See malware detected: https://urlquery.net/report/ecf79bbe-11a3-4af5-859d-66543f180788
Virus Total suspicious URLs analyser Failed Status: dangerous
Fortinet - malware site → https://threatintelligenceplatform.com/report/zapier.doaction.io/QDK5m5nKqM
F-Grade and recommendations: https://observatory.mozilla.org/analyze.html?host=zapier.doaction.io
B-Grade: https://sritest.io/#report/1bdfa2df-ae9c-4989-b556-1092aef0e271
Vuln. library: http://retire.insecurity.today/#!/scan/d5e50ce674cda7cca7cdf97014f52e0217bd6cb788a76a83128b560d0fb72875

CMS: WordPress Version
4.7.5
Version does not appear to be latest 4.8.1 - update now.

Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 dgriffiths_ttr4dpwx dgriffiths_ttr4dpwx
2 Pippin Williamson pippin
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Issues: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fzapier.doaction.io%2Fwp-includes%2Fjs%2Fwp-emoji-release.min.js%3Fver%3D4.7.5 (overflow to blockui.js vulnerable - undefined variables)

polonus (volunteer website security analysis and website error-hunter)