SE redirect on website. Did Google Adsense cause this, no the admin's settings!

Re: http://killmalware.com/estetika.ch/
Consider the file viewer report: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.estetika.ch&ref_sel=GSP2&ua_sel=ff&fs=1
What script is at the culprit of this? → -https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=fr

3 sources and 3 sinks: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fcse.google.com%2Fcoop%2Fcse%2Fbrand%3Fform%3Dcse-search-box%26lang%3Dfr

Custom errors: Fail and three warnings: https://asafaweb.com/Scan?Url=www.estetika.ch%2Freminder.asp

A meagre F-Status here: https://securityheaders.io/?q=www.estetika.ch

And the above mentioned script is also at the culprit of the insecurity here: https://sritest.io/#report/1180b727-c11c-4ef7-942e-8643970fbd0c

Insecure Log-in: ESTETIKA: tables de massage, cire ࠩpiler, coiff… padlock icon
www.estetika.ch
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://www.estetika.ch/login.asp
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted

Insecure IDs tracking deteced: This website is insecure.
75% of the trackers on this site could be protecting you from NSA snooping. Tell estetika.ch to fix it.

Tweet
Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

79=h7ptobbz_kfg7xujwjglasrtuqz_z1k_afyupk5_qp9cztzsahkbrvqrgora5nr8n7XXXXXXXXXXe6h2kjzpmtb1nndz1n37rbcrpdvhzvax0_vlcv8to5ftq_czjdrib7gzqs3fd7vmn3gyn1hqv-f6z23irkpp2ki3p8a6iooq4sgqrl2pd31z9tesan-o2ckcnspw1vwytaknm3cka
-www.google.com nid

Checking for cloaking
There is a difference of 29173 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that’s trying to hide from browsers but make Google think there’s something else on the page.
http://isithacked.com/check/estetika.ch

DatabaseMart abuse?: http://toolbar.netcraft.com/site_report?url=http://www.estetika.ch

Nameserver insecurity: DROWn vulnerable: https://test.drownattack.com/?site=ns09.shared-servers.com

Seems the website security is out of the hands of the web admin and SE adware marketing has a free range there :wink:
but at least the frameset link has been blocked by the code now:

 line 39:  < frame src=hxxp://ww1.obd4sale.com/? 

which SE redirect was performed for DNS10.PARKPAGE.FOUNDATIONAPI.COM *

So a nameserver problem pointing somehow at * lies at the root of this, read here: https://support.logicboxes.com/helpdesk/index.php?/Knowledgebase/Article/View/51/7/why-do-i-see-a-parking-page-on-my-website-even-when-the-domain-and-hosting-are-active

Code error: ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js benign
[nothing detected] (script) ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
status: (referer=hxtp:/www.ask.com/web?q=puppies)failure: <urlopen error [Errno -3] Temporary failure in name resolution>

in Fancyzoom.js:

 info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined function $
     error: line:3: SyntaxError: missing ; before statement:
          error: line:3: <script type="text/javascript" src="js/jquery-1.4.2.min.js"></script><script type="text/javascript" src="js/FancyZoom.js"></script><script type="text/javascript" src="js/FancyZoomHTML.js"></script><script type="text/javascript" src="js/common.js"></script
          error: line:3: ......................................................................^

How to fix? Read: -http://pcfilesfix.com/fancyzoom-js.html

polonus (volunteer website security analyst and website error-hunter)