Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=diec.com.sa
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://diec.com.sa/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://diec.com.sa/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 21 Aug 2014 08:47:39 GMT Location: http://www.diec.com.sa/index.php Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Content-Length: 240 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.diec.com.sa/index.php | 200 OK Content-Length: 18187 Content-Type: text/html | clean |
http://www.diec.com.sa/embeddedcontent.js | 200 OK Content-Length: 3366 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)  var jActivating = { IS_MSIE : (document.removeNode && document.createAttribute) ? true : false, TAGS : ['object', 'embed', 'applet'], activateContent : function() { var i = 0; for(var _tagName; _tagName = jActivating.TAGS[i]; i++) { var j = 0; for(var _node; _node = document.getElementsByTagName(_tagName)[j]; j++) { if(jActivating.IS_MSIE) { jActivating.reinsertHtml(_no } }, getInnerHtml : function(_node) { var _innerHtml = ''; var i = 0; for(var _childNode; _childNode = _node.childNodes[i]; i++) { _innerHtml += _childNode.outerHTML; } return _innerHtml; } } if(jActivating.IS_MSIE) { jActivating.activateContent(); } else if(window.opera) { document.addEventListener('DOMContentLoaded', jActivating.activateContent, false); } Antivirus reports:
| ||
http://diec.com.sa/../../menu/stmenu.js | 400 Bad Request Content-Length: 345 Content-Type: text/html | clean |
http://diec.com.sa/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://diec.com.sa/../../Scripts/AC_RunActiveContent.js | 400 Bad Request Content-Length: 345 Content-Type: text/html | clean |
http://diec.com.sa/../../menu/menu.js | 400 Bad Request Content-Length: 345 Content-Type: text/html | clean |
http://diec.com.sa//s7.addthis.com/js/300/addthis_widget.js/ | 404 Not Found Content-Length: 357 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: diec.com.sa
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 21 Aug 2014 08:47:39 GMT
Location: http://www.diec.com.sa/index.php
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
...240 bytes of data.
GET / HTTP/1.1
Host: diec.com.sa
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 21 Aug 2014 08:47:39 GMT
Location: http://www.diec.com.sa/index.php
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
...240 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: diec.com.sa
Referer: http://www.google.com/search?q=diec.com.sa
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: diec.com.sa
Referer: http://www.google.com/search?q=diec.com.sa
Result:
The result is similar to the first query. There are no suspicious redirects found.