Scanned pages/files
Request | Server response | Status |
http://truclamtaythien.com/ | 200 OK Content-Length: 90338 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) $i = Math.floor(Math.random()*10); var arr = new Array(); arr[0] = "Từ giã cha mẹ Äi xuất gia há»c Ãạo, thấu rõ nguá»n tâm, hiá»u vô vi pháp, Äược gá»i là báºc Sa môn, thÆ°á»ng giữ gìn 250 giá»i, sá»ng Äá»i thanh tá»nh, thá»±c hà nh 4 chân Äạo, thà nh tá»±u quả vá» A La Hán. Vá» chứng quả A La Hán có thá» phi hà nh, biến hoá, kéo dà i mạng sá»ng, á» Äá»i Äá»ng cả trá»i Äất. Thứ Äến là quả A Na Hà arr[9] = "Không là m các Äiá»u ác. <br> Hãy là m các hạnh là nh. <br> Giữ tâm ý thanh tá»nh. <br> Là lá»i dạy chÆ° Pháºt"; document.write(arr[$i]); Antivirus reports:
| ||
http://www.truclamtaythien.com/wp-content/themes/BlueNews/jdgallery/mootools-1.2.5-core-yc.js | 200 OK Content-Length: 66798 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-content/themes/BlueNews/jdgallery/mootools-1.2-more.js | 200 OK Content-Length: 11986 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-content/themes/BlueNews/jdgallery/jd.gallery.js | 200 OK Content-Length: 28033 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-content/themes/BlueNews/jdgallery/jd.gallery.transitions.js | 200 OK Content-Length: 3156 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-content/themes/BlueNews/menu/mootools-1.2.5-core-yc.js | 200 OK Content-Length: 66798 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-content/themes/BlueNews/menu/MenuMatic_0.68.3.js | 200 OK Content-Length: 25884 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/js/html5mp3playlist-min.js?ver=4.0 | 200 OK Content-Length: 1167 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function html5mp3player(e){for(i=0;i<e.length;i++){if(typeof e[i].html5mp3playlistsize!="undefined"){html5size=e[i].html5mp3playlistsize}else{html5size="full"}if(typeof e[i].html5mp3playlisturl!="undefined"){html5url=e[i].html5mp3playlisturl;html5url+="html5"+html5size+".php?id="+e[i].html5mp3playlistid}else{html5url="http://html5player.svnlabs.com/v1/";html5url+="html5"+html5size+".html?id="+e[i].html5mp3playlistid}if(typeof e[i].html5mp3playlistspan!="undefined"){html5span=e[i].html5mp3play Antivirus reports:
| ||
http://www.truclamtaythien.com/wp-content/plugins/simple-lightbox/client/js/prod/lib.core.js?ver=2.3.1 | 200 OK Content-Length: 6323 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-content/plugins/simple-lightbox/client/js/prod/lib.view.js?ver=2.3.1 | 200 OK Content-Length: 48305 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-content/plugins/simple-lightbox/themes/baseline/js/prod/client.js?ver=2.3.1 | 200 OK Content-Length: 456 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-content/plugins/simple-lightbox/themes/default/js/prod/client.js?ver=2.3.1 | 200 OK Content-Length: 2774 Content-Type: application/x-javascript | clean |
http://www.truclamtaythien.com/wp-content/plugins/simple-lightbox/template-tags/item/js/prod/tag.item.js?ver=2.3.1 | 200 OK Content-Length: 414 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: truclamtaythien.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 19:46:36 GMT
Pragma: no-cache
Server: Microsoft-IIS/7.5
Content-Length: 90338
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=70edf0d5245860dfa4930f6bcfebcaa0; path=/
X-Pingback: http://www.truclamtaythien.com/xmlrpc.php
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...90338 bytes of data.
GET / HTTP/1.1
Host: truclamtaythien.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 19:46:36 GMT
Pragma: no-cache
Server: Microsoft-IIS/7.5
Content-Length: 90338
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=70edf0d5245860dfa4930f6bcfebcaa0; path=/
X-Pingback: http://www.truclamtaythien.com/xmlrpc.php
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...90338 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: truclamtaythien.com
Referer: http://www.google.com/search?q=truclamtaythien.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: truclamtaythien.com
Referer: http://www.google.com/search?q=truclamtaythien.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=truclamtaythien.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://truclamtaythien.com/
Result: truclamtaythien.com is not infected or malware details are not published yet.
Result: truclamtaythien.com is not infected or malware details are not published yet.