Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ykgo.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: buzzbee.co.kr
Result:
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 26 Apr 2014 18:03:03 GMT
Pragma: no-cache
Location: shop/index.php
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.17
Content-Length: 0
Content-Type: text/html; charset=EUC-KR
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 26 Apr 2014 18:03:03 GMT
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Set-Cookie: PHPSESSID=975ee2d8385b64f4a563e6afbf96a7f6; path=/
Set-Cookie: cookie_check=1; path=/; domain=.buzzbee.co.kr
Set-Cookie: Ncisy=deleted; expires=Fri, 26-Apr-2013 18:03:02 GMT; path=/; domain=.buzzbee.co.kr
Set-Cookie: N_t=deleted; expires=Fri, 26-Apr-2013 18:03:02 GMT; path=/; domain=.buzzbee.co.kr
Set-Cookie: N_e=deleted; expires=Fri, 26-Apr-2013 18:03:02 GMT; path=/; domain=.buzzbee.co.kr
Set-Cookie: N_ba=deleted; expires=Fri, 26-Apr-2013 18:03:02 GMT; path=/; domain=.buzzbee.co.kr
Set-Cookie: N_aa=deleted; expires=Fri, 26-Apr-2013 18:03:02 GMT; path=/; domain=.buzzbee.co.kr
Set-Cookie: cookie_check=0; path=/; domain=.buzzbee.co.kr
Set-Cookie: shop_authenticate=Y; path=/
Set-Cookie: Xtime=1398535383; path=/
X-Powered-By: PHP/5.2.17
...0 bytes of data.
GET / HTTP/1.1
Host: buzzbee.co.kr
Result:
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 26 Apr 2014 18:03:03 GMT
Pragma: no-cache
Location: shop/index.php
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.17
Content-Length: 0
Content-Type: text/html; charset=EUC-KR
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 26 Apr 2014 18:03:03 GMT
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Set-Cookie: PHPSESSID=975ee2d8385b64f4a563e6afbf96a7f6; path=/
Set-Cookie: cookie_check=1; path=/; domain=.buzzbee.co.kr
Set-Cookie: Ncisy=deleted; expires=Fri, 26-Apr-2013 18:03:02 GMT; path=/; domain=.buzzbee.co.kr
Set-Cookie: N_t=deleted; expires=Fri, 26-Apr-2013 18:03:02 GMT; path=/; domain=.buzzbee.co.kr
Set-Cookie: N_e=deleted; expires=Fri, 26-Apr-2013 18:03:02 GMT; path=/; domain=.buzzbee.co.kr
Set-Cookie: N_ba=deleted; expires=Fri, 26-Apr-2013 18:03:02 GMT; path=/; domain=.buzzbee.co.kr
Set-Cookie: N_aa=deleted; expires=Fri, 26-Apr-2013 18:03:02 GMT; path=/; domain=.buzzbee.co.kr
Set-Cookie: cookie_check=0; path=/; domain=.buzzbee.co.kr
Set-Cookie: shop_authenticate=Y; path=/
Set-Cookie: Xtime=1398535383; path=/
X-Powered-By: PHP/5.2.17
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: buzzbee.co.kr
Referer: http://www.google.com/search?q=buzzbee.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: buzzbee.co.kr
Referer: http://www.google.com/search?q=buzzbee.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.ykgo.net/ | HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 06 Mar 2015 09:46:29 GMT Pragma: no-cache Server: Apache/2.2.3 (CentOS) Vary: Accept-Encoding Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=mu48athd2r8g5lsg6355nd09i5; path=/ X-Powered-By: PHP/5.2.10 | malicious |
http://69.165.77.152:9529/ | HTTP/1.1 200 OK Date: Fri, 06 Mar 2015 10:05:33 GMT Accept-Ranges: bytes ETag: "d8ecd73c5a57d01:edd" Server: Microsoft-IIS/6.0 Content-Length: 5179 Content-Location: http://69.165.77.152:9529/index.html Content-Type: text/html Last-Modified: Thu, 05 Mar 2015 15:37:07 GMT X-Powered-By: ASP.NET | clean |
http://69.165.77.152:9529/index.html | 200 OK Content-Length: 5179 Content-Type: text/html | clean |
http://69.165.77.152:9529/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |