Infested by SEO malware redirecting, but VT does not detect such redirects!

See: https://www.virustotal.com/nl/url/d127a9f00f651805d67e8a00451f3b6c1151eb43bfefb9c856cb1a5c22ce9c6c/analysis/1438085171/ (no detections)
Detected here: http://killmalware.com/tr-japan.net/# (kind of speciality of this scanner - the preferred scanner to find up defacements and SE redirects).
System Details:
Running on: Apache/2.2.29
Powered by: PHP/5.3.3-7.7+hw2

Web application details:
Application: WordPress 4.1.6 - http://www.wordpress.org

Web application version:
WordPress version: WordPress 4.1.6
WordPress theme: htxp://www.reddeerhotyoga.ca/wp-content/themes/typominima/
Wordpress internal path: -/home/nas1r0/03/03/8200303/web/wp-content/themes/typominima/index.php
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 4.2

Outdated plug-in: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

contact-form-7 4.1 latest release (4.2.1) Update required
http://contactform7.com/

The theme has been found by examining the path /wp-content/themes/ theme name /

Typominima 1.0

Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

User ID 1 : admin
User ID 2 : jasondiep
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Quttera also missed detection, but Sucuri has it in full detail:
ISSUE DETECTED DEFINITION INFECTED URL
Website Malware MW:HTA:7 htxp://reddeerhotyoga.ca/aeed.html?h=1003251 ( View Payload )
Website Malware MW:HTA:7 htxp://reddeerhotyoga.ca/aeed.html?h=1354881 ( View Payload )
Website Malware MW:HTA:7 htxp://reddeerhotyoga.ca/aeed.html?h=1394094 ( View Payload )
Domain detected on spam or phishing campaigns. Details: http://sucuri.net/malware/entry/MW:HTA:7
This specific URL was identified in malicious campaigns to disseminate malware.

See: https://www.virustotal.com/nl/ip-address/64.40.126.64/information/
See: https://www.virustotal.com/nl/url/4ec89c1da885e0e033883fae059c067de45414739dc8635405aeee16b3da4a1b/analysis/
A known infection source also detected by DrWeb URL checker as such.

XSS DOM sinks and sources detected: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.reddeerhotyoga.ca%2F
and consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ftr-japan.net

polonus (volunteer website security analyst and website error-hunter)

To pinpoint the infested link see this scan: http://zulu.zscaler.com/submission/show/abf68dff29ebc2fd375f167a51b5135f-1438087447
given as: htxp://reddeerhotyogaca.nationprotect.net/wp-content/uploads/2012/08/RDHY-Image-Only-Logo.png
and to see what it does: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Freddeerhotyogaca.nationprotect.net%2Fwp-content%2Fuploads%2F2012%2F08%2FRDHY-Image-Only-Logo.png → -http://edge.quantserve.com/quant.js (quantcast tag adware abuse).
What is the QuantServe Virus, read: http://www.smileytraffic.com/quantserve.htm
Quantserve dot com is happily blocked for me by uMatrix Origin as well as is -yieldmanager dot com
All we have to do hence is click: “Go back”.
With the

 window.SOUP_test_ab = ""; 

soup knows a little bit too much about “our kitchen” ;Do read: http://whatweknow.soup.io/tag/metrics - and then pay attention to read under what they know as “Visitor related”.

polonus

Update: still redirecting from tr-japan.net to reddeerhotyoga.ca
Adguard Adblocker will save you from going there: Adguard has blocked access to this page

This web page at reddeerhotyoga.ca, has been reported as a malware page and has been blocked based on your security preferences.

Adguard has found that malicious software may be installed onto your computer if you proceed. If you’ve visited this site in the past or you trust this site, it is possible that it has just recently been compromised by a hacker. We recommend you to not proceed or try again later.

polonus (volunteer website security analyst and website error-hunter)

P.S. See what I reported at the WOT scorecard rating and also pay attention what other WOT users have reported there:
https://www.mywot.com/en/scorecard/reddeerhotyoga.ca?utm_source=addon&utm_content=contextmenu#view

Damian

Update Likewise finding: https://urlquery.net/report/d87cd9fb-d27c-4184-b611-aaf7f9c3ad01
PHISHing alert. On IP: https://www.threatcrowd.org/ip.php?ip=64.40.126.64
Re: https://www.phishtank.com/phish_detail.php?phish_id=5706412
See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lm18fWxbbntzcFtrey5eXW1gYmxdZ2BwfV1mW2x7YA%3D%3D~enc
Site is blacklisted: https://sitecheck.sucuri.net/results/www.marlinespike.com/blog/profile/
F-grade findings; see: https://www.htbridge.com/websec/?id=RWIBS0Wy
22 security related issues: https://webhint.io/scanner/1db81609-eb76-4916-addd-e2c75e980d52#Security

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)