Missed here: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fcolorectalsurgerycenter.com
and here:
malicious redirect but site not being blocked by avast!
Header returned by request for: htxp://colorectalsurgerycenter.com/ → 184.168.53.1

HTTP/1.1 302 Moved Temporarily
Date: Sat, 05 Apr 2014 22:27:17 GMT
Server: Apache
Location: htxp://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php

The location line in the header above has redirected the request to: htxp://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php
Redirect to this URL found in 3938 sites → https://www.mywot.com/en/scorecard/cibonline.org?utm_source=addon&utm_content=popup

Read on this multi iFrame campaign: http://www.webroot.com/blog/2013/11/13/malicious-multi-hop-iframe-campaign-affects-thousands-of-web-sites-leads-to-cve-2011-3402/ link article author = Dancho Danchev access to site blocked by Google Safebrowsing

polonus