : -http://www.fruitkingspartners.com/js/jquery-1.4.min.js?1471261682
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
swfobject - 2.2 : -http://www.fruitkingspartners.com/js/swfobject.js?1471261682
jquery - 1.4.4 : (active1) -http://www.fruitkingspartners.com
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

On main page suspicious widget code in line 121

 <div class="widget text-2 widget_text">						<div class="textwidget"><script>document.documentElement.innerHTML = unescape('%0d%0a%3c%74%69%74%6c%65% etc. 

Agile Encryption - I have described this injected javascript multiple iFrame code earlier here:
https://forum.avast.com/index.php?topic=171551.0

Working out in jetpack vuln.: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.fruitkingspartners.com%2Fjs%2FQapTcha.jquery.js%3F1471261469

All above reported by,

polonus (volunteer website security analyst and website error-hunter)

The plug-in code presented in the XSS-DOM scan on:
-http://www.fruitkingspartners.com/js/QapTcha.jquery.js?1471261469
could also being exploited by hackers, read here on the iPay exploit:
-http://webcache.googleusercontent.com/search?q=cache:e8872TVzb6MJ:www.sekai.hu/Jovan.php%3Fact%3Dls%26d%3DC%253A%255CHosting%255Cwww.ascorp.hu_2015%255CScripts%255Cqaptcha%26sort%3D3a+&cd=9&hl=nl&ct=clnk&gl=pl

→ http://www.myjqueryplugins.com/QapTcha

Mind that Avast alerts link on this cache content as infested with HTML:Shellface-R[Trj] in chrome.exe.

From the above we can conclude that often code on many websites is being given by developers as “fit to use” only and is not thoroughly being bug-tested. It is not really sufficiently being tested for abuse by crackers and hackers.

As I just intuitively stumble on the exploitability of this jQuery plug-in code given above, imagine just what vast arrays of exploitable code is still online waiting to be abused by the bad and the ugly.

I only try to arise interest here on this platform for these general insecurities and it seems I am only preaching to the choir, and there are too little security aware around to really make a difference.

So qualified pentesters and security experts all around the globe wake up now.

Website owners and hosters take to your responsibility.
Allow to have your code tested and security approved.

Let us act together to make your end-users somewhat more secure.
We just can make the difference.

pol