Scanned pages/files
| Request | Server response | Status |
http://dxjyw.haotui.com/ | 200 OK Content-Length: 15638 Content-Type: text/html | clean |
http://dxjyw.haotui.com/include/js/common.js?KW3 | 200 OK Content-Length: 14181 Content-Type: application/x-javascript | clean |
http://cpro.baidustatic.com/cpro/ui/c.js | 200 OK Content-Length: 15840 Content-Type: application/x-javascript | clean |
http://dxjyw.haotui.com/bbs.php | 200 OK Content-Length: 15642 Content-Type: text/html | clean |
http://dxjyw.haotui.com/connect.php?mod=login&op=init&referer=bbs.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:08:51 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=1762512781268605470&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2Fdxjyw.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=dndgIY; expires=Sun, 13-Apr-2014 08:08:51 GMT; path=/; httponly Set-Cookie: cdb_c519ed383448ff9d0af7241366501bc8=1; expires=Sun, 06-Apr-2014 08:13:51 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:08:50 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:08:50 GMT; path=/ Set-Cookie: cdb_con_request_token=1762512781268605470; path=/ Set-Cookie: cdb_con_request_token_secret=2Jev2IH3kN2r7Pus; path=/ Set-Cookie: cdb_connect_referer=bbs.php; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=1762512781268605470&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2fdxjyw.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 7027 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://openapi.qzone.qq.com/test404page.js | 200 OK Content-Length: 58 Content-Type: text/html | clean |
http://dxjyw.haotui.com/registerbbs.php | 200 OK Content-Length: 15457 Content-Type: text/html | clean |
http://dxjyw.haotui.com/connect.php?mod=login&op=init&referer=registerbbs.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:00 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=13226243949415365484&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2Fdxjyw.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=V4MqHQ; expires=Sun, 13-Apr-2014 08:09:00 GMT; path=/; httponly Set-Cookie: cdb_c519ed383448ff9d0af7241366501bc8=1; expires=Sun, 06-Apr-2014 08:14:00 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:08:59 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:08:59 GMT; path=/ Set-Cookie: cdb_con_request_token=13226243949415365484; path=/ Set-Cookie: cdb_con_request_token_secret=HC6tnj8IXNtjkxCr; path=/ Set-Cookie: cdb_connect_referer=registerbbs.php; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=13226243949415365484&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2fdxjyw.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://dxjyw.haotui.com/logging.php?action=login | 200 OK Content-Length: 11206 Content-Type: text/html | clean |
http://dxjyw.haotui.com/include/js/md5.js?KW3 | 200 OK Content-Length: 5334 Content-Type: application/x-javascript | clean |
http://dxjyw.haotui.com/connect.php?mod=login&op=init&referer=logging.php%3Faction%3Dlogin | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:11 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=15838126443999070383&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2Fdxjyw.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=Gnis96; expires=Sun, 13-Apr-2014 08:09:10 GMT; path=/; httponly Set-Cookie: cdb_c519ed383448ff9d0af7241366501bc8=1; expires=Sun, 06-Apr-2014 08:14:10 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:09:09 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:09:09 GMT; path=/ Set-Cookie: cdb_con_request_token=15838126443999070383; path=/ Set-Cookie: cdb_con_request_token_secret=RzE9vS3C98TniB7S; path=/ Set-Cookie: cdb_connect_referer=logging.php%3Faction%3Dlogin; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=15838126443999070383&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2fdxjyw.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://dxjyw.haotui.com/search.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:13 GMT Location: search.php?notgoogle=1 Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=QYppv0; expires=Sun, 13-Apr-2014 08:09:13 GMT; path=/; httponly Set-Cookie: cdb_c519ed383448ff9d0af7241366501bc8=1; expires=Sun, 06-Apr-2014 08:14:13 GMT; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://dxjyw.haotui.com/search.php?notgoogle=1 | 200 OK Content-Length: 15417 Content-Type: text/html | clean |
http://dxjyw.haotui.com/connect.php?mod=login&op=init&referer=search.php%3Fnotgoogle%3D1 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://dxjyw.haotui.com/faq.php | 200 OK Content-Length: 5414 Content-Type: text/html | clean |
http://dxjyw.haotui.com/connect.php?mod=login&op=init&referer=faq.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:27 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=16667588084354456294&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2Fdxjyw.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=hxqiEk; expires=Sun, 13-Apr-2014 08:09:27 GMT; path=/; httponly Set-Cookie: cdb_c519ed383448ff9d0af7241366501bc8=1; expires=Sun, 06-Apr-2014 08:14:27 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:09:26 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:09:26 GMT; path=/ Set-Cookie: cdb_con_request_token=16667588084354456294; path=/ Set-Cookie: cdb_con_request_token_secret=8dMpsRIFn3F44udm; path=/ Set-Cookie: cdb_connect_referer=faq.php; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=16667588084354456294&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2fdxjyw.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dxjyw.haotui.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 06 Apr 2014 08:08:37 GMT
Server: nginx/1.2.9
Content-Type: text/html; charset=gbk
Set-Cookie: cdb_sid=8I7GSX; expires=Sun, 13-Apr-2014 08:08:37 GMT; path=/; httponly
Set-Cookie: cdb_c519ed383448ff9d0af7241366501bc8=1; expires=Sun, 06-Apr-2014 08:13:37 GMT; path=/
Set-Cookie: cdb_onlineusernum=59; expires=Sun, 06-Apr-2014 08:13:37 GMT; path=/
X-Powered-By: PHP/5.2.10
GET / HTTP/1.1
Host: dxjyw.haotui.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 06 Apr 2014 08:08:37 GMT
Server: nginx/1.2.9
Content-Type: text/html; charset=gbk
Set-Cookie: cdb_sid=8I7GSX; expires=Sun, 13-Apr-2014 08:08:37 GMT; path=/; httponly
Set-Cookie: cdb_c519ed383448ff9d0af7241366501bc8=1; expires=Sun, 06-Apr-2014 08:13:37 GMT; path=/
Set-Cookie: cdb_onlineusernum=59; expires=Sun, 06-Apr-2014 08:13:37 GMT; path=/
X-Powered-By: PHP/5.2.10
Second query (visit from search engine):
GET / HTTP/1.1
Host: dxjyw.haotui.com
Referer: http://www.google.com/search?q=dxjyw.haotui.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dxjyw.haotui.com
Referer: http://www.google.com/search?q=dxjyw.haotui.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dxjyw.haotui.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dxjyw.haotui.com/
Result: dxjyw.haotui.com is not infected or malware details are not published yet.
Result: dxjyw.haotui.com is not infected or malware details are not published yet.