Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dita.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dita.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.dita.com/ | 200 OK Content-Length: 5858 Content-Type: text/html | clean |
http://www.dita.com/js/jquery.js | 200 OK Content-Length: 93116 Content-Type: application/javascript | clean |
http://www.dita.com/js/jquery-ui-1.10.3.custom.min.js | 200 OK Content-Length: 228144 Content-Type: application/javascript | clean |
http://www.dita.com/js/jquery.queryloader2.js | 200 OK Content-Length: 9505 Content-Type: application/javascript | clean |
http://www.dita.com/js/supersized.3.2.7.min.js | 200 OK Content-Length: 17902 Content-Type: application/javascript | clean |
http://www.dita.com/js/supersized.shutter.min.js | 200 OK Content-Length: 7249 Content-Type: application/javascript | clean |
http://www.dita.com/js/cufon.js | 200 OK Content-Length: 18267 Content-Type: application/javascript | clean |
http://www.dita.com/js/Trajan_Pro_400.font.js | 200 OK Content-Length: 145987 Content-Type: application/javascript | clean |
http://www.dita.com/js/twitterFetcher_v10_min.js | 200 OK Content-Length: 3997 Content-Type: application/javascript | clean |
http://www.dita.com/js/responsiveslides.js | 200 OK Content-Length: 11870 Content-Type: application/javascript | clean |
http://www.dita.com/js/ch_script.js | 200 OK Content-Length: 4067 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)  $(document).ready(function() { $.supersized({ slideshow : 1, autoplay : 1, start_slide : 1, stop_loop : 0, random : 0, slide_interval : 6000, transition : 1, transition_speed : 3000, new_window : 0, pause_hover : 0, keyboard_nav : 1, performance : 2, var txt = ""; txt += "<div class='tw-text'>" + div.eq(1).html() + "</div>"; txt += "<div class='tw-date'>" + div.eq(2).html() + "</div>"; txt += "<div class='tw-name'><a href='" + div.eq(0).find("a").attr("href") + "'>" + div.eq(0).find("span span").text() + "</a></div>"; txt = "<div class='tw-body'>" + txt + "</div>"; $("#example4").html(txt) }, false); }); Antivirus reports:
| ||
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://www.dita.com/locator | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 20 Apr 2014 00:08:18 GMT Location: http://www.dita.com/locator/ Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_fcgid/2.3.6 Content-Length: 387 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.dita.com/locator/ | 200 OK Content-Length: 7724 Content-Type: text/html | clean |
http://www.dita.com/JavaScript/liveclock.js | 200 OK Content-Length: 4989 Content-Type: application/javascript | clean |
http://www.dita.com/contact/ | 200 OK Content-Length: 5778 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dita.com
Result:
GET / HTTP/1.1
Host: dita.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: dita.com
Referer: http://www.google.com/search?q=dita.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dita.com
Referer: http://www.google.com/search?q=dita.com
Result:
The result is similar to the first query. There are no suspicious redirects found.