Probably this website is a victim of the same SE redirection campaign, which has infested 162 sites so far.
This all according to this scan: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fcordycepssupplier.com%2F&ref_sel=GSP2&ua_sel=ff&fs=1
PHP vulnerable: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcordycepssupplier.com%2Fcontact.php
Insecure IDs tracking: 66% of the trackers on this site could be protecting you from NSA snooping. Tell cordycepssupplier.com to fix it.
All trackers
At least 3 third parties know you are on this webpage.
-Google
-shaaaaaaaaaaaaa.com
-cordycepssupplier.com -cordycepssupplier.com
See: -http://cordycepssupplier.com/contact.php
Detected libraries:
jquery - 1.2.6 : (active1) -http://cordycepssupplier.com/smenu/jquery.min.js *
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected
Checking for errors here:
script
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: line:3: SyntaxError: invalid flag after regular expression:
error: line:3: s,"form")?jQuery.makeArray(this.elements):this;}).filter(function(){return this.name&&!this.disabled&&(this.checked||/select|textarea/i.test(this.nodeName)||/text|hidden|password/i.test(this.type));}).map(function(i,elem){var val=jQuery(this).val();re
error: line:3: ^
Input field values, invalid flag etc. could mean no , following last option, forgotten quote " etc. Get the value of the form elements.
Luckily these are all “same origin” script: Same origin
Same origin
Read on cleansing redirects: -https://aw-snap.info/articles/redirects.php
Avast seems to detect this malcode as PHP:Redirector-Z [Trj].
Site has GoDaddy abuse; reverse DNS with questionable web rep: -sg2nlhg268c1268.shr.prod.sin2.secureserver.net
Vulnerable nameserver (DROWn exploit): https://test.drownattack.com/?site=ns31.domaincontrol.com
Also consider this and where it lands: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcordycepssupplier.com%2Fcordyceps_usage_instruction.php
polonus (volunteer website security analyst and website error-hunter)