Scanned pages/files
| Request | Server response | Status |
http://6xuew.haotui.com/ | 200 OK Content-Length: 8221 Content-Type: text/html | clean |
http://6xuew.haotui.com/include/js/common.js?1Df | 200 OK Content-Length: 24317 Content-Type: application/x-javascript | clean |
http://cpro.baidustatic.com/cpro/ui/c.js | 200 OK Content-Length: 28800 Content-Type: application/x-javascript | clean |
http://6xuew.haotui.com/bbs.php | 200 OK Content-Length: 13719 Content-Type: text/html | clean |
http://6xuew.haotui.com/connect.php?mod=login&op=init&referer=bbs.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:24 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=5006689091102785193&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2F6xuew.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=tqt4t2; expires=Sun, 13-Apr-2014 08:09:24 GMT; path=/; httponly Set-Cookie: cdb_4856cd4c09158a97a2d84ecb7f8dbd0e=1; expires=Sun, 06-Apr-2014 08:14:24 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:09:23 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:09:23 GMT; path=/ Set-Cookie: cdb_con_request_token=5006689091102785193; path=/ Set-Cookie: cdb_con_request_token_secret=DmXpiyZhmqh3ri63; path=/ Set-Cookie: cdb_connect_referer=bbs.php; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=5006689091102785193&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2f6xuew.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://openapi.qzone.qq.com/test404page.js | 200 OK Content-Length: 58 Content-Type: text/html | clean |
http://6xuew.haotui.com/registerbbs.php | 200 OK Content-Length: 15441 Content-Type: text/html | clean |
http://6xuew.haotui.com/connect.php?mod=login&op=init&referer=registerbbs.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:31 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=934536349868239091&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2F6xuew.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=aD8zrC; expires=Sun, 13-Apr-2014 08:09:31 GMT; path=/; httponly Set-Cookie: cdb_4856cd4c09158a97a2d84ecb7f8dbd0e=1; expires=Sun, 06-Apr-2014 08:14:31 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:09:30 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:09:30 GMT; path=/ Set-Cookie: cdb_con_request_token=934536349868239091; path=/ Set-Cookie: cdb_con_request_token_secret=qf2D6eCqCE49MuGi; path=/ Set-Cookie: cdb_connect_referer=registerbbs.php; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=934536349868239091&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2f6xuew.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://6xuew.haotui.com/logging.php?action=login | 200 OK Content-Length: 11597 Content-Type: text/html | clean |
http://6xuew.haotui.com/include/js/md5.js?1Df | 200 OK Content-Length: 5334 Content-Type: application/x-javascript | clean |
http://6xuew.haotui.com/connect.php?mod=login&op=init&referer=logging.php%3Faction%3Dlogin | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:37 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=10204951918251157051&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2F6xuew.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=7454NI; expires=Sun, 13-Apr-2014 08:09:37 GMT; path=/; httponly Set-Cookie: cdb_4856cd4c09158a97a2d84ecb7f8dbd0e=1; expires=Sun, 06-Apr-2014 08:14:37 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:09:36 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:09:36 GMT; path=/ Set-Cookie: cdb_con_request_token=10204951918251157051; path=/ Set-Cookie: cdb_con_request_token_secret=UNIxpyUvTKqKFpYw; path=/ Set-Cookie: cdb_connect_referer=logging.php%3Faction%3Dlogin; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=10204951918251157051&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2f6xuew.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://6xuew.haotui.com/search.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:41 GMT Location: search.php?notgoogle=1 Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=918t4M; expires=Sun, 13-Apr-2014 08:09:41 GMT; path=/; httponly Set-Cookie: cdb_4856cd4c09158a97a2d84ecb7f8dbd0e=1; expires=Sun, 06-Apr-2014 08:14:41 GMT; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://6xuew.haotui.com/search.php?notgoogle=1 | 200 OK Content-Length: 5414 Content-Type: text/html | clean |
http://6xuew.haotui.com/connect.php?mod=login&op=init&referer=search.php%3Fnotgoogle%3D1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:49 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=8430482198561325779&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2F6xuew.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=fMwBs5; expires=Sun, 13-Apr-2014 08:09:49 GMT; path=/; httponly Set-Cookie: cdb_4856cd4c09158a97a2d84ecb7f8dbd0e=1; expires=Sun, 06-Apr-2014 08:14:49 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:09:48 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:09:48 GMT; path=/ Set-Cookie: cdb_con_request_token=8430482198561325779; path=/ Set-Cookie: cdb_con_request_token_secret=s2CCxSITHcBQgX2F; path=/ Set-Cookie: cdb_connect_referer=search.php%3Fnotgoogle%3D1; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=8430482198561325779&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2f6xuew.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://6xuew.haotui.com/faq.php | 200 OK Content-Length: 11081 Content-Type: text/html | clean |
http://6xuew.haotui.com/connect.php?mod=login&op=init&referer=faq.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:52 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=14898636635217684060&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2F6xuew.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=fXC7OL; expires=Sun, 13-Apr-2014 08:09:52 GMT; path=/; httponly Set-Cookie: cdb_4856cd4c09158a97a2d84ecb7f8dbd0e=1; expires=Sun, 06-Apr-2014 08:14:52 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:09:51 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:09:51 GMT; path=/ Set-Cookie: cdb_con_request_token=14898636635217684060; path=/ Set-Cookie: cdb_con_request_token_secret=g4w6EqsmFQGbwnae; path=/ Set-Cookie: cdb_connect_referer=faq.php; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=14898636635217684060&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2f6xuew.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 6xuew.haotui.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 06 Apr 2014 08:09:05 GMT
Server: nginx/1.2.9
Content-Type: text/html; charset=gbk
Set-Cookie: cdb_sid=tD9k2Z; expires=Sun, 13-Apr-2014 08:09:05 GMT; path=/; httponly
Set-Cookie: cdb_4856cd4c09158a97a2d84ecb7f8dbd0e=1; expires=Sun, 06-Apr-2014 08:14:05 GMT; path=/
Set-Cookie: cdb_onlineusernum=52; expires=Sun, 06-Apr-2014 08:14:05 GMT; path=/
X-Died: timeout at scan.pm line 1538.
X-Powered-By: PHP/5.2.10
GET / HTTP/1.1
Host: 6xuew.haotui.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 06 Apr 2014 08:09:05 GMT
Server: nginx/1.2.9
Content-Type: text/html; charset=gbk
Set-Cookie: cdb_sid=tD9k2Z; expires=Sun, 13-Apr-2014 08:09:05 GMT; path=/; httponly
Set-Cookie: cdb_4856cd4c09158a97a2d84ecb7f8dbd0e=1; expires=Sun, 06-Apr-2014 08:14:05 GMT; path=/
Set-Cookie: cdb_onlineusernum=52; expires=Sun, 06-Apr-2014 08:14:05 GMT; path=/
X-Died: timeout at scan.pm line 1538.
X-Powered-By: PHP/5.2.10
Second query (visit from search engine):
GET / HTTP/1.1
Host: 6xuew.haotui.com
Referer: http://www.google.com/search?q=6xuew.haotui.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 6xuew.haotui.com
Referer: http://www.google.com/search?q=6xuew.haotui.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=6xuew.haotui.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://6xuew.haotui.com/
Result: 6xuew.haotui.com is not infected or malware details are not published yet.
Result: 6xuew.haotui.com is not infected or malware details are not published yet.