Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kyshs.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Wed, 06 May 2015 06:11:49 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Vary: EC_SDE_FLAG
Content-Type: text/html; charset=euc-kr
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Wed, 06 May 2015 06:11:49 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Set-Cookie: PHPSESSID=bc82aa7edcf5b505edd919f4dfaaff8a; path=/; domain=.kyshs.com; HttpOnly
Set-Cookie: iscache=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.kyshs.com
Set-Cookie: CUK45=cuk45_kyshs_bc82aa7edcf5b505edd919f4dfaaff8a; expires=Fri, 05-May-2017 06:11:49 GMT; path=/; domain=.kyshs.com; httponly
Set-Cookie: CUK2Y=cuk2y_kyshs_bc82aa7edcf5b505edd919f4dfaaff8a; expires=Fri, 05-May-2017 06:11:49 GMT; path=/; domain=.kyshs.com; httponly
GET / HTTP/1.1
Host: kyshs.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Wed, 06 May 2015 06:11:49 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Vary: EC_SDE_FLAG
Content-Type: text/html; charset=euc-kr
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Wed, 06 May 2015 06:11:49 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Set-Cookie: PHPSESSID=bc82aa7edcf5b505edd919f4dfaaff8a; path=/; domain=.kyshs.com; HttpOnly
Set-Cookie: iscache=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.kyshs.com
Set-Cookie: CUK45=cuk45_kyshs_bc82aa7edcf5b505edd919f4dfaaff8a; expires=Fri, 05-May-2017 06:11:49 GMT; path=/; domain=.kyshs.com; httponly
Set-Cookie: CUK2Y=cuk2y_kyshs_bc82aa7edcf5b505edd919f4dfaaff8a; expires=Fri, 05-May-2017 06:11:49 GMT; path=/; domain=.kyshs.com; httponly
Second query (visit from search engine):
GET / HTTP/1.1
Host: kyshs.com
Referer: http://www.google.com/search?q=kyshs.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kyshs.com
Referer: http://www.google.com/search?q=kyshs.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://kyshs.com/ | 200 OK Content-Length: 59286 Content-Type: text/html | clean |
http://kyshs.com/ec-js/common.js | 200 OK Content-Length: 3277 Content-Type: application/x-javascript | clean |
http://wcs.naver.net/wcslog.js | 200 OK Content-Length: 16780 Content-Type: application/javascript | clean |
http://adexclick.new-star.co.kr/nscookie_main.php?data=874|978 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://adexclick.new-star.co.kr/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://kyshs.com//www.googleadservices.com/pagead/conversion.js/ | 404 Not Found Content-Length: 1916 Content-Type: text/html | clean |
https://login2.cafe24ssl.com/crypt/AuthSSLManager.js | 200 OK Content-Length: 4851 Content-Type: application/javascript | clean |
https://login2.cafe24ssl.com/crypt/AuthSSLManager.plugin.js | 200 OK Content-Length: 1930 Content-Type: application/javascript | clean |
http://kyshs.com//astg.widerplanet.com/js/wp_astg_2.0_mall.js/ | 404 Not Found Content-Length: 1916 Content-Type: text/html | clean |
http://photoslide2.app-runtime.cafe24.com:80/?TYPE=JS&DATA=0d3d8e2285616f5eef55d142aeed3a6e | 200 OK Content-Length: 764 Content-Type: text/javascript | clean |
http://kyshs.com/ind-script/optimizer.php?filename=0b53faad3fa9813d262b17d6fdd53ca381b7e71c_1429052349&type=js& | 200 OK Content-Length: 302037 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kyshs.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kyshs.com/
Result: kyshs.com is not infected or malware details are not published yet.
Result: kyshs.com is not infected or malware details are not published yet.