New scan:

Malware Scanner report for heymannrealestate.com

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://heymannrealestate.com/
200 OK
Content-Length: 7512
Content-Type: text/html
clean
http://heymannrealestate.com/media/system/js/mootools-core.js
200 OK
Content-Length: 99293
Content-Type: application/javascript
clean
http://heymannrealestate.com/media/system/js/core.js
200 OK
Content-Length: 7204
Content-Type: application/javascript
clean
http://heymannrealestate.com/media/system/js/caption.js
200 OK
Content-Length: 3138
Content-Type: application/javascript
clean
http://heymannrealestate.com/media/system/js/mootools-more.js
200 OK
Content-Length: 2321
Content-Type: application/javascript
clean
http://heymannrealestate.com/index.php?option=com_content&view=article&id=1&Itemid=301
200 OK
Content-Length: 7512
Content-Type: text/html
clean
http://heymannrealestate.com/index.php?option=com_properties&view=properties&Itemid=2
200 OK
Content-Length: 18105
Content-Type: text/html
clean
http://heymannrealestate.com/index.php?option=com_properties&view=property&id=18&Itemid=2
200 OK
Content-Length: 11591
Content-Type: text/html
clean
http://heymannrealestate.com/media/system/js/modal.js
200 OK
Content-Length: 12161
Content-Type: application/javascript
clean
http://heymannrealestate.com/components/com_properties/includes/js/jquery.js
200 OK
Content-Length: 58210
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)





(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function aaa_online_ga(){
var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS',
... 56391 bytes are skipped ...
y.boxModel&&document.documentElement[method]||document.body[method]:this[0][method];};});jQuery.each(["Height","Width"],function(i,name){var tl=i?"Left":"Top",br=i?"Right":"Bottom";jQuery.fn["inner"+name]=function(){return this[name.toLowerCase()]()+num(this,"padding"+tl)+num(this,"padding"+br);};jQuery.fn["outer"+name]=function(margin){return this["inner"+name]()+num(this,"border"+tl+"Width")+num(this,"border"+br+"Width")+(margin?num(this,"margin"+tl)+num(this,"margin"+br):0);};});})();

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
McAfee-GW-Edition
JS/Iframe.gen.ae
DrWeb
JS.IFrame.566
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/IFrame.XX!tr
McAfee
JS/Iframe.gen.ae

http://heymannrealestate.com/components/com_properties/includes/prettyPhoto_30/js/jquery.prettyPhoto.js
200 OK
Content-Length: 30536
Content-Type: application/javascript
clean
http://www.google.com/jsapi
200 OK
Content-Length: 24546
Content-Type: text/javascript
clean
http://heymannrealestate.com/index.php?option=com_content&view=article&id=3&Itemid=3
200 OK
Content-Length: 8428
Content-Type: text/html
clean
http://heymannrealestate.com/index.php?option=com_contact&view=contact&id=1&Itemid=313
200 OK
Content-Length: 11244
Content-Type: text/html
clean
http://heymannrealestate.com/media/system/js/validate.js
200 OK
Content-Length: 5337
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)





(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function aaa_online_ga(){
var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS',
... 4145 bytes are skipped ...
b.get("id"))b.labelref=a});a==!1?(b.addClass("invalid"),b.set("aria-invalid","true"),b.labelref&&(document.id(b.labelref).addClass("invalid"),document.id(b.labelref).set("aria-invalid","true"))):(b.removeClass("invalid"),b.set("aria-invalid","false"),b.labelref&&(document.id(b.labelref).removeClass("invalid"),document.id(b.labelref).set("aria-invalid","false")))}});document.formvalidator=null;
window.addEvent("domready",function(){document.formvalidator=new JFormValidator});

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.566
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/IFrame.XX!tr
VIPRE
Malware.JS.Generic (JS)


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: heymannrealestate.com

Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Tue, 13 May 2014 22:57:08 GMT
Pragma: no-cache
Server: Microsoft-IIS/8.5
Content-Length: 7512
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 72911ee8cad822a1108f8e1fea9c4f38=o54o3j8k9dlch1q1ep7688qkp2; path=/
X-Powered-By: ASP.NET

...7512 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: heymannrealestate.com
Referer: http://www.google.com/search?q=heymannrealestate.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=heymannrealestate.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://heymannrealestate.com/

Result: heymannrealestate.com is not infected or malware details are not published yet.