Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dr.monariza.co.kr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dr.monariza.co.kr/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://dr.monariza.co.kr/ | 200 OK Content-Length: 15790 Content-Type: text/html | clean |
http://dr.monariza.co.kr/common/common.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://dr.monariza.co.kr/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://maps.naver.com/js/naverMap.naver?key=26fbc82758c707f018e2018d768b9056 | 200 OK Content-Length: 158433 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: monariza.co.kr function naverMap(){var mrj9 = '2.54';var o3 = '1.58';var sdfy3 = '1.41';var i94 = '1.26';var _land_version = '1.12';var punycode = new function Punycode() {this.utf16 = {decode:function(input){var output = [], i=0, len=input.length,value,extra;while (i < len) {value = input.charCodeAt(i++);if ((value & 0xF800) === 0xD800) {extra = input.charCodeAt(i++);if ( ((value & 0xFC00) !== 0xD800) || ((extra & 0xFC00) !== 0xDC00) ) {throw new Rang ...[3675 bytes skipped]... Decoded script: <img src="http://mcs.naver.com/m?u=undefined&e=&wa=26fbc82758c707f018e2018d768b9056&i=&ver=1&murl=monariza.co.kr%2F&os=Win32&ln=en%20&sr=&bw=undefined&bh=undefined&c=undefined&j=Y&jv=1.8&k=Y&fv=&sl=&ct=&p=getPlusPlus%20for%20Adobe%2016263%3BGoogle%20Talk%20Plugin%3BAdobe%20Acrobat%3BMozilla%20Default%20Plug-in%3BMicrosoft%20Office%202003%3BGoogle%20Update%3BShockwave%20Flash%3BSilverlight%20Plug-In%3BMicrosoft%20Office%20Live%20Plug-in%20for%20Firefox%3BWindows%20Live%C3%82%C2%AE%20Photo%20Gallery%3BJava%20Deployment%20Toolkit%206.0.140.8%3BJava(TM)%20Platform%20SE%206%20U14&EOU" width="1" height="1" border="0" /> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dr.monariza.co.kr
Result:
HTTP/1.1 200 OK
Cache-Control: Private
Date: Mon, 21 Jul 2014 23:05:18 GMT
Pragma: No-Cache
Server: Microsoft-IIS/6.0
Content-Length: 15790
Content-Type: text/html
Expires: Mon, 21 Jul 2014 06:25:18 GMT
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: ASPSESSIONIDSQACRRRS=NEDLBLMCINHKHDAAGBCEMABD; path=/
X-Powered-By: ASP.NET
...15790 bytes of data.
GET / HTTP/1.1
Host: dr.monariza.co.kr
Result:
HTTP/1.1 200 OK
Cache-Control: Private
Date: Mon, 21 Jul 2014 23:05:18 GMT
Pragma: No-Cache
Server: Microsoft-IIS/6.0
Content-Length: 15790
Content-Type: text/html
Expires: Mon, 21 Jul 2014 06:25:18 GMT
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: ASPSESSIONIDSQACRRRS=NEDLBLMCINHKHDAAGBCEMABD; path=/
X-Powered-By: ASP.NET
...15790 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dr.monariza.co.kr
Referer: http://www.google.com/search?q=dr.monariza.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dr.monariza.co.kr
Referer: http://www.google.com/search?q=dr.monariza.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.