ZeroCERT Team

Report

Result
Link
Whois
Reference

*Date : 2014.12.02 08:59
*Site : http://edupre.co.kr/
*Info : 121.78.112.161, KR(Seoul, Korea, Republic of)
*Check url : 31 counts
*Loading time : 0sec
*Google SafeBrowsing : Not founds.
*Result
(1) user cookie check - 4건 발견
(2) Suspicious script has been detected (document.write) - 2건 발견
(3) Suspicious script has been detected (http://) - 2건 발견
(4) Suspicious script has been detected (CK VIP Exploit Kit) - 1건 발견
(5) Suspicious script has been detected (CK VIP Exploit Kit #2) - 1건 발견
(6) http://www.kukjei.com/file/com.js - 1건 발견
(7) http://www.cct.go.kr/upload/1023/v3c.exe - 1건 발견
(8) http://file.seoulcitybus.com/main/tv/main.html - 1건 발견
(9) http://file.seoulcitybus.com/main/tv/index.html - 1건 발견
(10) user tracking code (google-analytics.com) - 1건 발견
(11) user tracking code (51yes.com) - 1건 발견
(12) user information check - 1건 발견
(13) user information check - 1건 발견
(14) user cookie check - 1건 발견
(15) Suspicious script has been detected (eval("String.fromCharCode(?)")) - 1건 발견
(16) EXE File Signatures - 1건 발견

http://zerocert.org/?code=67152ee128f41d90dc6e99b2ae554d1312b2a87a490a9bced0a904c5202c1cab

*Latest detected Domain

이 사이트는 최근 90일 동안 악성URL 삽입된 적이 없습니다.
이 사이트는 최근 90일 동안 악성코드 중개 역할한 적이 없습니다.
이 사이트는 최근 90일 동안 악성코드를 유포한 적이 없습니다.
Relation domain not found
Relation ip not found
same Domain not found
same IP not found
same IP bands not found
same ASN not found

http://edupre.co.kr/
    -> Suspicious script has been detected (http://)
    -> Suspicious script has been detected (eval("String.fromCharCode(?)"))
    -> user cookie check
  [frame] http://edupre.co.kr/inc.coaching.asp
    [script] http://littleforest.co.kr/include/jquery/jquery-1.4.4.min.js
    [script] http://littleforest.co.kr/include/jquery/jquery.newsticker_main.demo.js
  [script] http://edupre.co.kr/Include/Js/jscript.js
    -> user cookie check
  [script] http://edupre.co.kr/Admin/Common/Js/function.js
  [script] http://edupre.co.kr/Include/Js/GoogleAnalytics.js
    -> user tracking code (google-analytics.com)
    [script(*)] http://www.google-analytics.com/ga.js
  [script] http://edupre.co.kr/00new/include/jscript/scroll.js
  [script] http://edupre.co.kr/include/js/toplogo.js
    [swf] http://edupre.co.kr/swf/logo20110311.swf
  [script] http://edupre.co.kr/include/js/mainban_fla.js
    [swf] http://edupre.co.kr/swf/mainban_fla.swf
  [script] https://pgweb.dacom.net/WEB_SERVER/js/escrowValid.js
  [script] https://seal.verisign.com/getseal?host_name=www.edupre.co.kr&size=S&use_flash=YES&use_transparent=YES&lang=ko
  [script] http://www.googleadservices.com/pagead/conversion.js
    -> user information check
  [script] http://edupre.co.kr/Include/Js/popup.js
    -> user cookie check
  [img] http://edupre.co.kr/00new/updown/pds/201203/basic20120316101155454649.bmp
  [img] http://googleads.g.doubleclick.net/pagead/viewthroughconversion/984242297/?value=0&label=PjfXCOeLiAUQ-bCp1QM&guid=ON&script=0
    [Location] http://www.google.com/ads/user-lists/984242297/?label=PjfXCOeLiAUQ-bCp1QM&script=0&random=3184510896 -> pass
  [location] http://edupre.co.kr/lecture/lecture_off_detail.asp  -> Offline
  [ascii] http://www.kukjei.com/file/com.js -> Malware url
    -> Suspicious script has been detected (http://)
    -> user cookie check
    [unescape] http://file.seoulcitybus.com/main/tv/index.html -> Malware url
      -> (-) 5e58d2158fc9dc054628c1422a68477d / Virustotal : 2014-12-01 18:20:17 8/55
      -> user tracking code (51yes.com)
      -> Suspicious script has been detected (document.write)
      -> user information check
      -> user cookie check
      -> Suspicious script has been detected (CK VIP Exploit Kit)
      [swf] http://file.seoulcitybus.com/main/tv/nbwm.swf -> pass
      [frame] http://file.seoulcitybus.com/main/tv/ww.html  -> Offline
      [frame] http://file.seoulcitybus.com/main/tv/main.html -> Malware url
        (-) 13978eb3fde304901c778e8fd9c15a24 / Virustotal : 2014-12-01 22:00:19 22/55
        -> Suspicious script has been detected (document.write)
        -> Suspicious script has been detected (CK VIP Exploit Kit #2)
      [script] http://count1.51yes.com/click.aspx?id=10557948&logo=1
      [script] http://file.seoulcitybus.com/main/tv/swfobject.js
      [script] http://file.seoulcitybus.com/main/tv/jquery-1.4.2.min.js
      [applet] http://file.seoulcitybus.com/main/tv/+jaguar+
      [applet] http://file.seoulcitybus.com/main/tv/+audi+
      [ascii] http://www.cct.go.kr/upload/1023/v3c.exe -> Malware url
        (-) 70a5abcdabe2d35d707355393fbf8e0a / Virustotal : 2014-12-01 23:47:22 18/55
        -> EXE File Signatures

*Country

183.110.234.210 (, Republic of Korea)

*Whois
query : edupre.co.kr

# KOREAN(UTF8)

도메인이름 : edupre.co.kr
등록인 : (주)꼬망세미디어
등록인 주소 : 서울특별시 강남구 논현로76길 27 에이포스페이스빌딩 5층
등록인 우편번호 : 06224
책임자 : (주)꼬망세미디어
책임자 전자우편 : web@edupre.co.kr
책임자 전화번호 : 02-3497-4085
등록일 : 2000. 03. 10.
최근 정보 변경일 : 2023. 11. 24.
사용 종료일 : 2026. 03. 10.
정보공개여부 : Y
등록대행자 : (주)아이네임즈(http://www.inames.co.kr)
DNSSEC : 미서명

1차 네임서버 정보
호스트이름 : ns1.uhost.co.kr
IP 주소 : 202.31.187.220

2차 네임서버 정보
호스트이름 : ns2.uhost.co.kr
IP 주소 : 219.251.156.14

네임서버 이름이 .kr이 아닌 경우는 IP주소가 보이지 않습니다.

# ENGLISH

Domain Name : edupre.co.kr
Registrant : COMMENCER MEDIA Co., Ltd
Registrant Address : , 27 Nonhyeon-ro 76-gil Gangnam-gu, Seoul, KR
Registrant Zip Code : 06224
Administrative Contact(AC) : Commencer Co., Ltd.
AC E-Mail : web@edupre.co.kr
AC Phone Number : 02-3497-4085
Registered Date : 2000. 03. 10.
Last Updated Date : 2023. 11. 24.
Expiration Date : 2026. 03. 10.
Publishes : Y
Authorized Agency : Inames Co., Ltd.(http://www.inames.co.kr)
DNSSEC : unsigned

Primary Name Server
Host Name : ns1.uhost.co.kr
IP Address : 202.31.187.220

Secondary Name Server
Host Name : ns2.uhost.co.kr
IP Address : 219.251.156.14

- KISA/KRNIC WHOIS Service -

Website Check

Report