Website Check

Check Your Websites for Malicious or Suspicious code.


Website Check v0.8

Check Depth : 0 1 ( Image link)

Accept Language: KO US DE CN JP

User-Agent : MSIE Android iPhone Chrome Safari

Private : (Detection results of private)

Save Source :

Report

*Date : 2019.08.14 07:49
*Site : http://zerosugaraddonexploit.duckdns.org/jack/vbc.exe
*Title :
*Info : 23.249.165.218, US(Buffalo, United States)
*Check url : 52 counts
*Loading time : 12.156622sec
*Reference
  - VIRUSTOTAL : URL Hash 2019-08-13 22:23:32 14/72,  FILE Hash 2019-08-13 10:08:40 7/67
  - Google SafeBrowsing(GSB) : zerosugaraddonexploit.duckdns.org is not found
*Result
 (1) Suspicious url(NULL) - 4count
 (2) user cookie check - 3count
 (3) Input site Registered Malicious url - 1count
 (4) user information check - 1count
 (5) EXE File Signatures - 1count
 (6) (-) MD5 : 117d133fe01bb5dc89489ec9b4286ee8 / Virustotal : 2019-08-13 10:08:40 7/67 - 1count


Public Link : http://zerocert.org/?code=cc97ccbb3c670ddffb394524324ec9b283672fbf241dc6acce6822b71f9db63d

*Latest detected Domain
  • 이 사이트는 최근 90일 동안 악성URL 삽입된 적이 없습니다.
  • 이 사이트는 최근 90일 동안 악성코드 중개 역할한 적이 없습니다.
  • 이 사이트는 최근 90일 동안 악성코드를 유포한 적이 없습니다.
  • Relation domain : zerosugaraddonexploit.duckdns.org → 5cnts [Node View]
  • Relation ip : 23.249.165.218 → 5cnts [Node View]
  • same Domain : zerosugaraddonexploit.duckdns.org 5cnts
  • same IP : 23.249.165.218 91cnts
  • same IP bands: 23.249.165.x 96cnts
  • same ASN : AS36352 229cnts

http://zerosugaraddonexploit.duckdns.org/jack/vbc.exe -> Malware url
    -> (-) MD5 : 117d133fe01bb5dc89489ec9b4286ee8 / Virustotal : 2019-08-13 10:08:40 7/67
    -> Malware file
    -> EXE File Signatures
  [script] http://www.wapforum.org/DTD/wml_1.1.xml
  [script] http://www.w3.org/1999/xhtml  -> Offline?
  [script] http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd  -> Offline?
  [script] http://www.wapforum.org/DTD/xhtml-mobile10.dtd
  [script] http://www.wapforum.org/dtd/wml20.dtd
  [script] http://foo#System.Web.MobileAStyle_ReferenceCauseCircularLoopWSessionViewState_InvalidSessionStateHistory{0}({1})  -> Offline?
  [script] http://foo,ConfigSect_MissingAttr,ConfigSect_UnknownAttr4ConfigSect_UnrecognizedXML.ConfigSect_MissingValue:ConfigSect_InvalidBooleanAttr:ConfigSect_InvalidIntegerAttr*DevCapSect_EmptyClass@DevCapSect_ExtraCompareDelegatorBDevCapSect_ExtraArgumentDelegator*DevCapSect_NoTypeInfo6DevCapSect_NoCapabilityEval,DevCapSect_MustSpecifyJDevCapSect_ComparisonAlreadySpecified8DevCapSect_UnableAddDelegate4DevCapSect_UnrecognizedTag*DevFiltDict_FoundLoop4MobCap_DelegateNameNoValue2MobCap_CantFindCapabilityBMobileRedirect_RedirectNotAllowedNFactoryGenerator_Error_FactoryInterfaceRTLCategory_Action&Category_Appearance  -> Offline?
  [script] http://go.microsoft.com/fwlink/?LinkId=157231.
    -> Suspicious url(NULL)
    [Location] https://www.microsoft.com?ref=go
      -> Suspicious url(NULL)
      [Location] https://www.microsoft.com/ko-kr/?ref=go
        -> user information check
        -> user cookie check
        [script(*)] https://www.microsoft.com/?ref=go
          -> Suspicious url(NULL)
        [script(*)] https://www.microsoft.com/mwf/js/MWF_20190614_16470731/alert/autosuggest/contentplacement/contentplacementitem/glyph/heading/hero/heroitem/hyperlinkgroup/image/list/pagebehaviors/skiptomain/social?apiVersion=1.0"},bundles:{"platform":["requireJS
          -> user cookie check
        [script(*)] https://www.microsoft.com/mscomhp/onerf/signin?EEL=Trueu0026pcexp=True
          [Location] https://www.microsoft.com/library/errorpages/smarterror.aspx?correlationId=REM//Us0x0uEcoib.0.0.0  -> Offline
        [script(*)] https://www.microsoft.com/mscomhp/onerf/signout?pcexp=True
          [Location] https://login.live.com/logout.srf?rver=7.1.6819.0&lc=1042&id=74335&ru=https%3a%2f%2fwww.microsoft.com%2fko-kr%2f%3fref%3dgo
            [script(*)] https://www.microsoft.com/ko-kr/?ref=go&lc=1042
            [script] https://login.live.com/;var
        [script(*)] https://login.live.com/me.srf?wa=wsignin1.0"},"aadInfo":{"signOutUrl":"https://www.microsoft.com/mscomhp/onerf/signout?pcexp=True
        [script] https://web.vortex.data.microsoft.com:443/collect/v1/t.gif?&name='Ms.Webi.PageView'&ver='2.1'&appId='JS:MicrosoftHP'&cV='8zwm4DgnqUW5jnun.0'&ext-app-env='onerf_prod'&ext-javascript-libver='4.0.0-beta-10'&ext-user-localId='t:157F8CE4AD4266C239628153AC8A6730'&*baseType='Ms.Content.PageView'&*isJs=True&*isLoggedIn=False&*isManual=True&*serverImpressionGuid='d2b6765a-39a7-49a1-9638-e3d3efc0b301'&-ver='1.0'&-impressionGuid='00000000-0000-0000-0000-000000000000'&-pageName='Homepage'&-uri='https://www.microsoft.com/ko-kr/?ref=go'&-pageType='HP.AllModules'&-pageTags='{"tasId":"d2b6765a-39a7-49a1-9638-e3d3efc0b301","tasMuid":"157F8CE4AD4266C239628153AC8A6730","browserGroup":"uplevel.web.pc.ie","isOneRf":"True"}'&-behavior=0&-market='ko-kr'
        [script] https://mem.gfx.ms/meversion?partner=MSHomePage&market=ko-kr&uhf=1
          [script(*)] https://mem.gfx.ms/scripts/me
            [Location] https://controls.account.microsoft.com/scripts/me/
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2NdtL?ver=a06c&q=90&m=8&h=600&w=1600&b=#FFFFFFFF&l=f&x=0&y=254&s=2120&d=795&aim=true
          [Location] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2NdtL?ver=a06c&q=90&m=8&h=600&w=1600&b=
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWfbJU?ver=9f4b&q=90&m=8&h=600&w=1600&b=#FFFFFFFF&l=f&x=0&y=222&s=2120&d=795&aim=true
          [Location] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWfbJU?ver=9f4b&q=90&m=8&h=600&w=1600&b=
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2Ogje?ver=bdc6&q=90&m=6&h=201&w=358&b=#FFFFFFFF&l=f&o=t&aim=true
          [Location] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2Ogje?ver=bdc6&q=90&m=6&h=201&w=358&b=
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2MKap?ver=671b&q=90&m=6&h=201&w=358&b=#FFFFFFFF&l=f&o=t&aim=true
          [Location] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2MKap?ver=671b&q=90&m=6&h=201&w=358&b=
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE37bh1?ver=33cd&q=90&m=6&h=201&w=358&b=#FFFFFFFF&l=f&o=t&aim=true
          [Location] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE37bh1?ver=33cd&q=90&m=6&h=201&w=358&b=
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1uWfh?ver=0868&q=90&m=6&h=201&w=358&b=#FFFFFFFF&l=f&o=t&aim=true
          [Location] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1uWfh?ver=0868&q=90&m=6&h=201&w=358&b=
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW5kpU?ver=a008&q=90&m=8&h=600&w=1600&b=#FFFFFFFF&l=f&x=0&y=212&s=2063&d=774&aim=true
          [Location] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW5kpU?ver=a008&q=90&m=8&h=600&w=1600&b=
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1CmIw?ver=e555&q=90&m=6&h=201&w=358&b=#FFFFFFFF&l=f&o=t&aim=true
          [Location] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1CmIw?ver=e555&q=90&m=6&h=201&w=358&b=
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2mheW?ver=527a&q=90&m=6&h=201&w=358&b=#FFFFFFFF&l=f&o=t&x=444&y=171&aim=true
          [Location] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2mheW?ver=527a&q=90&m=6&h=201&w=358&b=
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/REOLLm?ver=02d3&q=90&m=6&h=201&w=358&b=#FFFFFFFF&l=f&o=t&aim=true
          [Location] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/REOLLm?ver=02d3&q=90&m=6&h=201&w=358&b=
        [script] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2OfW4?ver=3149&q=90&m=6&h=201&w=358&b=#FFFFFFFF&l=f&o=t&aim=true
          [Location] https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2OfW4?ver=3149&q=90&m=6&h=201&w=358&b=
        [script] http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2dKBu
        [script] http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2dCNN
        [frame] http://www.microsoft.com/store/buy/cartcount
          -> Suspicious url(NULL)
          [Location] https://www.microsoft.com/store/buy/cartcount
            -> user cookie check
        [script] http://www.microsoft.com/onerfstatics/marketingsites-eas-prod/_h/46c44584/coreui.statics/externalscripts/jquery/jquery-3.3.1.min.js  -> Offline
*Country
zerosugaraddonexploit.duckdns.org - US, 23.249.165.218 (Buffalo, United States)



*Whois
Domain Name: DUCKDNS.ORG
Registry Domain ID: D168424869-LROR
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2018-10-21T21:51:41Z
Creation Date: 2013-04-12T19:58:56Z
Registry Expiry Date: 2021-04-12T19:58:56Z
Registrar Registration Expiration Date:
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization:
Registrant State/Province: Paris
Registrant Country: FR
Name Server: NS1.DUCKDNS.ORG
Name Server: NS2.DUCKDNS.ORG
Name Server: NS3.DUCKDNS.ORG
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form https://www.icann.org/wicf/)
>>> Last update of WHOIS database: 2019-08-18T01:45:17Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.

The Registrar of Record identified in this output may have an RDDS service that can be queried for additional information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.

*Reference
 VIRUSTOTAL : domain | ip | hash url | hash file
 Google SafeBrowsing(GSB) :
 URLVoid : domain
 Malware Domain List : domain
 SCUMWARE : domain | ip
 Project Honey Pot : ip
 Ransomware Tracker : domain
 Threat Crowd : domain | ip | hash file
 ZeroCERT Safeguard : domain | ip

*etc
  Stopbadware | Norton Safe | McAfee siteadvisor | Phish tank | Tcpiputils

- Today malware detected : 1 counts