Scanned pages/files
| Request | Server response | Status |
http://dotko.ru/ | 200 OK Content-Length: 17772 Content-Type: text/html | clean |
http://dotko.ru/media/system/js/caption.js | 200 OK Content-Length: 7087 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://dotko.ru/templates/ja_purity/js/ja.script.js | 200 OK Content-Length: 8144 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var siteurl = ''; function fixIEPNG(el, bgimgdf, sizingMethod, type, offset){ var objs = el; if(!objs) return; if ($type(objs) != 'array') objs = [objs]; if(!sizingMethod) sizingMethod = 'crop'; if(!offset) offset = 0; var blankimg = siteurl + 'images/blank.png'; objs.each(function(obj) { var bgimg = bgimgdf; if (obj.tagName == 'IMG') { if (!bgimg) bgimg = obj.src; if (!(/\.png$/i).test(bgimg) || (/blank\.png$/i).test(bgimg)) re Antivirus reports:
| ||
http://dotko.ru/templates/ja_purity/js/ja.rightcol.js | 200 OK Content-Length: 6632 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JA_Collapse_Mod = new Class({ initialize: function(myElements) { options = Object.extend({ transition: Fx.Transitions.quadOut }, {}); this.myElements = myElements; var exModules = excludeModules.split(','); exModules.each(function(el,i){exModules[i]='Mod'+el}); myElements.each(function(el, i){ el.elmain = $E('.jamod-content',el); el.titleEl = $E('h3',el); if(!el.titleEl) return; if (exModules.contains(el.id)) { Antivirus reports:
| ||
http://dotko.ru/index.php | 200 OK Content-Length: 17680 Content-Type: text/html | clean |
http://dotko.ru/index.php/home | 200 OK Content-Length: 17685 Content-Type: text/html | clean |
http://dotko.ru/index.php/ | 200 OK Content-Length: 17681 Content-Type: text/html | clean |
http://dotko.ru/index.php/rylai-crestfall-crystal-maiden | 200 OK Content-Length: 20477 Content-Type: text/html | clean |
http://dotko.ru/index.php/aiushtha-enchantress | 200 OK Content-Length: 19842 Content-Type: text/html | clean |
http://dotko.ru/index.php/puck-faerie-dragon | 200 OK Content-Length: 21952 Content-Type: text/html | clean |
http://dotko.ru/index.php/chen-holy-knight | 200 OK Content-Length: 20624 Content-Type: text/html | clean |
http://dotko.ru/index.php/ezalor-keeper-of-the-light | 200 OK Content-Length: 21551 Content-Type: text/html | clean |
http://dotko.ru/index.php/zeus-lord-of-olympia | 200 OK Content-Length: 19467 Content-Type: text/html | clean |
http://dotko.ru/index.php/furion-prophet | 200 OK Content-Length: 20686 Content-Type: text/html | clean |
http://dotko.ru/index.php/nortrom-silencer | 200 OK Content-Length: 21235 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dotko.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 31 Jul 2014 01:22:23 GMT
Pragma: no-cache
Server: nginx/1.2.9
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 31 Jul 2014 01:22:23 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 6700f3f360b42bc8a04ac984b3464ae2=13ce19e12ee188b6fb20fe3f5065eee2; path=/
Set-Cookie: ja_purity_tpl=ja_purity; expires=Tue, 21-Jul-2015 01:22:23 GMT; path=/
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: dotko.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 31 Jul 2014 01:22:23 GMT
Pragma: no-cache
Server: nginx/1.2.9
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 31 Jul 2014 01:22:23 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 6700f3f360b42bc8a04ac984b3464ae2=13ce19e12ee188b6fb20fe3f5065eee2; path=/
Set-Cookie: ja_purity_tpl=ja_purity; expires=Tue, 21-Jul-2015 01:22:23 GMT; path=/
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: dotko.ru
Referer: http://www.google.com/search?q=dotko.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dotko.ru
Referer: http://www.google.com/search?q=dotko.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dotko.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dotko.ru/
Result: dotko.ru is not infected or malware details are not published yet.
Result: dotko.ru is not infected or malware details are not published yet.