Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: irist.ir
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 12 Oct 2014 15:53:33 GMT
Via: 1.1 varnish
Age: 0
Server: cloudflare-nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
CF-RAY: 1784788cadf80b02-WAW
Set-Cookie: __cfduid=d3fab98323bc6ce7d5848c63df739d3521413129212907; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.irist.ir; HttpOnly
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Varnish: 816895087 816895086
X-XSS-Protection: 1; mode=block
GET / HTTP/1.1
Host: irist.ir
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 12 Oct 2014 15:53:33 GMT
Via: 1.1 varnish
Age: 0
Server: cloudflare-nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
CF-RAY: 1784788cadf80b02-WAW
Set-Cookie: __cfduid=d3fab98323bc6ce7d5848c63df739d3521413129212907; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.irist.ir; HttpOnly
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-Varnish: 816895087 816895086
X-XSS-Protection: 1; mode=block
Second query (visit from search engine):
GET / HTTP/1.1
Host: irist.ir
Referer: http://www.google.com/search?q=irist.ir
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: irist.ir
Referer: http://www.google.com/search?q=irist.ir
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://irist.ir/ | 200 OK Content-Length: 46344 Content-Type: text/html | clean |
http://irist.ir/index.php | 200 OK Content-Length: 46344 Content-Type: text/html | clean |
http://irist.ir/remotes.php | 200 OK Content-Length: 19430 Content-Type: text/html | clean |
http://irist.ir/locals.php | 200 OK Content-Length: 19423 Content-Type: text/html | clean |
http://irist.ir/webapps.php | 200 OK Content-Length: 19474 Content-Type: text/html | clean |
http://irist.ir/dos.php | 200 OK Content-Length: 19179 Content-Type: text/html | clean |
http://irist.ir/shellcodes.php | 200 OK Content-Length: 14701 Content-Type: text/html | clean |
http://irist.ir/tools.php | 200 OK Content-Length: 16053 Content-Type: text/html | clean |
http://irist.ir/search.php | 200 OK Content-Length: 4677 Content-Type: text/html | clean |
http://irist.ir/submit.php | 200 OK Content-Length: 3326 Content-Type: text/html | clean |
http://irist.ir/rss.php | 200 OK Content-Length: 13985 Content-Type: text/html | clean |
http://irist.ir/test404page.js | HTTP/1.1 302 Found Cache-Control: public, max-age=432000 Connection: close Date: Sun, 12 Oct 2014 15:53:37 GMT Via: 1.1 varnish Location: http://iedb.ir Server: cloudflare-nginx Content-Type: text/html; charset=iso-8859-1 Expires: Fri, 17 Oct 2014 15:53:37 GMT CF-Cache-Status: MISS CF-RAY: 178478a9a1ea0b02-WAW Set-Cookie: __cfduid=d6deef168476b6b60db9eb9730e622af31413129217546; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.irist.ir; HttpOnly X-Varnish: 816895099 | clean |
http://iedb.ir/ | 200 OK Content-Length: 46343 Content-Type: text/html | clean |
http://iedb.ir/index.php | 200 OK Content-Length: 46343 Content-Type: text/html | clean |
http://iedb.ir/acc | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 12 Oct 2014 15:53:39 GMT Via: 1.1 varnish Age: 0 Location: http://iedb.ir/acc/ Server: cloudflare-nginx Vary: Accept-Encoding Content-Type: text/html; charset=iso-8859-1 CF-RAY: 178478b7add60af0-WAW Set-Cookie: __cfduid=d401582be7df9029e5e10d9ecf0364f981413129219789; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.iedb.ir; HttpOnly X-Varnish: 816895102 | clean |
http://iedb.ir/acc/ | 500 Internal Server Error Content-Length: 106602 Content-Type: text/html | clean |
http://iedb.ir/acc/index.php?s=f67e75eb& | 500 Internal Server Error Content-Length: 106602 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=irist.ir
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://irist.ir/
Result: irist.ir is not infected or malware details are not published yet.
Result: irist.ir is not infected or malware details are not published yet.