Scanned pages/files
Request | Server response | Status |
http://www.mmbaby.net/content/ | 404 Not Found Content-Length: 2340 Content-Type: text/html | clean |
http://www.mmbaby.net/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 04 Apr 2014 05:01:47 GMT Location: portal.php Server: Apache Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.17p1 | clean |
http://www.mmbaby.net/portal.php | 200 OK Content-Length: 144448 Content-Type: text/html | clean |
http://www.mmbaby.net/data/cache/common.js?PXZ | 200 OK Content-Length: 60574 Content-Type: text/javascript | clean |
http://www.mmbaby.net/data/cache/portal.js?PXZ | 200 OK Content-Length: 9945 Content-Type: text/javascript | clean |
http://tcss.qq.com/ping.js?v=1PXZ | 200 OK Content-Length: 8909 Content-Type: application/x-javascript | clean |
http://tajs.qq.com/stats?sId=26308567 | 200 OK Content-Length: 6219 Content-Type: text/javascript | clean |
http://www.mmbaby.net/home.php?mod=misc&ac=sendmail&rand=1396587707 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1 | 200 OK Content-Length: 6173 Content-Type: application/x-javascript | clean |
http://www.mmbaby.net/member.php?mod=logging&action=login&referer= | 200 OK Content-Length: 23013 Content-Type: text/html | clean |
http://www.mmbaby.net/home.php?mod=misc&ac=sendmail&rand=1396587721 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://www.mmbaby.net/member.php?mod=register | 200 OK Content-Length: 27458 Content-Type: text/html | clean |
http://www.mmbaby.net/data/cache/register.js?PXZ | 200 OK Content-Length: 9111 Content-Type: text/javascript | clean |
http://www.mmbaby.net/home.php?mod=misc&ac=sendmail&rand=1396587723 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://www.mmbaby.net/connect.php?mod=login&op=init&referer=http%3A%2F%2Fwww.mmbaby.net%2F.%2F&statfrom=login_simple | HTTP/1.1 302 Found Connection: close Date: Fri, 04 Apr 2014 05:02:06 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=310516837&oauth_token=9768145786500891197 Server: Apache Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=gbk Set-Cookie: UmnE_2132_saltkey=d6gYz8NY; expires=Sun, 04-May-2014 05:02:06 GMT; path=/; httponly Set-Cookie: UmnE_2132_lastvisit=1396584126; expires=Sun, 04-May-2014 05:02:06 GMT; path=/ Set-Cookie: UmnE_2132_sid=tFfkAv; expires=Sat, 05-Apr-2014 05:02:06 GMT; path=/ Set-Cookie: UmnE_2132_lastact=1396587726%09connect.php%09login; expires=Sat, 05-Apr-2014 05:02:06 GMT; path=/ Set-Cookie: UmnE_2132_stats_qc_reg=deleted; expires=Thu, 04-Apr-2013 05:02:05 GMT; path=/ Set-Cookie: UmnE_2132_cloudstatpost=deleted; expires=Thu, 04-Apr-2013 05:02:05 GMT; path=/ Set-Cookie: UmnE_2132_con_request_token=deleted; expires=Thu, 04-Apr-2013 05:02:05 GMT; path=/ Set-Cookie: UmnE_2132_con_request_token_secret=deleted; expires=Thu, 04-Apr-2013 05:02:05 GMT; path=/ Set-Cookie: UmnE_2132_con_request_token=9768145786500891197; path=/ Set-Cookie: UmnE_2132_con_request_token_secret=pAc9sH29uWhWeP5x; path=/ X-Powered-By: PHP/5.2.17p1 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_consumer_key=310516837&oauth_token=9768145786500891197 | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://openapi.qzone.qq.com/test404page.js | 200 OK Content-Length: 58 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mmbaby.net
Result:
GET / HTTP/1.1
Host: mmbaby.net
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: mmbaby.net
Referer: http://www.google.com/search?q=mmbaby.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mmbaby.net
Referer: http://www.google.com/search?q=mmbaby.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mmbaby.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mmbaby.net/
Result: mmbaby.net is not infected or malware details are not published yet.
Result: mmbaby.net is not infected or malware details are not published yet.