Site only blacklisted or with HTML:Iframe-SZ [Trj]?

See: https://www.virustotal.com/nl/url/c140391225fbea5a7c5370de508f4e6f6f34f09f49f334488484ba824703d52f/analysis/1416093300/
blacklisted: http://quttera.com/labs-data-url/kenniscocreatie.nl
domains/hosts blacklisted: kenniscocreatie dot nl & feeds.feedburner dot com
Code hick-up: kenniscocreatie dot nl/wp-content/plugins/the-events-calendar/vendor/bootstrap-datepicker/js/bootstrap-datepicker.js?ver=3.2 benign
[nothing detected] (script) kenniscocreatie dot nll/wp-content/plugins/the-events-calendar/vendor/bootstrap-datepicker/js/bootstrap-datepicker.js?ver=3.2 * (appears twice with POODLE exploit - update format issues)
status: (referer=kenniscocreatie dot nl/events/2235-09/)saved 46395 bytes 8cdccbf4be8b4c634c22bf29802e6ceaf30abf95
info: [decodingLevel=0] found JavaScript
error: undefined function $
suspicious:
DOM-XSS vuln.: Results from scanning URL: htxp://kenniscocreatie.nl/wp-content/plugins/the-events-calendar/vendor/jquery-resize/jquery.ba-resize.min.js?ver=1.1
Number of sources found: 43
Number of sinks found: 19

Always be aware of these facts: http://www.wpwhitesecurity.com/wordpress-news/statistics-70-percent-wordpress-installations-vulnerable/
link article author = ROBERT ABELA

Consider: http://www.site-scan.com/eng/show_headers.php?REQUEST=GET&URL=http://kenniscocreatie.nl/events/2235-09&MODIFIED=0
Server vuln.: http://www.tenable.com/pvs-plugins/8563
I now get a 404 for that uri. Mulyiple vulnerabilities for the PHP version: http://www.tenable.com/pvs-plugins/8563
Giving an error: htxp://kenniscocreatie.us4.list-manage.com/subscribe/post-json?u=5a029fdec893a7d28b2c7a9b3&id=20e2ac451a&c=?
_AVESTA_ENVIRONMENT=prod; path=

Is this malcode?

st_go({v:'ext',j:'1:3.1.1',blog:'39256855',post:'2',tz:'1'});
	var load_cmc = function(){linktracker_init(39256855,2,2);};
	if ( typeof addLoadEvent != 'undefined' ) addLoadEvent(load_cmc);
	else load_cmc();
	

pol

Hi Polonus,

I believe the code you pasted is related to WordPress tracking. Newer themes do not use this as the primary method of tracking from my experience.

Also see: https://wordpress.org/support/topic/code-inserted-automatically-by-wp-stats

~!Donovan

Hi !Donovan,

And a good thing that is, because they also played a role in early Conficker initialization. 8)

polonus