see: unknown_html → https://urlquery.net/report.php?id=1413470263473
Only flagged by Trustwave: https://www.virustotal.com/nl/url/7d772be60664f1b92dc573853dc13275054ff7c52779afef10082925ba03fe20/analysis/
index.html
Severity: Potentially Suspicious
Reason: Detected unconditional redirection to external web resource.
Details:
Threat dump:
[[<meta http-equiv='Refresh' content='0; URL=htxp://gaja79.com/link/go-lotteimall.html'>]]
3 sources 3 sinks for location.href=url
Threat dump MD5: B714139E2AEE1FDEFF5597C1BEBDAA72
File size[byte]: 86
File type: ASCII
Page/File MD5: B714139E2AEE1FDEFF5597C1BEBDAA72
Scan duration[sec]: 0.057000
Code resources; XML tag name mismatch (expected meta):
dubious external link to: click.linkprice dot com/click.php → https://www.mywot.com/en/scorecard/click.linkprice.com?utm_source=addon&utm_content=popup
on PHP vuln: http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-66891/PHP-PHP-4.4.9.html
on PHP warning: http://www.iss.net/security_center/reference/vuln/HTTP_PHP_CGI_Exec.htm
XSS vuln. code on: htxp://click.linkprice.com/click.php?m=woori&a=A100121263&l=0000
2 sources .location and 23 sinks action = & value =
more to be found on: htxp://click.linkprice.com/click.php?m=gsestore&a=A100121263&l=0000 (79 & 293)
htxp://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js (35-11)
htxp://wcs.naver.net/wcslog.js (7-1) → http://tracksaas.com/item?d=wcs.naver.net&p=1
compare ibfection here: http://sitecheck.sucuri.net/results/diyfloor.co.kr
polonus