Scanned pages/files
Request | Server response | Status |
http://p0t.co/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 20 Sep 2014 12:51:26 GMT Location: http://www.p0t.com/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 | clean |
http://www.p0t.com/ | 200 OK Content-Length: 34331 Content-Type: text/html | clean |
http://www.p0t.com/skin/frontend/default/theme574/js/jquery-1.7.min.js | 200 OK Content-Length: 94020 Content-Type: application/javascript | clean |
http://www.p0t.com/skin/frontend/default/theme574/js/superfish.js | 200 OK Content-Length: 3800 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; cle showSuperfishUl : function(){ var o = sf.op, sh = sf.c.shadowClass+'-off', $ul = this.not('.accorChild').addClass(o.hoverClass) .find('>ul:hidden'); sf.IE7fix.call($ul); o.onBeforeShow.call($ul); $ul.animate(o.animation,o.speed,function(){ sf.IE7fix.call($ul); o.onShow.call($ul); }); return this; } }); })(jQuery); jQuery(function(){ jQuery('.sf-menu').superfish() }) Antivirus reports:
| ||
http://www.p0t.com/skin/frontend/default/theme574/js/scripts.js | 200 OK Content-Length: 15121 Content-Type: application/javascript | clean |
http://www.p0t.com/js/prototype/prototype.js | 200 OK Content-Length: 163313 Content-Type: application/javascript | clean |
http://www.p0t.com/js/lib/ccard.js | 200 OK Content-Length: 747 Content-Type: application/javascript | clean |
http://www.p0t.com/js/prototype/validation.js | 200 OK Content-Length: 41647 Content-Type: application/javascript | clean |
http://www.p0t.com/js/scriptaculous/builder.js | 200 OK Content-Length: 4744 Content-Type: application/javascript | clean |
http://www.p0t.com/js/scriptaculous/effects.js | 200 OK Content-Length: 38745 Content-Type: application/javascript | clean |
http://www.p0t.com/js/scriptaculous/dragdrop.js | 200 OK Content-Length: 31066 Content-Type: application/javascript | clean |
http://www.p0t.com/js/scriptaculous/controls.js | 200 OK Content-Length: 34797 Content-Type: application/javascript | clean |
http://www.p0t.com/js/scriptaculous/slider.js | 200 OK Content-Length: 10331 Content-Type: application/javascript | clean |
http://www.p0t.com/js/varien/js.js | 200 OK Content-Length: 22745 Content-Type: application/javascript | clean |
http://www.p0t.com/js/varien/form.js | 200 OK Content-Length: 14287 Content-Type: application/javascript | clean |
http://www.p0t.com/js/mage/translate.js | 200 OK Content-Length: 1597 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: p0t.co
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 20 Sep 2014 12:51:26 GMT
Location: http://www.p0t.com/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
...0 bytes of data.
GET / HTTP/1.1
Host: p0t.co
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 20 Sep 2014 12:51:26 GMT
Location: http://www.p0t.com/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: p0t.co
Referer: http://www.google.com/search?q=p0t.co
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: p0t.co
Referer: http://www.google.com/search?q=p0t.co
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=p0t.co
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://p0t.co/
Result: p0t.co is not infected or malware details are not published yet.
Result: p0t.co is not infected or malware details are not published yet.