Bitdefender Trafficlight flags, WOT also flags: https://www.mywot.com/en/scorecard/avijehfarjood.com?utm_source=addon&utm_content=popup
Emsisoft also: https://www.virustotal.com/en-gb/url/0f2688cb9ae9530b2f8620d7d195084e61b1c3200106265c20210268f35b456f/analysis/1434884835/
Incident: htxp://avijehfarjood.com/oga/nmwpi/zieip/xlwi/game/index.htm
Signature: CYSC.PHISH.SITE.AOL-4
Incident-URL: ‘> htxps://www.c-sirt.org/en/incident/1d0b82a97a1749afecdd5489c16ef89b9ae1b8f2011e58f1a94ea66fcd43e03e’
…
Arabic/Sentacs coding unsafe? Technology profile: http://builtwith.com/avijehfarjood.com
Sucuri says site generating errors. Internal Server Error. Listed at PHISH tank.
Joomla Version 2.5.7 found at: htxp://avijehfarjood.com/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5 - X-Powered-By: PHP/5.4.39
Joomla Modules, Components and Plugins
The following modules were detected from the HTML source of the Joomla front page.
mod_sp_image_rotator
The following components were detected from the HTML source of the Joomla front page.
k2
search
com_k2
The following plugins were detected from the HTML source of the Joomla front page.
shortcodes Installing these expands the attack surface of mentioned webpage!
Externally Linked Host Hosting Provider Country
-www.zo2framework.org Digital Ocean United States
-avijehfarjood.ir Leaseweb Germany GmbH (previously netdirekt e. K.) Germany
-91.109.16.110 Leaseweb Germany GmbH (previously netdirekt e. K.)
Look of any of these linked javascripts could be exploitable/vulnerable:
Linked Javascript
-/media/system/js/mootools-core.js
-/media/system/js/core.js
-/media/system/js/mootools-more.js
-/media/system/js/modal.js
-//ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js
-/components/com_k2/js/k2.js
-/media/system/js/caption.js
htxp://avijehfarjood.com/media/com_zo2framework/js/bootstrap.js
htxp://avijehfarjood.com/media/com_zo2framework/js/jquery.min.js
htxp://avijehfarjood.com/media/com_zo2framework/js/jquery.cookies.2.2.0.js
htxp://avijehfarjood.com/media/com_zo2framework/js/zo2-uncompressed.js
htxp://avijehfarjood.com/plugins/system/shortcodes/assets/js/shortcodes.js
-/modules/mod_sp_image_rotator/assets/script/_class.noobslide.js
What about this, read : http://www.exedb.com/systemfiles/zo2-uncompressed[1].js.html
Some web servers have disabled automatic compression of JavaScript files, because they are served with the content type: application/x-javascript.
For these web servers we can use a web.config trick to change the content type of JavaScript files to text/javascript. This is a completely valid content type supported by all browsers. Info credits go to Mads Kristensen.
Consider also this scan: Malware detected: http://urlquery.net/report.php?id=1434782340404
polonus (volunteer website security analyst and website error-hunter)
Only trust code that you have tested yourself to be secure!
D.