See two to flag: https://virustotal.com/#/url/f664e923e7d723a523293994340b5e19f43709e6d2a1292aff03e81a26896102/detection
Fortinet’s detections: https://urlquery.net/report/4833d0c3-c09e-4e22-b925-5821564bbc31
Results: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.onsports.co.kr%2Fjavascript%2Fdefaultscript.js

Error-Fail and warnings: It looks like custom errors are not correctly configured as the requested URL contains the heading “Server Error in” The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:

Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.

Result
It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.

Detected as malicious: https://zulu.zscaler.com/submission/1b8f0b6e-7786-4a4d-9bf4-17b708969930

See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.onsports.co.kr%2Fjavascript%2Fdefaultscript.js&ref_sel=GSP2&ua_sel=ff&fs=1

Potential Harmful Site: https://sitecheck.sucuri.net/results/www.onsports.co.kr/javascript/defaultscript.js#sitecheck-details

Issues: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.onsports.co.kr%2Fjavascript%2Fdefaultscript.js

polonus (volunteer website security analyst and website error-hunter)