The website url is http://www.fumobespokenyc.com and it’s recognised as a threat. The IP is shielded by cloudflare but I’ve checked it and it’s not in a blacklist right now.

Thank you in advance.

You can report a URL here: https://www.avast.com/report-a-url.php

Vulnerable library :
http://retire.insecurity.today/#!/scan/4544efdce21028ece03279bfc1d1503335eb750535fb99adf141e54df4c56d35

Malicious activity on that IP :
https://www.virustotal.com/en/ip-address/104.18.43.6/information/

Blacklisted IP :
http://zulu.zscaler.com/submission/show/01680f80ef4b176e74cac4003ac88b47-1466006835

Security issues as mentioned earlier in this thread, but no immediate malware.

CloudFlare abuse on neighbour’s on that IP: Latest detected URLs
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/67 2016-06-04 09:50:32 -http://nullgame.ru/
1/67 2016-02-16 09:20:16 -http://jiraffekevin.top/

DrWeb that flags the above domains, does not give -http://fumobespokenyc.com as suspicious/malicious.

polonus

This was blocked quite long ago, so I hope that whatever it was, it is fixed now… I am unblocking fumobespokenyc.com now

Although unblocked now, the vulnerable libraries should be taken care of.

Why Eddy is right here and this plug-in means a high security risk.
Re: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2023
Network exploitability on outdated Player software.

DOM XSS risks involved: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ffumobespokenyc.com%2Fwp-content%2Fthemes%2Fbridge%2Fjs%2Fplugins.js%3Fver%3D447c87504721abd3688460c925d0521c

Checked against this script validator here: http://www.cipscis.com/fallout/utilities/validator.aspx#
Loads of sources and sinks detected.
and we meet exploitbility: daysettings(2) replace →

 "+printDate.get Date()+"")+" 

see the Validator Fallout script results to exactly evaluate the analysis.

There is more outdated WordPress plug-in on your site.

polonus (volunteer website security analyst and website error-hunter)