Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=image.uc8.cc
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://image.uc8.cc/ | 200 OK Content-Length: 2087 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.uc8.cc eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('4 2=8.a("2");4 1=5;b 6(){2.9=1;7(1==0)3.c.d=\'i://j.k.h\';g 3.e(\'6()\',f);1--}',21,21,'|seconds|runtime|window|var||close_page|if|document|innerHTML|getElementById|function|location|href|setTimeout|1000|else|cc|http|www|uc8'.split('|'),0,{})) Decoded script: var runtime=document.getElementById("runtime");var seconds=5;function close_page(){runtime.innerHTML=seconds;if(seconds==0)window.location.href='http://www.uc8.cc';else window.setTimeout('close_page()',1000);seconds--} var runtime=document.getElementById("runtime");var seconds=5;function close_page(){runtime.innerHTML=seconds;if(seconds==0)window.location.href='http://www.uc8.cc';else window.setTimeout('close_page()',1000);seconds--} | ||
http://image.uc8.cc/test404page.js | 404 Not Found Content-Length: 2087 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.uc8.cc eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('4 2=8.a("2");4 1=5;b 6(){2.9=1;7(1==0)3.c.d=\'i://j.k.h\';g 3.e(\'6()\',f);1--}',21,21,'|seconds|runtime|window|var||close_page|if|document|innerHTML|getElementById|function|location|href|setTimeout|1000|else|cc|http|www|uc8'.split('|'),0,{})) Decoded script: var runtime=document.getElementById("runtime");var seconds=5;function close_page(){runtime.innerHTML=seconds;if(seconds==0)window.location.href='http://www.uc8.cc';else window.setTimeout('close_page()',1000);seconds--} var runtime=document.getElementById("runtime");var seconds=5;function close_page(){runtime.innerHTML=seconds;if(seconds==0)window.location.href='http://www.uc8.cc';else window.setTimeout('close_page()',1000);seconds--} |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: image.uc8.cc
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=31104000
Connection: close
Date: Sun, 11 Jan 2015 20:23:17 GMT
Accept-Ranges: bytes
ETag: "4e7f9e-827-4cc6b44855b80"
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Length: 2087
Content-Type: text/html; charset=UTF-8
Expires: Wed, 06 Jan 2016 20:23:17 GMT
Last-Modified: Fri, 19 Oct 2012 15:36:30 GMT
...2087 bytes of data.
GET / HTTP/1.1
Host: image.uc8.cc
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=31104000
Connection: close
Date: Sun, 11 Jan 2015 20:23:17 GMT
Accept-Ranges: bytes
ETag: "4e7f9e-827-4cc6b44855b80"
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Length: 2087
Content-Type: text/html; charset=UTF-8
Expires: Wed, 06 Jan 2016 20:23:17 GMT
Last-Modified: Fri, 19 Oct 2012 15:36:30 GMT
...2087 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: image.uc8.cc
Referer: http://www.google.com/search?q=image.uc8.cc
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: image.uc8.cc
Referer: http://www.google.com/search?q=image.uc8.cc
Result:
The result is similar to the first query. There are no suspicious redirects found.