*Date : 2016.04.19 16:20
*Site : http://www.yspilot.co.kr/yspilot/main.asp
*Title : 여수 도선사회에 오신걸 환영합니다.여수도선사회에 오신걸
환영합니다.
*Info : 1.234.39.224, KR(, Korea, Republic of)
*Check url : 31 counts
*Loading time : 12.833974sec
*Google SafeBrowsing(GSB) : yspilot.co.kr is suspicious url.
*Result
 (1) user cookie check - 4count
 (2) Suspicious script has been detected (CK VIP EK #2) - 2count
 (3) user information check - 2count
 (4) Suspicious script has been detected (Exploit:JS/Flash) - 1count
 (5) Suspicious script has been detected (CK VIP Exploit Kit*) - 1count
 (6) Suspicious script has been detected (CK VIP EK) - 1count
 (7) http://bews.xibaipowenquan.com/ww.html - 1count
 (8) http://bews.xibaipowenquan.com/_c8b09a2fd743f1f91690753bc7d30e43.php - 1count
 (9) http://bews.xibaipowenquan.com/UrFqLg.html - 1count
 (10) http://bews.xibaipowenquan.com/RpLlSf.html - 1count
 (11) http://bews.xibaipowenquan.com/NeJxAe.html - 1count
 (12) http://888.xibaipowenquan.com/pb.exe - 1count
 (13) Suspicious url (Redirecting to landing page #1) - 1count
 (14) EXE File Signatures - 1count


http://zerocert.org/?code=aa3fe59c86d9fb09fd8636633dfc3996f7d3e4055d46f5e99a092026cd203990

*Latest detected Domain

• 이 사이트는 최근 90일 동안 악성URL 삽입된 적이 없습니다.
• 이 사이트는 최근 90일 동안 악성코드 중개 역할한 적이 없습니다.
• 이 사이트는 최근 90일 동안 악성코드를 유포한 적이 없습니다.
• Relation domain not found
• Relation ip not found
• same Domain not found
• same IP not found
• same IP bands not found
• same ASN not found

http://www.yspilot.co.kr/yspilot/main.asp
    -> user cookie check
  [swf] http://www.yspilot.co.kr/yspilot/0701_top/newmain2.swf
  [script] http://www.khoa.go.kr/OUTSERVICE/real_tide_iframe.asp?st_id=9  -> Offline
  [frame] http://www.yspilot.co.kr/yspilot/banner_new.html  -> Offline
  [script] http://www.yspilot.co.kr/yspilot/pilotlib/site_def.js
    -> user cookie check
  [script] http://www.yspilot.co.kr/yspilot/pilotlib/heart.js
    -> Suspicious url (Redirecting to landing page #1)
    [script(*)] http://bews.xibaipowenquan.com/_c8b09a2fd743f1f91690753bc7d30e43.php -> Malware url
      -> (-) 624632f2c642e7c0f0122c50e15ce94e / Virustotal : 2016-04-19 04:46:58 4/57
      -> Suspicious script has been detected (CK VIP EK #2)
      [frame] http://bews.xibaipowenquan.com/UrFqLg.html -> Malware url
        (-) a6cb0e0144d0a7332353b29ecfb60ce3 / Virustotal : 2016-04-18 10:20:46 2/57
        -> Suspicious script has been detected (CK VIP Exploit Kit*)
        [frame] http://bews.xibaipowenquan.com/ww.html -> Malware url
          -> (-) 7c67fa36894a2e2c8ca9ff12e6d83613 / Virustotal : 2016-04-19 04:46:46 2/57
          -> Suspicious script has been detected (CK VIP EK)
          [swf] http://bews.xibaipowenquan.com/ww.swf  -> Offline?
          [script] http://bews.xibaipowenquan.com/ww.js
        [script] http://bews.xibaipowenquan.com/swfobject.js
      [frame] http://bews.xibaipowenquan.com/RpLlSf.html -> Malware url
        (-) f35f687551986617f1c3d44b0b1e4b66 / Virustotal : 2016-04-19 04:47:03 4/57
        -> Suspicious script has been detected (Exploit:JS/Flash)
        [swf] http://bews.xibaipowenquan.com/look.swf  -> Offline?
      [frame] http://bews.xibaipowenquan.com/NeJxAe.html -> Malware url
        (-) ec2d71110836cbd0960aa0841bee90c5 / Virustotal : 2016-04-19 04:46:50 29/57
        -> Suspicious script has been detected (CK VIP EK #2)
      [script] http://bews.xibaipowenquan.com/jquery.js
      [ascii] http://888.xibaipowenquan.com/pb.exe -> Malware url
        (-) e8846d57a14f4c3a99ea8168f7f040e3
        -> EXE File Signatures
  [script] http://www.yspilot.co.kr/yspilot/0701_top/flash.js
  [script] http://www.yspilot.co.kr/yspilot/kr.js
    -> user information check
    -> user cookie check
  [form] http://www.yspilot.co.kr/yspilot/login_check.asp
  [location] http://www.yspilot.co.kr/yspilot/logoff99.asp
    [Location] http://www.yspilot.co.kr/yspilot/yspilot/index.html  -> Offline
  [location] http://www.yspilot.co.kr/yspilot/forecast/fore_list0.asp
  [location] http://www.yspilot.co.kr/yspilot/dosun_gyun.asp
    -> user cookie check
  [location] http://www.yspilot.co.kr/yspilot/port_detail.asp  -> Offline?
  [location] http://www.yspilot.co.kr/yspilot/tariff.asp  -> Offline?
  [location] http://www.yspilot.co.kr/yspilot/forecast/board.asp  -> Offline
  [script] http://www.nori.go.kr/kr/data/dismarine/hanghea.html  -> Offline?
  [script] http://112.216.119.182/yspilot/encviewer.aspx
    -> user information check
    [swf] http://112.216.119.182/yspilot/Loading.swf  -> Offline?
  [script] http://220.230.156.146/yspilot/encviewer.aspx  -> Offline?

*Country
61.73.184.174 (, Republic of Korea)



*Whois
query : yspilot.co.kr


# KOREAN(UTF8)

도메인이름 : yspilot.co.kr
등록인 : 이만실
등록인 주소 : 전라남도 여수시 수정동 350-42 여진빌딩 101
등록인 우편번호 : 550030
책임자 : 조한규
책임자 전자우편 : hankyu1@hanmail.net
책임자 전화번호 : 061-665-4282
등록일 : 2003. 04. 30.
최근 정보 변경일 : 2014. 12. 01.
사용 종료일 : 2029. 04. 30.
정보공개여부 : Y
등록대행자 : (주)후이즈(http://whois.co.kr)
DNSSEC : 미서명

1차 네임서버 정보
호스트이름 : cns1.simplexi.com

2차 네임서버 정보
호스트이름 : cns2.simplexi.com

네임서버 이름이 .kr이 아닌 경우는 IP주소가 보이지 않습니다.


# ENGLISH

Domain Name : yspilot.co.kr
Registrant : Lee Man Sil
Registrant Address : Yosu City Chunnam Korea, 101 yeojin B/D Sujung-dong
Registrant Zip Code : 550030
Administrative Contact(AC) : CHO HAN KYU
AC E-Mail : hankyu1@hanmail.net
AC Phone Number : 061-665-4282
Registered Date : 2003. 04. 30.
Last Updated Date : 2014. 12. 01.
Expiration Date : 2029. 04. 30.
Publishes : Y
Authorized Agency : Whois Corp.(http://whois.co.kr)
DNSSEC : unsigned

Primary Name Server
Host Name : cns1.simplexi.com

Secondary Name Server
Host Name : cns2.simplexi.com


- KISA/KRNIC WHOIS Service -

*Reference
 VIRUSTOTAL : domain | ip | hash url | hash file
 Google SafeBrowsing(GSB) :
 URLVoid : domain
 Malware Domain List : domain
 SCUMWARE : domain | ip
 Project Honey Pot : ip
 Ransomware Tracker : domain
 Threat Crowd : domain | ip | hash file
 ZeroCERT Safeguard : domain | ip

*etc
  Stopbadware | Norton Safe | McAfee siteadvisor | Phish tank | Tcpiputils