Web application version:
WordPress version: WordPress
Wordpress Version 4.0 based on: htxp://www.blossomco.co.uk/wp-admin/js/common.js
WordPress theme: htxp://www.blossomco.co.uk/wp-content/themes/dynamik/
BitDefender TrafficLight flags site as malicious: https://www.virustotal.com/nl/url/1c84ecb4654f88161d31637ddf60714e0be4c93ee84e6d186af3311ba68355cd/analysis/1420551705/
See: http://quttera.com/detailed_report/www.blossomco.co.uk
See: https://bitneer.com/www.blossomco.co.uk/
Google Browser Diff> Google: 57911 bytes Firefox: 57996 bytes
Diff: 85 bytes

Erste Differenz:
uk/wp-content/plugins/click-heat-dynamo/static/click_handler.js’> …
IDS alerts here: http://urlquery.net/report.php?id=1420410947774
for '173.194.116.145 SURICATA TLS invalid handshake message"
with detections of Win32:Crypt-NPV [Trj] or Win32:Malware-gen (Kazy variant) both detected by avast av.
external link to tracking destination flagged here: https://www.virustotal.com/nl/domain/dnn506yrbagrg.cloudfront.net/information/
Inspeclet’s tracking: https://news.ycombinator.com/item?id=3045360
Server header info proliferation warning - nginx/1.6.2
Server Information Server nginx/1.6.2 Avoid version numbers
Only correct security header implementation for Content Content-Type text/html; charset=utf-8 Use ‘text/html;charset=utf-8’,
the remaining headers are missing
External link to htxp://gmpg.org/xfn/11 Infested? http://jeffreybarke.net/2013/04/whats-happening-with-xfn/

polonus (volunteer website security analyst and website error-hunter)