Scanned pages/files
| Request | Server response | Status |
http://sjjlb.haotui.com/ | 200 OK Content-Length: 18802 Content-Type: text/html | clean |
http://sjjlb.haotui.com/include/js/common.js?i9I | 200 OK Content-Length: 41693 Content-Type: application/x-javascript | clean |
http://cpro.baidustatic.com/cpro/ui/c.js | 200 OK Content-Length: 20160 Content-Type: application/x-javascript | clean |
http://sjjlb.haotui.com/bbs.php | 200 OK Content-Length: 18806 Content-Type: text/html | clean |
http://sjjlb.haotui.com/connect.php?mod=login&op=init&referer=bbs.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:08:53 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=15486029160996996257&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2Fsjjlb.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=s98Pty; expires=Sun, 13-Apr-2014 08:08:53 GMT; path=/; httponly Set-Cookie: cdb_08b923515cc17cdca7dc3673603479e2=1; expires=Sun, 06-Apr-2014 08:13:53 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:08:52 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:08:52 GMT; path=/ Set-Cookie: cdb_con_request_token=15486029160996996257; path=/ Set-Cookie: cdb_con_request_token_secret=PUnWnSaYrkcNPNZy; path=/ Set-Cookie: cdb_connect_referer=bbs.php; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=15486029160996996257&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2fsjjlb.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://openapi.qzone.qq.com/test404page.js | 200 OK Content-Length: 58 Content-Type: text/html | clean |
http://sjjlb.haotui.com/registerbbs.php | 200 OK Content-Length: 15459 Content-Type: text/html | clean |
http://sjjlb.haotui.com/connect.php?mod=login&op=init&referer=registerbbs.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:00 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=4006419405181666920&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2Fsjjlb.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=DJdHwM; expires=Sun, 13-Apr-2014 08:09:00 GMT; path=/; httponly Set-Cookie: cdb_08b923515cc17cdca7dc3673603479e2=1; expires=Sun, 06-Apr-2014 08:14:00 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:08:59 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:08:59 GMT; path=/ Set-Cookie: cdb_con_request_token=4006419405181666920; path=/ Set-Cookie: cdb_con_request_token_secret=9Mvztxyp2TemvmhX; path=/ Set-Cookie: cdb_connect_referer=registerbbs.php; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=4006419405181666920&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2fsjjlb.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://sjjlb.haotui.com/logging.php?action=login | 200 OK Content-Length: 11611 Content-Type: text/html | clean |
http://sjjlb.haotui.com/include/js/md5.js?i9I | 200 OK Content-Length: 5334 Content-Type: application/x-javascript | clean |
http://sjjlb.haotui.com/connect.php?mod=login&op=init&referer=logging.php%3Faction%3Dlogin | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:12 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=18130422518183089551&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2Fsjjlb.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=1LhSqY; expires=Sun, 13-Apr-2014 08:09:12 GMT; path=/; httponly Set-Cookie: cdb_08b923515cc17cdca7dc3673603479e2=1; expires=Sun, 06-Apr-2014 08:14:12 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:09:11 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:09:11 GMT; path=/ Set-Cookie: cdb_con_request_token=18130422518183089551; path=/ Set-Cookie: cdb_con_request_token_secret=7sf48bwiMmy2aD73; path=/ Set-Cookie: cdb_connect_referer=logging.php%3Faction%3Dlogin; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=18130422518183089551&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2fsjjlb.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://sjjlb.haotui.com/search.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:14 GMT Location: search.php?notgoogle=1 Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=2eyeDm; expires=Sun, 13-Apr-2014 08:09:14 GMT; path=/; httponly Set-Cookie: cdb_08b923515cc17cdca7dc3673603479e2=1; expires=Sun, 06-Apr-2014 08:14:14 GMT; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://sjjlb.haotui.com/search.php?notgoogle=1 | 200 OK Content-Length: 13584 Content-Type: text/html | clean |
http://sjjlb.haotui.com/connect.php?mod=login&op=init&referer=search.php%3Fnotgoogle%3D1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:17 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=7769017063769093089&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2Fsjjlb.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=DUd4hD; expires=Sun, 13-Apr-2014 08:09:17 GMT; path=/; httponly Set-Cookie: cdb_08b923515cc17cdca7dc3673603479e2=1; expires=Sun, 06-Apr-2014 08:14:17 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:09:16 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:09:16 GMT; path=/ Set-Cookie: cdb_con_request_token=7769017063769093089; path=/ Set-Cookie: cdb_con_request_token_secret=SsDdGKtAmgKNcEqA; path=/ Set-Cookie: cdb_connect_referer=search.php%3Fnotgoogle%3D1; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=7769017063769093089&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2fsjjlb.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
http://sjjlb.haotui.com/faq.php | 200 OK Content-Length: 11095 Content-Type: text/html | clean |
http://sjjlb.haotui.com/connect.php?mod=login&op=init&referer=faq.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 06 Apr 2014 08:09:21 GMT Location: http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=11894099790385276273&oauth_consumer_key=10055278&oauth_callback=http%3A%2F%2Fsjjlb.haotui.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback Server: nginx/1.2.9 Content-Type: text/html; charset=gbk Set-Cookie: cdb_sid=6PK7YT; expires=Sun, 13-Apr-2014 08:09:21 GMT; path=/; httponly Set-Cookie: cdb_08b923515cc17cdca7dc3673603479e2=1; expires=Sun, 06-Apr-2014 08:14:21 GMT; path=/ Set-Cookie: cdb_con_request_token=deleted; expires=Sat, 06-Apr-2013 08:09:20 GMT; path=/ Set-Cookie: cdb_con_request_token_secret=deleted; expires=Sat, 06-Apr-2013 08:09:20 GMT; path=/ Set-Cookie: cdb_con_request_token=11894099790385276273; path=/ Set-Cookie: cdb_con_request_token_secret=KGHTPu5EevuJRFHQ; path=/ Set-Cookie: cdb_connect_referer=faq.php; path=/ X-Powered-By: PHP/5.2.10 | clean |
http://openapi.qzone.qq.com/oauth/qzoneoauth_authorize?oauth_token=11894099790385276273&oauth_consumer_key=10055278&oauth_callback=http%3a%2f%2fsjjlb.haotui.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback | 200 OK Content-Length: 9826 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://qzonestyle.gtimg.cn/c/=/ac/qzfl/release/qzfl_for_qzone.js,/ac/qzfl/stat.js"><\/script>'); document.write('<script src="http://qzonestyle.gtimg.cn/qzone/openapi/oauth/common.js"><\/script>'); document.write('<script src="http://tajs.qq.com/stats?sId=16291955" charset="UTF-8"><\/script>'); Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sjjlb.haotui.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 06 Apr 2014 08:08:36 GMT
Server: nginx/1.2.9
Content-Type: text/html; charset=gbk
Set-Cookie: cdb_sid=RENzm8; expires=Sun, 13-Apr-2014 08:08:36 GMT; path=/; httponly
Set-Cookie: cdb_08b923515cc17cdca7dc3673603479e2=1; expires=Sun, 06-Apr-2014 08:13:36 GMT; path=/
Set-Cookie: cdb_onlineusernum=55; expires=Sun, 06-Apr-2014 08:13:36 GMT; path=/
X-Powered-By: PHP/5.2.10
GET / HTTP/1.1
Host: sjjlb.haotui.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 06 Apr 2014 08:08:36 GMT
Server: nginx/1.2.9
Content-Type: text/html; charset=gbk
Set-Cookie: cdb_sid=RENzm8; expires=Sun, 13-Apr-2014 08:08:36 GMT; path=/; httponly
Set-Cookie: cdb_08b923515cc17cdca7dc3673603479e2=1; expires=Sun, 06-Apr-2014 08:13:36 GMT; path=/
Set-Cookie: cdb_onlineusernum=55; expires=Sun, 06-Apr-2014 08:13:36 GMT; path=/
X-Powered-By: PHP/5.2.10
Second query (visit from search engine):
GET / HTTP/1.1
Host: sjjlb.haotui.com
Referer: http://www.google.com/search?q=sjjlb.haotui.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sjjlb.haotui.com
Referer: http://www.google.com/search?q=sjjlb.haotui.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sjjlb.haotui.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sjjlb.haotui.com/
Result: sjjlb.haotui.com is not infected or malware details are not published yet.
Result: sjjlb.haotui.com is not infected or malware details are not published yet.