Site with hidden iFrames flagged - revslider malware on site!

Viruses and worms
1

See: http://urlquery.net/report.php?id=1420668263661
This is not enhancing the security of all the domains on this same IP address: http://sameid.net/ip/192.185.186.131/9/
IP badness history: https://www.virustotal.com/nl/ip-address/192.185.186.131/information/
Certified by -ocsp.digicert.com
Iframe malware suspicious = htxp://www.thehighrocks.com/maps.google.com/maps/api/js?sensor=true&ver=4.0.1/
Blacklisted site: http://www.google.com/safebrowsing/diagnostic?site=www.thehighrocks.com

CMS: Wordpress Version 4.0 based on: hxtp://www.thehighrocks.com/wp-admin/js/common.js

Only minor issues: http://www.dnsinspect.com/thehighrocks.com/1420668820
Also: http://toolbar.netcraft.com/site_report?url=http://www.thehighrocks.com
5 changes on 6 unique name servers over 7 years

Code link to htxp://gsgd.co.uk/sandbox/jquery/easing vulnerable to hotlinking and blacole abuse!
See: http://jsunpack.jeek.org/?report=9d8464bdeb9233a3155af8f51f1996dd55e9295a
Above link for security researchers only, open up with NoScript extension active and inside a VM or sandbox browser.
Fortunately avast will detect this malcode as Decode-AZW [Trj], so we all are being protected if need be. (pol)

DOM XSS probable vulnerabilities: hxtp://192.185.186.131/~highrock/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.4
Number of sources found: 32
Number of sinks found: 35
Results from scanning URL: htxp://192.185.186.131/~highrock/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.4
Number of sources found: 32
Number of sinks found: 35
Results from scanning URL: htxp://192.185.186.131/~highrock/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.4
Number of sources found: 32
Number of sinks found: 35

The website technology used: http://builtwith.com/thehighrocks.com
-http://192.185.186.131/~highrock/wp-content/plugins/revslider/rs-plugin/videojs/", PHISHing
Malware detected at htxp://192.185.186.131/~highrock/ blocked by Google Safebrowsing!

3 security warnings on asp site: https://asafaweb.com/Scan?Url=www.thehighrocks.com
Missing security headers for X-frame-Options, Strict-Transport-Security, X-Content-Type-Options, X-XSS-Protection , X-Permitted-Cross-Domain-Policies, Content-Security-Policy and warning: Server Information Server nginx/1.6.2 Avoid version numbers
the so-called server security header extended info proliferation issue.
Another warning: Set-Cookie PHPSESSID=dc02667c7e…dff483a0765c; path=/ Add ‘secure; httponly;’

So this analysis shows there seems some work tp be done by both webmaster/website admin and server hoster security staff.
All above information was gathered via ready available public third party scanning results.

polonus (volunteer website security analyst and website error-hunter)