Found at VirusWatch: https://www.virustotal.com/en-gb/url/081b80aee6b105cc17b710d08af41bc96497e53f7258c80ab6af0e981f7cbe5f/analysis/1470145780/
Qutter’s flags domain as malicious, so blacklisted there.

GoDaddy Abuse: Web application details:
Application: WordPress 4.5.3

Web application version:
WordPress version: WordPress 4.5.3
WordPress theme: -http://www.vaune.com/wp-content/themes/wjtheme/

Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 jenny jenny
2 Vaune vaune
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

What is being acquired should also later be retired: -http://www.vaune.com
Detected libraries:
jquery - 1.12.4 : (active1) -http://www.vaune.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Checked: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.vaune.com

Vuln.: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.vaune.com%2Fwp-includes%2Fjs%2Fjquery%2Fjquery.js%3Fver%3D1.12.4

Error:

script
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: missing ) in parenthetical:
          error: line:3: e(n.expando)}"script"===c&&b.text!==a.text?(Da(b).text=a.text,Ea(b)):"object"===c?(b.parentNode&&(b.outerHTML=a.outerHTML),l.html5Clone&&a.innerHTML&&!n.trim(b.innerHTML)&&(b.innerHTML=a.innerHTML)):"input"===c&&Z.test(a.type)?(b.defaultChecked=b.chec
          error: line:3: .................

Something is being injected into the response that should not be there.
An issue with the theme could have caused this.

Three issues here, producing a C-Status for the website: https://sritest.io/#report/6fb6fce9-5180-4b7f-8c6c-c7aa36cca6ad

Went over the URI flagged for with this scan and then encountered: Note: It looks like your site has returned a 503 Error. In some cases the firewall or a bad bot utility will block the use of this tool. If the response is unexpected you should verify the response with another tool such as Rex Swain.

Service unavailable: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.vaune.com%2Fshop%2Fcart.php%3Ftarget%3Dmain&ref_sel=GSP2&ua_sel=ff&fs=1
And once again secureserver dot net issues as it has a bad web rep.

IP scan: https://www.virustotal.com/en-gb/ip-address/72.167.10.105/information/
SID session cloning performed here together with htacces malcode? Re: https://wordpress.org/support/topic/new-htaccess-malware-hack-anywone

polonus (volunteer website security analyst and website error-hunter)

Unknown_html issue: https://urlquery.net/report.php?id=1470154139972
Nothing flagged: https://sitecheck.sucuri.net/results/www.fbceaston.org/music/

Found for an external link from Bible Logos software: https://www.virustotal.com/en-gb/ip-address/192.58.0.208/information/
-http://api.reftagger.com/v2/reftagger.js playing out on widget code: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fapi.reftagger.com%2Fv2%2Freftagger.js

Trace error and warnings here: https://asafaweb.com/Scan?Url=biblia.com & -http://api.reftagger.com/

CMS: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

shortcodes-ultimate latest release (4.9.9)
http://gndev.info/shortcodes-ultimate/
church-pack-pro
ultimate-branding
sermon-manager-for-wordpress latest release (1.9.6)
http://www.wpforchurch.com/products/sermon-manager-for-wordpress/
e-newsletter
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

External link OK: Externally Linked Host Hosting Provider Country

wXw.allsaintsmedia.com New Dream Network, LLC United States

All that is acquired should be eventually retired: Detected libraries:
jquery - 1.12.4 : (active1) -http://www.fbceaston.org
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected → http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.fbceaston.org%2Fwp-includes%2Fjs%2Fjquery%2Fjquery.js%3Fver%3D1.12.4 (could evoke Facebook malware).
jquery.js?ver=1.12.4
Date processed: Aug. 3, 2016, 12:28 a.m.
Source: URL Upload
Original URL: http://www.fbceaston.org/wp-includes/js/jquery/jquery.js?ver=1.12.4
MD5: 8610f03fe77640dee8c4cc924e060f12
SHA1: 076524186dbbdd4c41afbbd6b260d9e46a095811
Sha256: fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
Sha512: 10fe149f49675c81bdd7c9d8323e7c5c42ff587028de0783abd1c62cfca8f34142a1cf34260f2c6cf601a507f599bd384c044409350efb83d3eef2326003f62f
error

[nothing detected] 

sample
	info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
	info: [decodingLevel=0] found JavaScript
	error: undefined variable n
	file: stream_076524186dbbdd4c41afbbd6b260d9e46a095811: 97184 bytes

	info: [decodingLevel=0] found JavaScript

Variables at the beginning of the function should be defined. Declarations of earlier query should be rightly defined.
See the use of while here:

merge:function(a,b){var c=+b.length,d=0,e=a.length;while(c>d)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=

while block () not entered, info credits Stackoverflow’s Dr.McKay.

IP City Region Country ASN Owner
66.33.194.102 United States Brea California United States 26347 None

reported by,

polonus (volunteer website security analyst and website error-hunter