Detected by Avast? Domain has issues!

See: https://www.virustotal.com/en/domain/schema.thg.se/information/
No vulnerable but blockable links: -http://aa95580.thg.se
Detected libraries:
jquery - 199.33.127.253 : -http://199.33.127.253/jquery.js
jquery - 1.12.0 : (active1) -http://aa95580.thg.se
(active) - the library was also found to be active by running code
No vulnerable libraries found

Scanner output:
Scanning -http://aa95580.thg.se
Script loaded: -http://aa95580.thg.se/wp-includes/js/jquery/jquery.js
Script loaded: -http://199.33.127.253/jquery.js
Status: success
Script loaded: -http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Script loaded: -http://www.oxxtm.com/T/js/stickUp.min.js
Script loaded: -http://www.oxxtm.com/T/js/systemscript.js
Script loaded: -http://www.oxxtm.com/T/js/jquery.min.js
Script loaded: -https://pagead2.googlesyndication.com/pub-config/r20160208/ca-pub-7182997888546679.js
Detected library: jquery - 1.12.0
Load time: 1778ms

Quttera flags: 199.33.127.253/jquery.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method eval __tmpvar1273374994 = eval;
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2F199.33.127.253%2Fjquery.js
landing at: Results from scanning URL: -http://www.classicgames4fun.net/includes/avarcade.js
Number of sources found: 43
Number of sinks found: 20

Also Quttera has: /wp-includes/js/jquery/jquery.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method eval __tmpvar1856680429 = eval;
Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Faa95580.thg.se%2Fwp-includes%2Fjs%2Fjquery%2Fjquery.js
For this code the constant character should be checked whether it is defined or not. I get a “Use of undefined constant chopper” - some weird character being used there? See the same error popping up here, example: -http://www.assala-advertising.com/al-arab-alyawm/ blocked by Adguard - not whitelisted.

WordPress WordPress Version
3.8.1
Version does not appear to be latest 4.4.2 - update now.
WordPress Theme
The theme has been found by examining the path /wp-content/themes/ theme name /

Travelify 1.5.0http://colorlib.com/wp/travelify/
While plugins get a lot of attention when it comes to security vulnerabilities, themes are another source of security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers theme page for information about security related updates and fixes.

Warning Directory Indexing Enabled :o
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

For link to -http://www.oxxtm.com/T/js/stick we see outdated server software: HTTP Server: Apache HTTP Server 2.4.9 (Outdated)
Operating System: Unix
OpenSSL Version: 1.0.1f

polonus (volunteer website security analyst and website error-hunter)

Their server needs an update: http://prntscr.com/a7uozn

Not only that they already kick up a 500 Internal Server Error.
Excessive header info proliferation: Result
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:

Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.41-0+deb7u1
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.

Clickjacking: Result
It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.

Security header situation = one correct.

pol