Report
*Date : 2014.12.03 09:27
*Site : http://d-mama.co.kr
*Info : 221.141.1.80, KR(Ilsan, Korea, Republic of)
*Check url : 67 counts
*Loading time : 0sec
*Google SafeBrowsing :
Suspicious url*Result (1)
user information check - 4건 발견
(2)
user cookie check - 3건 발견
(3)
Suspicious script has been detected (document.write) - 2건 발견
(4)
user tracking code (51yes.com) - 2건 발견
(5)
Suspicious script has been detected (CVE-2011-2140, Adobe Flash Player) - 1건 발견
(6)
Suspicious script has been detected (CK VIP Exploit Kit) - 1건 발견
(7)
Suspicious script has been detected (CK VIP Exploit Kit #2) - 1건 발견
(8)
http://www.pensionvalley.com/svc/tp/ww.html - 1건 발견
(9)
http://www.pensionvalley.com/svc/tp/main.html - 1건 발견
(10)
http://www.pensionvalley.com/svc/tp/index.html - 1건 발견
(11)
http://www.kimhyunsoo.co.kr/pre/img/v3c.exe - 1건 발견
(12)
http://gomgomi.com/pg/kcp/index.html - 1건 발견
(13)
user cookie check - 1건 발견
(14)
Suspicious url(NULL) - 1건 발견
(15)
Suspicious script has been detected (http://) - 1건 발견
(16)
EXE File Signatures - 1건 발견
http://zerocert.org/?code=4de0be23df89a09ae2d786e36c6e5bb4012f349c7f40af819991650dde6e948a*Latest detected Domain- 이 사이트는 최근 90일 동안 악성URL 삽입된 적이 없습니다.
- 이 사이트는 최근 90일 동안 악성코드 중개 역할한 적이 없습니다.
- 이 사이트는 최근 90일 동안 악성코드를 유포한 적이 없습니다.
- Relation domain not found
- same Domain not found
http://d-mama.co.kr
[Location] http://d-mama.co.kr/./main/main.asp
-> user cookie check
[frame] http://gomgomi.com/pg/kcp/index.html -> Malware url
-> Suspicious script has been detected (http://)
-> user tracking code (51yes.com)
-> user cookie check
[script] http://count9.51yes.com/click.aspx?id=93411160&logo=1 -> pass
[unescape] http://www.pensionvalley.com/svc/tp/index.html -> Malware url
(-) c8e8061dc64df92885a0c0db48f76d92
-> user tracking code (51yes.com)
-> Suspicious script has been detected (document.write)
-> user information check
-> user cookie check
-> Suspicious script has been detected (CK VIP Exploit Kit)
[swf] http://www.pensionvalley.com/svc/tp/nbwm.swf -> pass
[frame] http://www.pensionvalley.com/svc/tp/ww.html -> Malware url
-> (-) 02652044f2a88c10cf8a26126777e28e
-> Suspicious script has been detected (CVE-2011-2140, Adobe Flash Player)
[swf] http://www.pensionvalley.com/svc/tp/ww.swf -> pass
[script] http://www.pensionvalley.com/svc/tp/ww.js
[frame] http://www.pensionvalley.com/svc/tp/main.html -> Malware url
-> (-) 93e97a53e0fdbd5ac149f8b816efebb4
-> Suspicious script has been detected (document.write)
-> Suspicious script has been detected (CK VIP Exploit Kit #2)
[script] http://count29.51yes.com/click.aspx?id=292298644&logo=11
[script] http://www.pensionvalley.com/svc/tp/swfobject.js
[script] http://www.pensionvalley.com/svc/tp/jquery-1.4.2.min.js
[applet] http://www.pensionvalley.com/svc/tp/+jaguar+
[applet] http://www.pensionvalley.com/svc/tp/+audi+
[ascii] http://www.kimhyunsoo.co.kr/pre/img/v3c.exe -> Malware url
-> (-) 8e452f7e70455c4abec60b1396ad6e9b / Virustotal : 2014-12-02 23:50:38 22/55
-> EXE File Signatures
[script] http://d-mama.co.kr/main/../js/jquery.js
-> user information check
[script] http://jquery.com/ -> pass
[script] http://jquery.org/license
[Location] https://jquery.org/license
[script] http://sizzlejs.com/
[script] http://json.org/json2.js -> Offline
[script] http://webreflection.blogspot.com/2007/08/global-scope-evaluation-and-dom.html
[Location] http://webreflection.blogspot.kr/2007/08/global-scope-evaluation-and-dom.html
-> user information check
[script] https://www.blogger.com/static/v1/jsbin/3204238090-ieretrofit.js
[script] http://webreflection.github.io/tinydown/test/build/wr.js
[script] http://webreflection.github.io/tinydown/test/build/tinydown.js
[script] http://www.3site.eu/devpro/JSHighLighter.js
[script] http://www.3site.eu/devpro/blog.js
[script] http://www.3site.eu/tp/component/twitter-profile/twitter-profile.js -> Offline
[script] https://www.blogger.com/static/v1/widgets/2885176887-widgets.js
[script] http://api.flickr.com
[script] http://csi.gstatic.com/csi
[script] http://m.facebook.com/sharer.php?u=
[script] http://mobile.twitter.com/home?status=
[script] http://search.yahoo.com/mrss/
[script] https://apis.google.com/js/plusone.js -> pass
[img] http://webreflection.blogspot.kr/2007/08/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUAAAABQCAYAAABoMayFAAAOaUlEQVR4Ae1dr49VSRN9u5kgRhHEqAmCICYIFIo/AIVCoVAE/iYICoVCIQgKhRpBRpARBIUgKNQIMsl+1Pv2vD0U3dXVv2bmza2bsH2769SpU6fv7bw3y+789c+vaxVXOBAOhAMLdODvBfYcLYcD4UA4sHYgDsB4EMKBcGCxDsQBuNitj8bDgXAgDsB4BsKBcGCxDsQBuNitj8bDgXAgDsB4BsKBcGCxDsQBuNitj8bDgXAgDsB4BsKBcGCxDsQBuNitj8bDgXAgDsB4BsKBcGCxDsQBuNitj8bDgXAgDsB4BsKBcGCxDsQBuNitj8bDgXBgJywIB5bkwPPnz39r98mTJ7/NZcIYjsu6NUeuhUlxsADO5XW+Z31Y57xUDY5LDnPoGDgxMlbWUnjG6HgppvFSg3N0TYlxjp4L3nvFAeh1KnCXxgHPy8OY3sZLLyjXKmFFC/AerKUdPBYGMcbm6jIGeTks4qnRk+PBpLj1WnwF1o7EPBwY7IAcDPLCxjXOgVGexifAcXsSTFviAB9GqU8t0gYwOo71i96qRycwusfW3lJ8fFC11ElxtupL5cUBmHIl1i61A/wiygvGczSeWpMYr+PlRI41Sl4N3uLyxDw6GePhLGFyfFjPeW3xSm7ONytmcXIsvgKzG3EfDoQDi3IgPgEuarujWXGAP1Hg04l2BphcXOM989wnFtQSjpH1SppQ11MTWEsjMMyHNStP68z5pHHg5BopjLX2V/xSJMueiIUD4cBldiC+Al/m3Y3ewoFwwHQgDkDTngiGA+HAZXbA/TPAp0+fmj48e/bstzjwel1AiP2W8GuSwlp4na/nOT7G5bQwBvcpvsPDw9XPnz9XV65cWd26dWu1u7u7hp+cnKw+ffq0jt28eXO1t7cHmuTo1ZHSkCT8d9HLqzlKdVp5pY7FbfFaeVo/zy1Oxun7GfWEU/TkuFu1svYUt4c3lce8+j7FWcsBzlquFB5cNRqqfwbIha1CwHkwItzCoTFwYp7KYUwqjlw9WnlW7Pj4eHVwcLCS8fr165sD8OjoaH0g7uzsrOSQvHPnji6ZnFu1rFiSjBY5V5ZT3jAmFSe6zS3n5HhlnXElbsZanBKruTy8jCnp1LWtXI5JXo6bcRrTGmOdzGHp4Bx9Dw6tT3BWTPOk5shHLFUDMRkZX8JyHu6nfwVmgSiqR69wD86D0fVLc+bU/cih9+HDh9W1a9fWh5988js9PS1RNsUtHSVCzs1hPRid683x4oS/Bqv1WHMPrweTqoHnQvJTHKm1FA/WZuFreaFHRumR++QY7sHPWMQ8I/I9WMEAj9GbB1z1AciFYAbIWkbma8lP5czgTNWRtbdv365Dnz9/XsnhJ/Nv376t5Gvvx48f14ejHJLbcs30bib3SH9rdeI9KOWV4iN7mMlV6qMUr9EGb2tyarDVB6CHXIvWcw9HL2bkJlhaHjx4sLp79+76j/z8T+b7+/vrT4PytVdipZ//WfznEZvp3UzukV55dc54tr21db+teZonNW/tszWPe2nlSPWh16YcgFKEG9BFZ81nGjVL80XhnendTO6R/vXo9D7vJVwpXuq3N38U/wgdzNGzN1ZP3QdgqzDJ4wYtkRcpto2aL5J/l0lL67O/bc9Qa5/Y69588MwYmw5AawNzB9tsE2byg9vqe8bmaE7okPWRWphX1+ydz+Tu1cb526KTNS/hnp/zGXvk/nuALWaL+BmioWUWt+blTUDtsx5Z0wg9zDeyl1m8IzWCa5u0QvMSRz5HZM9GPP/wceoBiCJ6HNUEGzHyYWZe0c7cOqZ7GznnusI7sjZz6To9PTCv8Izk7tGVymWtF1lnSvvS1mSvsEcy8t71eNH0FVgKsgCvMOB6BOdyWU8O07rO3DN70Pqk7lnU5hpaQ+98JnevNs7fFp2sOe77HWg+AL2lL8uDxX2c5SGofT7P2lpLzMOBs3Rgxjs4/QA8L4POsu7sWrzxUmvGIahrjOxpJvd56uS+ZuzJyN56uLjPFp7efK7JXCM8H3YAihgWZ4nO4ThnxP0Ig0boGMFxVp5B6zZ5N0vrLF7xeCY39nDG6NXtxbVo5Heht07XAchCWhqZmdNrzExtrdzs98z+ZnK39p7Lm6XVy9uyJ8LNebneLtJ6q97WvLPqvesAPCuRF6EOvxAXZVNZ00XwKDSUP9ldhj0r9VCKj3hORr2Dww7AkiDEMY4wIccxegNG8+V0e9a1f6O19fL15ns8AGZWrVpe2RPel1w+1hmLXmpHcNXmaXwND/eZy8M6Y3VNa458jBZ2hI/V/z/AlCAR6xHjxekaHjN0DuYlXTXcJS7UbBlLOnTtFF5jREcK59WX4kOuh9fKB48ePbw6R+ZWrVbOEm9Kh6zl6lkaa7kY7+HNaarlYXyK06OFOXCf4kKsxCm5JQy49DjkANSkMQ8HwoFwYBscGPYVeBuaDY3hQDgQDrADQ/5TuBcvXqweP37MvMl7L04nS17rVdJVw13iatUoeSUdunYKrzEeXktzig/4VH3EMFr5wOjRw6tzZG7VauUs8aZ0yFqunqWxlovxHt6cploexqc4PVqYA/cpLsRKnJJbwoBLj91fgV++fLnmfPTokeb+Yy5YD+6PRFpAPVnKcXkwRLm+tXI4ZtXVnC1zruXpr0ZPLXeuvu6LeWv0aB6eM2dOhwfDnHLvyfFgNK+HG7y5flKcvIZ8rJ0XD3Sk6lsx6LZG5Asmxa9zgfdgda7Mu78Cy29Dkz+vXr1K8W/WJO7BbRIyN6gnY+4SM4DLYfQ68Cle5kvFNVfP3NIhvPARuJqNR47VA/fq7YN5a/RY/MyZw/VqHcUre8L7kvMAegXbcrEnuRoe3lYe7jNXn3ts6RP5OX7ujz3n9Zr7YQegmGpdbLqFK8W8PMCV+BAHXsbU9fDhw82h+vr16xRkyFpJB8dFU83FuVYecBaGY8DLOOrycgLnrQt8SStwHl5gZSztCZ4jD6/GcB0dq5m38iDP26PgWy5PnryD0OPB53R0HYBv3rxxixghVprw8sjv5qgxxsPrweSM9q5bNdhv6a/2sriZa4Z3zO+5P2+tXg9a9kS4Ja/28npS4m3h4T5L/BJHjdY+SzXAj7GEz8W7DkAUl/H+/furd+/eJevIOrAWLpmsFsEjY+mSWt7Lw+vBeOvlcLka7KGn9xR/jjuFHe1dqoa1dhG0ejyo0cn9ergZL/ettUbwoLZXt+CQo+uX5pJnXfwuoI6Ft2LDDkApkhMOIxDHaAnLxTQX496/f8/TqnuLF0QeDLCtY6qG9MXr9+7da6JnDk0w07sWbkur1l4zt3hrdfK+tO7JKO0zebjPljq1vsoe5S7WAs8tfI4H611/DUYX1nMp8uHXLw3X63oOMZ7RyrViJe5SLvchv+py1pXSwWs9tZlH67diGqvnpdxSXPPJvCUnxaPXLF4rpnlkXotPcdSsjapXy1OLR0+j83LvYGsd0dl8AB4eHm4eAPn9t3LJyynrmMsai8M6rwmm5srlsp4aPmBzvBJnbvSAvNEj65C6cmGttzZ4tGbuT8c88xyv5LZyW5weTTlMjrdFZ44rV7t3fVS9Wp5aPPocnZfjy61DhzU2H4C5onpdz0WMvMhHR0er27dvW9qSMeYTDly8jrWakfOZVzh6D55WHeyPaIIuXm/lBpfkc+81fMByPvP2cDMn6owYmZe18rq3TkuOlzuFG1WvlqcWD+0j82SvwKeff6yjbs049QA8Pj7eiNaiWkVz3sHBwYZWavVcOV7hBDfX66ll5bIOxsmmQ4eMLVqYm/PBy/Vq7nO8wtHKzZw1WkpY5u31gLlKdUfER9Wr5anFo9dRefIMgYv3rLeO5Df9S5AvX76sBYkoCIMYEShxuRCXUQvXecgvjczJWOFv5RSeHK/EwI2+ZG3W5dEhmBYtOW7019pTjlf4WrktzladkpfjbdGZ4+rRZ+WOqlfLU4tHDz154OCzRvYodUmd1qvpEyAX3N/f/6M24hj/APxauHHjxurr16+rVH4KjzWL04ohPzeWchFv0ZyrmVpHnVRM1krxXF4pdxZvqW5Ob4+eHGdJS21NPMNWvVSs9Rmq1ZeqXfIgldPaJ/T2vOPgSOnCmgcDrB67D0BNKHMR9P379+LL2iLcyqk1mrVbvOiJ8bPuZ+qwuGd618Jtae3x3uLt0SnP+97eXlFa6b2weCztKGzlA+PhARYjcjz8klPqE7ypkWvh3vIWmBRXaW3KAShif/z4sal99erVzT3ftAj35kj9XF3WgPsSbykOnt6xVKcUt+p7c0d7x5q83F6tzO259/J6depnvaShVF/iudqlXMkrYUSfB6P7aO2z5h1ETXgAnSUO4JBfM1YfgCcnJxsDd3d3s7U8ogQjfBaPLuDhZY06Pzcv8ZbiOd7a9VKdUtyq58md4R001XB7tIK3ZvTw1uiU2vKCSo78sZ5lD6+lz4qJjlJcMHJ5cf9H//dP5I3o8z/WP+9QRyKWn8hkPNa8Y/X/Duv09HTDvbOTPz+B82CE0MKhIDgxT+UwJhVHrh6tPCumeXrnVi0rVqrLuYJNecOYVDxVg3NyvLLOuBI3Yy1OidVcHl7GlHTq2lYuxyQvx804jWmNsU7msHRwjr4Hh9YnOCumeVJz5COWqoGYjIwvYTkP99UHIBJjDAfCgXBg2x1o+msw29506A8HwoFwQByIAzCeg3AgHFisA3EALnbro/FwIByIAzCegXAgHFisA3EALnbro/FwIByIAzCegXAgHFisA3EALnbro/FwIByIAzCegXAgHFisA3EALnbro/FwIByIAzCegXAgHFisA3EALnbro/FwIByIAzCegXAgHFisA3EALnbro/FwIByIAzCegXAgHFisA3EALnbro/FwIByIAzCegXAgHFisA3EALnbro/FwIByIAzCegXAgHFisA/8DPTst4EnFi1QAAAAASUVORK5CYII=
-> Suspicious url(NULL)
[Location] http://www.gracwarning.or.kr
[script] http://docs.jquery.com/Utilities/jQuery.browser -> pass
[script] http://javascript.nwbox.com/IEContentLoaded/
[script] http://javascript.nwbox.com/IEContentLoaded/iecontentloaded.js
[script] http://www.google-analytics.com/urchin.js
[script] http://thinkweb2.com/projects/prototype/detecting-event-support-without-browser-sniffing/
[Location] http://thinkweb2.com
[frame] http://www.youtube.com/embed/gNeIa-hqnuY -> pass
[frame] http://www.youtube.com/embed/aVjtO_UJpPo -> pass
[frame] http://www.youtube.com/embed/0StsLr1RoZo -> pass
[script] http://thinkweb2.com/wp-content/themes/twentyfourteen/js/html5.js
[script] http://thinkweb2.com/wp-includes/js/jquery/jquery.js?ver=1.11.1
[script] http://thinkweb2.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
-> user information check
[script] http://thinkweb2.com/wp-content/themes/twentyfourteen/js/functions.js?ver=20131209
[form] http://thinkweb2.com/
[script] http://blindsignals.com/index.php/2009/07/jquery-delay/ -> Offline?
[script] http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ -> Offline
[script] http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html -> pass
[script] http://isaacschlueter.com/2006/10/msie-memory-leaks/
[script] http://isaacschlueter.com/wp-content/themes/schlueterica/behavior.js
[script] http://twitter.com/statuses/user_timeline/izs.json?callback=twitterCallback&count=20
[script] http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291 -> Offline
[script] http://d-mama.co.kr/main/../js/jquery.Floater.js
[script] http://d-mama.co.kr/main/../js/jquery-latest.min.js -> Offline
[script] http://d-mama.co.kr/js/common.js
[script] http://erc.ne.kr/web_automation/execute.js
-> user cookie check
[script] http://erc.ne.kr/web_automation/popup/img/2014_fall.jpg
[script] http://d-mama.co.kr/main/../js/seal.js
[script] http://sgssl.net/cgi-bin/cert-seal4?code=
[Location] https://www.kicassl.com/cgi-bin/cert-seal4?code=
*Country
unknown
*Whois
query : d-mama.co.kr
# KOREAN(UTF8)
상기 도메인이름은 등록되어 있지 않습니다.
상기 도메인이름의 사용을 원하실 경우 도메인이름 등록대행자를 통해
등록 신청하시기 바랍니다.
# ENGLISH
The requested domain was not found in the Registry or Registrar’s WHOIS Server.
- KISA/KRNIC WHOIS Service -
*Reference
VIRUSTOTAL :
domain | ip | hash url | hash file
Google SafeBrowsing(GSB) :
URLVoid :
domain Malware Domain List :
domain SCUMWARE :
domain | ip
Project Honey Pot : ip
Ransomware Tracker :
domain Threat Crowd :
domain | ip | hash file
ZeroCERT Safeguard :
domain | ip
*etc
Stopbadware |
Norton Safe |
McAfee siteadvisor |
Phish tank |
Tcpiputils
[Info] Changing api service domain address (center.zerocert.org -> cert.zero.camp),
