Scanned pages/files
Request | Server response | Status |
http://sunmin.co.kr/ | 200 OK Content-Length: 4022 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.isunmin.com ...[1027 bytes skipped]... end = document.cookie.indexOf(";", start) if(end < start) end = document.cookie.length return document.cookie.substring(start, end) } return "" } function openMsgBox(){ var eventCookie=getCookie("Default1"); if (eventCookie != "done") window.open('http://www.isunmin.com/pop-080625.htm', 'pop1', 'toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=no,left=100,top=100,width=270,height=300'); } //openMsgBox() </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="900" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="190" rowspan="2"><a href="http://www.sun ...[3025 bytes skipped]... | ||
http://sunmin.co.kr/inc/flash.js | 200 OK Content-Length: 848 Content-Type: application/x-javascript | clean |
http://sunmin.co.kr/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sunmin.co.kr
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 24 Jan 2015 09:15:37 GMT
Server: Microsoft-IIS/6.0
Content-Length: 4022
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSDBDBRR=MCPDDLFBFPHJICPDGBADGOEE; path=/
X-Powered-By: ASP.NET
...4022 bytes of data.
GET / HTTP/1.1
Host: sunmin.co.kr
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 24 Jan 2015 09:15:37 GMT
Server: Microsoft-IIS/6.0
Content-Length: 4022
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSDBDBRR=MCPDDLFBFPHJICPDGBADGOEE; path=/
X-Powered-By: ASP.NET
...4022 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sunmin.co.kr
Referer: http://www.google.com/search?q=sunmin.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sunmin.co.kr
Referer: http://www.google.com/search?q=sunmin.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sunmin.co.kr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sunmin.co.kr/
Result: sunmin.co.kr is not infected or malware details are not published yet.
Result: sunmin.co.kr is not infected or malware details are not published yet.