New scan:

Malware Scanner report for 80sem.net

Malicious/Suspicious/Total urls checked
2/0/17
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.80sem.net/
200 OK
Content-Length: 41061
Content-Type: text/html
clean
http://www.80sem.net/static/js/logging.js?Bsy
200 OK
Content-Length: 603
Content-Type: application/x-javascript
clean
http://www.80sem.net/template/moke8_company008/inc/js/slides.jquery.js
200 OK
Content-Length: 20855
Content-Type: application/x-javascript
clean
http://tcss.qq.com/ping.js?v=1Bsy
200 OK
Content-Length: 8909
Content-Type: application/x-javascript
clean
http://www.80sem.net/home.php?mod=misc&ac=sendmail&rand=1399815989
200 OK
Content-Length: 0
Content-Type: text/javascript
clean
http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1
200 OK
Content-Length: 6173
Content-Type: application/x-javascript
clean
http://www.80sem.net/member.php?mod=register
200 OK
Content-Length: 15040
Content-Type: text/html
clean
http://www.80sem.net/home.php?mod=misc&ac=sendmail&rand=1399815998
200 OK
Content-Length: 0
Content-Type: text/javascript
clean
http://www.80sem.net/connect.php?mod=login&op=init&referer=http%3A%2F%2Fwww.80sem.net%2F.%2F&statfrom=login_simple
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 11 May 2014 13:46:40 GMT
Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=310478506&oauth_token=123062534233843214
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=gbk
Set-Cookie: YkoR_2132_saltkey=uX210kPD; expires=Tue, 10-Jun-2014 13:46:40 GMT; path=/; httponly
Set-Cookie: YkoR_2132_lastvisit=1399812400; expires=Tue, 10-Jun-2014 13:46:40 GMT; path=/
Set-Cookie: YkoR_2132_sid=FpWugR; expires=Mon, 12-May-2014 13:46:40 GMT; path=/
Set-Cookie: YkoR_2132_lastact=1399816000%09connect.php%09login; expires=Mon, 12-May-2014 13:46:40 GMT; path=/
Set-Cookie: YkoR_2132_stats_qc_reg=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: YkoR_2132_cloudstatpost=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: YkoR_2132_con_request_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: YkoR_2132_con_request_token_secret=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: YkoR_2132_con_request_token=123062534233843214; path=/
Set-Cookie: YkoR_2132_con_request_token_secret=8mTg8y3UHHBYAS77; path=/
X-Powered-By: PHP/5.3.27
clean
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=310478506&oauth_token=123062534233843214
200 OK
Content-Length: 9825
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>');
document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>');
document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J

http://openapi.qzone.qq.com/test404page.js
200 OK
Content-Length: 58
Content-Type: text/html
clean
http://www.80sem.net/portal.php
200 OK
Content-Length: 41078
Content-Type: text/html
clean
http://www.80sem.net/home.php?mod=misc&ac=sendmail&rand=1399816004
200 OK
Content-Length: 0
Content-Type: text/javascript
clean
http://www.80sem.net/connect.php?mod=login&op=init&referer=portal.php&statfrom=login_simple
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 11 May 2014 13:46:47 GMT
Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=310478506&oauth_token=8605593622002555899
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=gbk
Set-Cookie: YkoR_2132_saltkey=V2dR46ZX; expires=Tue, 10-Jun-2014 13:46:46 GMT; path=/; httponly
Set-Cookie: YkoR_2132_lastvisit=1399812406; expires=Tue, 10-Jun-2014 13:46:46 GMT; path=/
Set-Cookie: YkoR_2132_sid=Ac8F8t; expires=Mon, 12-May-2014 13:46:46 GMT; path=/
Set-Cookie: YkoR_2132_lastact=1399816006%09connect.php%09login; expires=Mon, 12-May-2014 13:46:46 GMT; path=/
Set-Cookie: YkoR_2132_stats_qc_reg=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: YkoR_2132_cloudstatpost=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: YkoR_2132_con_request_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: YkoR_2132_con_request_token_secret=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: YkoR_2132_con_request_token=8605593622002555899; path=/
Set-Cookie: YkoR_2132_con_request_token_secret=ixjAtnXFvz9bUVwK; path=/
X-Powered-By: PHP/5.3.27
clean
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=310478506&oauth_token=8605593622002555899
200 OK
Content-Length: 9825
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>');
document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>');
document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J

http://www.80sem.net/portal.php?mod=list&catid=25
200 OK
Content-Length: 19738
Content-Type: text/html
clean
http://www.80sem.net/home.php?mod=misc&ac=sendmail&rand=1399816009
200 OK
Content-Length: 0
Content-Type: text/javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: 80sem.net

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 80sem.net
Referer: http://www.google.com/search?q=80sem.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=80sem.net

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://80sem.net/

Result: 80sem.net is not infected or malware details are not published yet.