Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ditto-up.ro
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.ditto-up.ro/ | 200 OK Content-Length: 26040 Content-Type: text/html | clean |
http://www.ditto-up.ro/js/jquery-1.7.2.min.js | 200 OK Content-Length: 94839 Content-Type: application/javascript | clean |
http://www.ditto-up.ro/js/lightbox.js | 200 OK Content-Length: 18389 Content-Type: application/javascript | clean |
http://www.ditto-up.ro/js/jscripts.js | 200 OK Content-Length: 6689 Content-Type: application/javascript | clean |
http://www.ditto-up.ro/js/jquery-1.4.2.js | 200 OK Content-Length: 72326 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js | 200 OK Content-Length: 91668 Content-Type: text/javascript | clean |
http://www.ditto-up.ro/Scripts/swfobject_modified.js | 404 Not Found Content-Length: 413 Content-Type: text/html | clean |
http://www.ditto-up.ro/test404page.js | 404 Not Found Content-Length: 398 Content-Type: text/html | clean |
http://vremea.kappa.ro/get_previewWidget/?id_oras=665087&dim=2&theme=1&id_users=92304&hash=a8db302f7741c1df53d9d47b925d3127 | 200 OK Content-Length: 2316 Content-Type: text/html | clean |
http://vremea.kappa.ro/get_previewWidget/\"http://vremea.kappa.ro/timis/timisoara.html\" | 200 OK Content-Length: 107693 Content-Type: text/html | clean |
http://statik.kappa.ro/js/lib/prototype.js | 200 OK Content-Length: 92130 Content-Type: application/x-javascript | clean |
http://statik.kappa.ro/js/lib/prototype_extend.js | 200 OK Content-Length: 486 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var $CE=function(c,b,a){var d=document.createElement(c);if(b){$H(b).each(function(e){$(d).setAttribute(e.key,e.value,0)})}if(a){$H(a).each(function(e){d.style[e.key]=e.value})}return $(d)};Element.addMethods({clearChildren:function(a){a=$(a);$A(a.childNodes).each(function(b){b.parentNode.removeChild(b)});return a},append:function(d,c,b,a){d=$(d);var e=$CE(c,b,a);d.appendChild(e);return e},appendText:function(a,c){a=$(a);var b=document.createTextNode(c);a.appendChild(b);return a}}); Antivirus reports:
| ||
http://statik.kappa.ro/js/scriptaculous/scriptaculous.js | 200 OK Content-Length: 918 Content-Type: application/x-javascript | clean |
http://statik.kappa.ro/js/swfobject/swfobject.js | 200 OK Content-Length: 9759 Content-Type: application/x-javascript | clean |
http://statik.kappa.ro/modules/vremea_new/js/loading.js | 200 OK Content-Length: 937 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ditto-up.ro
Result:
GET / HTTP/1.1
Host: ditto-up.ro
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ditto-up.ro
Referer: http://www.google.com/search?q=ditto-up.ro
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ditto-up.ro
Referer: http://www.google.com/search?q=ditto-up.ro
Result:
The result is similar to the first query. There are no suspicious redirects found.