Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nmg.xlglvc.cn
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nmg.xlglvc.cn/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nmg.xlglvc.cn
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Fri, 18 Apr 2014 08:22:11 GMT
Server: Microsoft-IIS/6.0
Content-Length: 116968
Content-Type: text/html; charset=gb2312
Set-Cookie: MenkCms_Language_nmg.xlglvc=zh-CN; path=/
Set-Cookie: MenkCms_Language_menkcms=zh-CN; path=/
Set-Cookie: PortalAlias=menkcms; path=/
Set-Cookie: .ASPXANONYMOUS=Wp5mInGRzwEkAAAAYTdlMmZhNjQtMDMzYS00NmJkLWIzY2ItNDkwNDg2N2IwYzg5UPFSUVvpYdOXGUuBUQv1wW3yDTQ1; expires=Thu, 26-Jun-2014 19:02:11 GMT; path=/; HttpOnly
Set-Cookie: MenkCmsSecurity=87303CF7-76D0-49B1-A7E7-A5C8E26415BB@87303CF7-76D0-49B1-A7E7-A5C8E26415BF@87303CF7-76D0-49B1-A7E7-A5C8E26415B0@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@96BC3CE0-0409-4AB1-A0C2-67D6C4D68193@BCF1F338-4564-461C-9606-CB024D10294E@BCF1F338-4564-461C-9606-CB024D10294E@BCF1F338-4564-461C-9606-CB024D10294E@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@BCF1F338-4564-461C-9606-CB024D10294E@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@B29CB86B-AEA1-EE94-8B77-B4E4239258B3@96BC3CE0-0409-4AB1-A0C2-67D6C4D68193@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@; expires=Fri, 18-Apr-2014 10:22:11 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
...116968 bytes of data.
GET / HTTP/1.1
Host: nmg.xlglvc.cn
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Fri, 18 Apr 2014 08:22:11 GMT
Server: Microsoft-IIS/6.0
Content-Length: 116968
Content-Type: text/html; charset=gb2312
Set-Cookie: MenkCms_Language_nmg.xlglvc=zh-CN; path=/
Set-Cookie: MenkCms_Language_menkcms=zh-CN; path=/
Set-Cookie: PortalAlias=menkcms; path=/
Set-Cookie: .ASPXANONYMOUS=Wp5mInGRzwEkAAAAYTdlMmZhNjQtMDMzYS00NmJkLWIzY2ItNDkwNDg2N2IwYzg5UPFSUVvpYdOXGUuBUQv1wW3yDTQ1; expires=Thu, 26-Jun-2014 19:02:11 GMT; path=/; HttpOnly
Set-Cookie: MenkCmsSecurity=87303CF7-76D0-49B1-A7E7-A5C8E26415BB@87303CF7-76D0-49B1-A7E7-A5C8E26415BF@87303CF7-76D0-49B1-A7E7-A5C8E26415B0@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@96BC3CE0-0409-4AB1-A0C2-67D6C4D68193@BCF1F338-4564-461C-9606-CB024D10294E@BCF1F338-4564-461C-9606-CB024D10294E@BCF1F338-4564-461C-9606-CB024D10294E@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@BCF1F338-4564-461C-9606-CB024D10294E@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@B29CB86B-AEA1-EE94-8B77-B4E4239258B3@96BC3CE0-0409-4AB1-A0C2-67D6C4D68193@87303CF7-76D0-49B1-A7E7-A5C8E26415BB@; expires=Fri, 18-Apr-2014 10:22:11 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
...116968 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: nmg.xlglvc.cn
Referer: http://www.google.com/search?q=nmg.xlglvc.cn
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nmg.xlglvc.cn
Referer: http://www.google.com/search?q=nmg.xlglvc.cn
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://nmg.xlglvc.cn/ | 200 OK Content-Length: 116968 Content-Type: text/html | clean |
http://nmg.xlglvc.cn/aspnet_client/MenkCms_scripts/autoResizeModule.js | 200 OK Content-Length: 3388 Content-Type: application/x-javascript | clean |
http://nmg.xlglvc.cn/aspnet_client/Style.js | 200 OK Content-Length: 950 Content-Type: application/x-javascript | clean |
http://nmg.xlglvc.cn/aspnet_client/focus.js | 200 OK Content-Length: 2104 Content-Type: application/x-javascript | clean |
http://nmg.xlglvc.cn/Themes/module-MenkCms_style_Home_RollY_BG/img/scrollYpic.js | 200 OK Content-Length: 346 Content-Type: application/x-javascript | clean |
http://nmg.xlglvc.cn/site/1/Default.aspx | 200 OK Content-Length: 116968 Content-Type: text/html | clean |
http://nmg.xlglvc.cn/site/alias__menkcms/1/Default.aspx | 200 OK Content-Length: 116968 Content-Type: text/html | clean |
http://nmg.xlglvc.cn/site/alias__menkcms/846/Default.aspx | 200 OK Content-Length: 24078 Content-Type: text/html | clean |
http://nmg.xlglvc.cn/site/alias__menkcms/847/Default.aspx | 200 OK Content-Length: 59099 Content-Type: text/html | clean |
http://nmg.xlglvc.cn/site/alias__menkcms/851/Default.aspx | 200 OK Content-Length: 17098 Content-Type: text/html | clean |
http://nmg.xlglvc.cn/site/alias__menkcms/857/Default.aspx | 200 OK Content-Length: 17168 Content-Type: text/html | clean |
http://nmg.xlglvc.cn/site/alias__menkcms/859/Default.aspx | 200 OK Content-Length: 38712 Content-Type: text/html | clean |
http://nmg.xlglvc.cn/site/alias__menkcms/849/Default.aspx | 200 OK Content-Length: 17834 Content-Type: text/html | clean |
http://nmg.xlglvc.cn/site/alias__menkcms/858/Default.aspx | 200 OK Content-Length: 39895 Content-Type: text/html | clean |
http://nmg.xlglvc.cn/site/alias__menkcms/853/Default.aspx | 200 OK Content-Length: 22629 Content-Type: text/html | clean |