Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=c7090.effete596.rsadvert.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: caacbe.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Wed, 11 Jun 2014 00:28:09 GMT
Accept-Ranges: bytes
Age: 0
Server: YTS/1.19.11
Vary: Accept-Encoding
Content-Length: 19757
Content-Type: text/html
Last-Modified: Sat, 12 Apr 2014 13:18:19 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=2hia3pd9pf8kp&b=3&s=3c; expires=Sat, 11-Jun-2016 00:28:09 GMT; path=/; domain=.caacbe.com
X-Host: p1w6.geo.sg3.yahoo.com
X-INKT-SITE: http://www.caacbe.com
X-INKT-URI: http://www.caacbe.com//index.html
...19757 bytes of data.
GET / HTTP/1.1
Host: caacbe.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Wed, 11 Jun 2014 00:28:09 GMT
Accept-Ranges: bytes
Age: 0
Server: YTS/1.19.11
Vary: Accept-Encoding
Content-Length: 19757
Content-Type: text/html
Last-Modified: Sat, 12 Apr 2014 13:18:19 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=2hia3pd9pf8kp&b=3&s=3c; expires=Sat, 11-Jun-2016 00:28:09 GMT; path=/; domain=.caacbe.com
X-Host: p1w6.geo.sg3.yahoo.com
X-INKT-SITE: http://www.caacbe.com
X-INKT-URI: http://www.caacbe.com//index.html
...19757 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: caacbe.com
Referer: http://www.google.com/search?q=caacbe.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: caacbe.com
Referer: http://www.google.com/search?q=caacbe.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://c7090.effete596.rsadvert.ru/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 15 Jan 2015 09:29:34 GMT Location: http://rsadvert.ru/ Server: nginx Content-Type: text/html | malicious |
http://rsadvert.ru/ | 200 OK Content-Length: 28434 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. (function(){ var D=new Date(),d=document,b='body',ce='createElement',ac='appendChild',st='style',ds='display',n='none',gi='getElementById'; var i=d[ce]('iframe');i[st][ds]=n;d[gi]("MarketGidScriptRootC571350")[ac](i);try{var iw=i.contentWindow.document;iw.open();iw.writeln("<ht"+"ml><bo"+"dy></bo"+"dy></ht"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("MarketGidScriptRootC571350");}var dv=iw[ce]('div');dv.id="MG_ID";dv[st][ds]=n;dv.innerHTML=571350;c[ac](dv); var s=iw[ce]('script');s.async='async';s.defer='defer';s.charset='utf-8';s.src="//jsc.marketgid.com/1/r/1.reg.ru.571350.js?t="+D.getYear()+D.getMonth()+D.getDate()+D.getHours();c[ac](s);})(); | ||
http://rsadvert.ru/modernizr.js | 200 OK Content-Length: 6296 Content-Type: application/javascript | clean |
http://c7090.effete596.rsadvert.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 15 Jan 2015 09:29:35 GMT Location: http://rsadvert.ru/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ Server: nginx Content-Type: text/html | malicious |
http://rsadvert.ru/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 28434 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. (function(){ var D=new Date(),d=document,b='body',ce='createElement',ac='appendChild',st='style',ds='display',n='none',gi='getElementById'; var i=d[ce]('iframe');i[st][ds]=n;d[gi]("MarketGidScriptRootC571350")[ac](i);try{var iw=i.contentWindow.document;iw.open();iw.writeln("<ht"+"ml><bo"+"dy></bo"+"dy></ht"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("MarketGidScriptRootC571350");}var dv=iw[ce]('div');dv.id="MG_ID";dv[st][ds]=n;dv.innerHTML=571350;c[ac](dv); var s=iw[ce]('script');s.async='async';s.defer='defer';s.charset='utf-8';s.src="//jsc.marketgid.com/1/r/1.reg.ru.571350.js?t="+D.getYear()+D.getMonth()+D.getDate()+D.getHours();c[ac](s);})(); | ||
http://rsadvert.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 28434 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. (function(){ var D=new Date(),d=document,b='body',ce='createElement',ac='appendChild',st='style',ds='display',n='none',gi='getElementById'; var i=d[ce]('iframe');i[st][ds]=n;d[gi]("MarketGidScriptRootC571350")[ac](i);try{var iw=i.contentWindow.document;iw.open();iw.writeln("<ht"+"ml><bo"+"dy></bo"+"dy></ht"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("MarketGidScriptRootC571350");}var dv=iw[ce]('div');dv.id="MG_ID";dv[st][ds]=n;dv.innerHTML=571350;c[ac](dv); var s=iw[ce]('script');s.async='async';s.defer='defer';s.charset='utf-8';s.src="//jsc.marketgid.com/1/r/1.reg.ru.571350.js?t="+D.getYear()+D.getMonth()+D.getDate()+D.getHours();c[ac](s);})(); | ||
http://yourmine.ru/cgi-bin/mr.cgi | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://rsadvert.ru/script.js | 200 OK Content-Length: 123144 Content-Type: application/javascript | clean |
http://parking.reg.ru/script/get_domain_data?domain_name=rsadvert.ru&callback=callback | 200 OK Content-Length: 129 Content-Type: application/javascript | suspicious |
Page code contains blacklisted domain: rsadvert.ru callback({"stat_id":"2","domain_in_shop":"1","dname":"rsadvert.ru","domain_shop_price":"5 920","can_renew":0,"ref_id":"342101"}); | ||
http://rsadvert.ru/test404page.js | 404 Not Found Content-Length: 28434 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. (function(){ var D=new Date(),d=document,b='body',ce='createElement',ac='appendChild',st='style',ds='display',n='none',gi='getElementById'; var i=d[ce]('iframe');i[st][ds]=n;d[gi]("MarketGidScriptRootC571350")[ac](i);try{var iw=i.contentWindow.document;iw.open();iw.writeln("<ht"+"ml><bo"+"dy></bo"+"dy></ht"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("MarketGidScriptRootC571350");}var dv=iw[ce]('div');dv.id="MG_ID";dv[st][ds]=n;dv.innerHTML=571350;c[ac](dv); var s=iw[ce]('script');s.async='async';s.defer='defer';s.charset='utf-8';s.src="//jsc.marketgid.com/1/r/1.reg.ru.571350.js?t="+D.getYear()+D.getMonth()+D.getDate()+D.getHours();c[ac](s);})(); | ||
http://c7090.effete596.rsadvert.ru/script.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 15 Jan 2015 09:29:37 GMT Location: http://rsadvert.ru/script.js Server: nginx Content-Type: text/html | malicious |