Hidden iFrame on website and other vulnerabilities.

See: iframes
Any iframes? Yes there are.

jQuery libraries to be retired: -http://happytap.com
Detected libraries:
jquery - 1.10.2 : -https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery-ui-dialog - 1.8.16 : -http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js
Info: Severity: medium
http://bugs.jqueryui.com/ticket/6016
jquery-ui-autocomplete - 1.8.16 : -http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js
2 vulnerable libraries detected

Website hacked and defaced: Unified Layer abuse: http://toolbar.netcraft.com/site_report?url=http://happytap.com

On DROWn vulnerable server: https://test.drownattack.com/?site=box810.bluehost.com
Low F-Status: https://securityheaders.io/?q=http%3A%2F%2Fhappytap.com%2F
Also here as that was how it was hacked: https://sritest.io/#report/64109c92-1052-4978-a874-b8da9b66dfb0

Also consider: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fcdnjs.cloudflare.com%2Fajax%2Flibs%2Fjquery%2F1.10.2%2Fjquery.min.js

-https://onclickads.net/apu.php?zoneid=630499
and this should be blocked by a scriptblocker: -https://onclickads.net/apu.php?zoneid=630499
as it lands here: -//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Number of sources found: 2
Number of sinks found: 3

polonus