Scanned pages/files
Request | Server response | Status |
http://www.80sem.net/ | 200 OK Content-Length: 41061 Content-Type: text/html | clean |
http://www.80sem.net/static/js/logging.js?Bsy | 200 OK Content-Length: 603 Content-Type: application/x-javascript | clean |
http://www.80sem.net/template/moke8_company008/inc/js/slides.jquery.js | 200 OK Content-Length: 20855 Content-Type: application/x-javascript | clean |
http://tcss.qq.com/ping.js?v=1Bsy | 200 OK Content-Length: 8909 Content-Type: application/x-javascript | clean |
http://www.80sem.net/home.php?mod=misc&ac=sendmail&rand=1399815989 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1 | 200 OK Content-Length: 6173 Content-Type: application/x-javascript | clean |
http://www.80sem.net/member.php?mod=register | 200 OK Content-Length: 15040 Content-Type: text/html | clean |
http://www.80sem.net/home.php?mod=misc&ac=sendmail&rand=1399815998 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://www.80sem.net/connect.php?mod=login&op=init&referer=http%3A%2F%2Fwww.80sem.net%2F.%2F&statfrom=login_simple | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 11 May 2014 13:46:40 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=310478506&oauth_token=123062534233843214 Server: nginx Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=gbk Set-Cookie: YkoR_2132_saltkey=uX210kPD; expires=Tue, 10-Jun-2014 13:46:40 GMT; path=/; httponly Set-Cookie: YkoR_2132_lastvisit=1399812400; expires=Tue, 10-Jun-2014 13:46:40 GMT; path=/ Set-Cookie: YkoR_2132_sid=FpWugR; expires=Mon, 12-May-2014 13:46:40 GMT; path=/ Set-Cookie: YkoR_2132_lastact=1399816000%09connect.php%09login; expires=Mon, 12-May-2014 13:46:40 GMT; path=/ Set-Cookie: YkoR_2132_stats_qc_reg=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: YkoR_2132_cloudstatpost=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: YkoR_2132_con_request_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: YkoR_2132_con_request_token_secret=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: YkoR_2132_con_request_token=123062534233843214; path=/ Set-Cookie: YkoR_2132_con_request_token_secret=8mTg8y3UHHBYAS77; path=/ X-Powered-By: PHP/5.3.27 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=310478506&oauth_token=123062534233843214 | 200 OK Content-Length: 9825 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://openapi.qzone.qq.com/test404page.js | 200 OK Content-Length: 58 Content-Type: text/html | clean |
http://www.80sem.net/portal.php | 200 OK Content-Length: 41078 Content-Type: text/html | clean |
http://www.80sem.net/home.php?mod=misc&ac=sendmail&rand=1399816004 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://www.80sem.net/connect.php?mod=login&op=init&referer=portal.php&statfrom=login_simple | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 11 May 2014 13:46:47 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=310478506&oauth_token=8605593622002555899 Server: nginx Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=gbk Set-Cookie: YkoR_2132_saltkey=V2dR46ZX; expires=Tue, 10-Jun-2014 13:46:46 GMT; path=/; httponly Set-Cookie: YkoR_2132_lastvisit=1399812406; expires=Tue, 10-Jun-2014 13:46:46 GMT; path=/ Set-Cookie: YkoR_2132_sid=Ac8F8t; expires=Mon, 12-May-2014 13:46:46 GMT; path=/ Set-Cookie: YkoR_2132_lastact=1399816006%09connect.php%09login; expires=Mon, 12-May-2014 13:46:46 GMT; path=/ Set-Cookie: YkoR_2132_stats_qc_reg=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: YkoR_2132_cloudstatpost=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: YkoR_2132_con_request_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: YkoR_2132_con_request_token_secret=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: YkoR_2132_con_request_token=8605593622002555899; path=/ Set-Cookie: YkoR_2132_con_request_token_secret=ixjAtnXFvz9bUVwK; path=/ X-Powered-By: PHP/5.3.27 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=310478506&oauth_token=8605593622002555899 | 200 OK Content-Length: 9825 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://www.80sem.net/portal.php?mod=list&catid=25 | 200 OK Content-Length: 19738 Content-Type: text/html | clean |
http://www.80sem.net/home.php?mod=misc&ac=sendmail&rand=1399816009 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 80sem.net
Result:
GET / HTTP/1.1
Host: 80sem.net
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 80sem.net
Referer: http://www.google.com/search?q=80sem.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 80sem.net
Referer: http://www.google.com/search?q=80sem.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=80sem.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://80sem.net/
Result: 80sem.net is not infected or malware details are not published yet.
Result: 80sem.net is not infected or malware details are not published yet.