Oudated vulnerable CMS and hidden iFrame on defaced website....

See: http://killmalware.com/hotchristmasdeals.org/#
See: index.html
Severity: Malicious
Reason: Detected malicious PHP content
Details: Website Defaced
Offset: 289
Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01

Hacked By BlackHat

WordPress Version
3.6.1
Version does not appear to be latest 4.3.1 - update now.

Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

For me uMatrix has prevented the following page from loading:
-https://static.doubleclick.net/instream/ad_status.js
Anti-spam code OK → https://www.google.com/js/bg/CbzsU2oByTYt-pLbi77EkWqPp7C_PzuvYb1kHWsmKzc.js

polonus