Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=trafficsaz.rzb.ir
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://trafficsaz.rzb.ir/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 14 Sep 2014 10:54:26 GMT Pragma: no-cache Location: http://www.trafficsaz.rozblog.com/ Server: LiteSpeed Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=f78ada5ba272628c8a6e36ce0e4e7168; path=/ Set-Cookie: ban_ip=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT X-Powered-By: PHP/5.3.27 | clean |
http://www.trafficsaz.rozblog.com/ | 200 OK Content-Length: 39660 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write ('<center><iframe width="120" height="240" src="http://ads.rzb.ir/image.php?size_id=7" border="0" scrolling="no" frameborder="0" marginheight="0" marginwidth="0" vspace="0" hspace="0"></iframe>'); Antivirus reports:
| ||
http://www.trafficsaz.rozblog.com/js/site.js | 200 OK Content-Length: 19046 Content-Type: application/javascript | clean |
http://rozblog.com/temp/skin/maxmusix/jquery.js | 200 OK Content-Length: 57319 Content-Type: application/javascript | clean |
http://rozblog.com/temp/skin/maxmusix/preloader.js | 200 OK Content-Length: 2619 Content-Type: application/javascript | clean |
http://rozblog.com/temp/skin/maxmusix/script.js | 200 OK Content-Length: 5410 Content-Type: application/javascript | clean |
http://rozblog.com/temp/skin/maxmusix/tick.js | 200 OK Content-Length: 1691 Content-Type: application/javascript | clean |
http://armani.mihanstore.net/partner/show_ads.php?ads_type=popup&ref=1530&page_source=3&show_once=1 | 200 OK Content-Length: 2345 Content-Type: text/html | clean |
http://armani.mihanstore.net/test404page.js | HTTP/1.1 404 Not Found Connection: close Date: Sun, 14 Sep 2014 10:54:33 GMT Server: LiteSpeed Vary: User-Agent Content-Length: 138 Content-Type: text/html | clean |
http://armani.mihanstore.net/ | 200 OK Content-Length: 26836 Content-Type: text/html | clean |
http://armani.mihanstore.net/templates/template6/js/jquery.js | 200 OK Content-Length: 93068 Content-Type: application/javascript | clean |
http://armani.mihanstore.net/templates/template6/js/plugins.js | 200 OK Content-Length: 167 Content-Type: application/javascript | clean |
http://armani.mihanstore.net/templates/template6/js/modernizr.v1.7.min.js | 200 OK Content-Length: 9021 Content-Type: application/javascript | clean |
http://armani.mihanstore.net/templates/template6/js/scripts/jquery-1.9.0.min.js | HTTP/1.1 404 Not Found Connection: close Date: Sun, 14 Sep 2014 10:54:38 GMT Server: LiteSpeed Vary: User-Agent Content-Length: 138 Content-Type: text/html | clean |
http://armani.mihanstore.net/templates/template6/js/jquery.nivo.slider.js | 200 OK Content-Length: 29124 Content-Type: application/javascript | clean |
http://armani.mihanstore.net/js/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: application/javascript | clean |
http://armani.mihanstore.net/js/jquery.countdown.js | 200 OK Content-Length: 4630 Content-Type: application/javascript | clean |
http://neginkala.net/Popup.aspx?cat=-1&s=42520&so=1&t=1&h=600&w=900&co=20 | 200 OK Content-Length: 404 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: trafficsaz.rzb.ir
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 14 Sep 2014 10:54:26 GMT
Pragma: no-cache
Location: http://www.trafficsaz.rozblog.com/
Server: LiteSpeed
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=f78ada5ba272628c8a6e36ce0e4e7168; path=/
Set-Cookie: ban_ip=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT
X-Powered-By: PHP/5.3.27
...0 bytes of data.
GET / HTTP/1.1
Host: trafficsaz.rzb.ir
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 14 Sep 2014 10:54:26 GMT
Pragma: no-cache
Location: http://www.trafficsaz.rozblog.com/
Server: LiteSpeed
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=f78ada5ba272628c8a6e36ce0e4e7168; path=/
Set-Cookie: ban_ip=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT
X-Powered-By: PHP/5.3.27
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: trafficsaz.rzb.ir
Referer: http://www.google.com/search?q=trafficsaz.rzb.ir
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: trafficsaz.rzb.ir
Referer: http://www.google.com/search?q=trafficsaz.rzb.ir
Result:
The result is similar to the first query. There are no suspicious redirects found.