SE visitors redirects Missed by AOS and webshield

Viruses and worms
1

hxxp://www.freewebs.com/asnafuell8/images/script.js This site redirects to hxxp://www.webs.com/
KillMalware report:http://killmalware.com/www.freewebs.com/asnafuell8/images/script.js

2

Former Akamai abuse: https://www.threatcrowd.org/listIPs.php?class=54.192.29
Seems now to give clean results: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.freewebs.com%2Fasnafuell8%2Fimages%2Fscript.js&ref_sel=GSP2&ua_sel=ff&fs=1
From 2 hrs ago: http://killmalware.com/www.freewebs.com/asnafuell8/images/script.js
The malware is long existing: https://malwr.com/analysis/NGM1ZWI2NzYxNDI4NDE5NWJkYjEzYzRkNDQ4Y2E3N2Y/
Vulnerabilities: Detected libraries:
jquery - 2.1.0 : (active1) http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery - 2.1.0 : (active1) http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery - 1.6.4 : http://cdn.optimizely.com/js/200632758.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
backbone.js - 0.9.2 : (active1) -http://www.webs.com/
backbone.js - 0.9.2 : (active1) -http://www.webs.com/
backbone.js - 0.9.2 : (active1) -http://www.webs.com/
backbone.js - 0.9.2 : (active1) -http://www.webs.com/
(active) - the library was also found to be active by running code
3 vulnerable libraries detected

Lots of adtracking and analytics script that could be blocked.

Insecure: Free Website Builder: Make a Free Website & Hos… padlock icon
-www.webs.com
Alerts (2)
Insecure login (2)
Password will be transmited in clear to http://members.webs.com/j_spring_security_check
Password will be transmited in clear to http://www.webs.com/Signup
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted

Nameserver DROWn vulnerable: https://test.drownattack.com/?site=ns1.webs.com
They say they are professionals there, but polonus very much doubts this.
IP → opensource threats: https://www.threatcrowd.org/listIPs.php?class=54.192.29

polonus (volunteer website security analyst and website error-hunter)