Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://iranqs.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: iranqs.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 27 Aug 2014 19:01:09 GMT Location: http://46.161.41.152/sds/go.php?sid=1 Server: Apache Content-Length: 245 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://46.161.41.152/sds/go.php?sid=1 (imitation of visitor from search engine) GET /sds/go.php?sid=1 HTTP/1.1 Host: 46.161.41.152 Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Wed, 27 Aug 2014 19:01:41 GMT Referer: http://www.google.com/url?sa=t&rct=j&q=iranqs.com&source=web&cd=1&ved=0CDEQFjAG&url=http:%2F%2Firanqs.com%2F&ei=wC7yT5qCJbCCkQKtnwE&usg=AFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg Location: http://mediczkkf.ru/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Set-Cookie: schema1=true; expires=Wed, 03-Sep-2014 19:01:41 GMT Set-Cookie: visited1=2; expires=Wed, 03-Sep-2014 19:01:41 GMT X-Powered-By: PHP/5.4.4-14+deb7u14 | suspicious |
Scanned pages/files
| Request | Server response | Status |
http://iranqs.com/ | 200 OK Content-Length: 45449 Content-Type: text/html | clean |
http://iranqs.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://iranqs.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://iranqs.com/wp-content/themes/sahifa/js/tie-scripts.js?ver=3.9.2 | 200 OK Content-Length: 65795 Content-Type: application/javascript | clean |
http://www.parspal.com/xContext/Component/Verify/?UI=b192eb10b868455f81b890d1de4f4963&GID=125050012&MID=A9D8156DC0016A248E1F30096DB6277E74F943E9&Mode=11 | 200 OK Content-Length: 422 Content-Type: text/html | clean |
http://www.parspal.com/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
https://www.zarinpal.com/webservice/TrustCode | 200 OK Content-Length: 376 Content-Type: text/html | clean |
http://www.webgozar.ir/c.aspx?Code=1747926&t=counter | 200 OK Content-Length: 973 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://engine.webgozar.ir/counter/xstat.aspx?t=stat8&code=1747926&rnd= <iframe scrolling=no width=0 height=0 border=0 frameborder=0 allowtransparency="true" src="http://engine.webgozar.ir/counter/xstat.aspx?t=stat8&code=1747926&rnd=' + math.round(math.random()*50000) + '&s=' + screensize + '&c=' + colors + '&ref=' + escape(document.referrer) + '&title=' + escape(document.title) + '" > | ||
http://iranqs.com/wp-content/themes/sahifa/js/jquery.cycle.all.js?ver=3.9.2 | 200 OK Content-Length: 27367 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=iranqs.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://iranqs.com/
Result: iranqs.com is not infected or malware details are not published yet.
Result: iranqs.com is not infected or malware details are not published yet.