See missed here: https://www.virustotal.com/nl/url/bc0e09496923a9c8f08caadecec14c916e83a018513f29bb586364a57bc221f0/analysis/1413034533/
Also here: http://quttera.com/detailed_report/flying-secrets.com
Given as defaced since yesterday: http://killmalware.com/flying-secrets.com/#
Sucuri also rightly flags: ISSUE DETECTED DEFINITION INFECTED URL
Defacement MW:DEFACED:01 http://flying-secrets.com
Defacement MW:DEFACED:01 http://flying-secrets.com/404javascript.js
Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
7 XSS sinks on page code - malobject inserted → http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fflying-secrets.com&useragent=Fetch+useragent&accept_encoding=
Running cPanel 11.44.1.18: flying-secrets.com:2082
List of iframes included
htxp://facebook.com/plugins/follow.php?href=htxps%3A%2F%2Fwww.facebook.com%2FPiN0z&layout=standard&show_faces=true&colorscheme=light&font&width=450
Header Security only happy findings for Promiscuous CORS-support and X-Powered-By found.
All other insecure - 7 unhappy findings. (reason the site could be hacked).
polonus