Scanned pages/files
| Request | Server response | Status |
http://vanvovan2000@yahoo.com/ | HTTP/1.1 301 Redirect Cache-Control: no-store, no-cache Connection: keep-alive Date: Thu, 01 Jan 2015 23:52:37 GMT Via: http/1.1 ir40.fp.bf1.yahoo.com (ApacheTrafficServer) Location: https://www.yahoo.com/ Server: ATS Content-Language: en Content-Length: 1450 Content-Type: text/html | clean |
https://www.yahoo.com/ | 200 OK Content-Length: 303322 Content-Type: text/html | clean |
https://www.yahoo.com//ads.yahoo.com/imp?Z=120x45&i=1755620&S=3355465051&cb=1420156357.831446&P=${RS}|EztkfDk4LjHLKNb0wYEzFxjvNzguMVSl3cUAAAAA|2023538075|TL1|1420156357.831446|2-8-5|ysd|1&D=smpv%3d3%26ed%3dzxE1dF31xQzMnXQidpJpWNtPOVyg0bJDLmA-&pub_url=https%3a%2f%2fwww.yahoo.com/ | HTTP/1.1 404 Not Found Cache-Control: private Connection: close Date: Thu, 01 Jan 2015 23:52:40 GMT Via: http/1.1 usproxy1.fp.bf1.yahoo.com (ApacheTrafficServer), http/1.1 ir3.fp.ir2.yahoo.com (ApacheTrafficServer) Age: 0 Server: ATS Vary: Accept-Encoding Content-Type: text/html; charset=utf-8 P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: B=b7535kdaabne8&b=3&s=u5; expires=Sun, 01-Jan-2017 23:52:40 GMT; path=/; domain=.yahoo.com | clean |
https%3a%2f%2fwww.yahoo.com%2fads.yahoo.com%2fimp%3fz%3d120x45%26amp%3bi%3d1755620%26amp%3bs%3d3355465051%26amp%3bcb%3d1420156357.831446%26amp%3bp%3d%24%257brs%257d%257ceztkfdk4ljhlknb0wyezfxjvnzgumvsl3cuaaaaa%257c2023538075%257ctl1%257c1420156357.831446%257c2-8-5%257cysd%257c1%26amp%3bd%3dsmpv%253d3%2526ed%253dzxe1df31xqzmnxqidpjpwntpovyg0bjdlma-%26amp%3bpub_url%3dhttps%253a%252f%252fwww.yahoo.com%2f/ | 400 URL must be absolute Content-Length: 25 Content-Type: text/plain | clean |
http:///test404page.js | 500 No Host option provided Content-Length: 85 Content-Type: text/plain | clean |
https://s.yimg.com/rq/darla/2-8-5/js/g-r-min.js | 200 OK Content-Length: 157024 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. ...[800 bytes skipped]... 0992,aN=(aa*bd),az=2048,e=60000,g=/^(http\:|https\:|file\:|ftp\:)(?:\/)+([-\w\.]+)(\:\d+)?(([^\s\?#]*)(\?\S[^#]*)*(#\S*)*)/i,ae=/http\:|https\:|file\:|ftp:\:/gi,Z=/^(\.\.\/|\.\/|\/)/,n=/\S[^\?#]*/,al=/(^\.\.\/)/,ai=/(^\.\/)/,av=/(^\/)/,bi=/\:/g,y=/\./g,T=/^\d+/,j=0,ba=a6,aD=0,ag=0,ay=aM,m=aM,an=aM,t=aO&&aO.navigator,ak=(t&&t.userAgent)||a6,Q=aE[au].hasOwnProperty,H={img:{end:0,type:0},script:{end:1,type:1},style:{end:1,type:2},iframe:{end:1,type:3},object:{end:1,type:4},embed:{end:1,type:5},param:{end:0,type:6},video:{end:1,type:7},audio:{end:1,type:8},track:{end:0,type:9},source:{end:0,type:10},applet:{end:1,type:11},base:{end:0,type:12},link:{end:0,type:13},meta:{end:0,type:14},title:{end:1,type:15},html:{end:1,type:16},head:{end:1,type:17},body:{end:1,type:18},frameset:{end:1,type:19},frame:{end:0,type:20},doctype:{end:0,type:21},noscript:{end:1,type:22}},o="((?:\\s+[\\:\\-A-Za-z0-9_]+(?:\\s*=\\s*(?:(?:\\\"[^\\ ...[2482 bytes skipped]... Decoded script: function aJ(D) { aO(a6[bx][bH], a6[bx], Z, ar, ak, bm); aO(a6[bx][bH], a6[bx], Z, bL, aJ, bm); a8(a6, bT, aJ); an = ay; } function a(x) { g.listen(u, e, k); c.detach(e, "unload", a); e = t; } function () { var F = "DARLAdebug", cB = "hashchange", P = bh[bZ][bZ + "Mode"], L = ar() || aa, cA = a1.Dom; if (!B(L.valueOf())) { if ("on" + cB in bh &am ...[2117 bytes skipped]... | ||
https://s.yimg.com/zz/combo?nn/lib/metro/g/yui/yui-base_3.8.3.js | 200 OK Content-Length: 36658 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vanvovan2000@yahoo.com
Result:
HTTP/1.1 301 Redirect
Cache-Control: no-store, no-cache
Connection: keep-alive
Date: Thu, 01 Jan 2015 23:52:37 GMT
Via: http/1.1 ir40.fp.bf1.yahoo.com (ApacheTrafficServer)
Location: https://www.yahoo.com/
Server: ATS
Content-Language: en
Content-Length: 1450
Content-Type: text/html
...1450 bytes of data.
GET / HTTP/1.1
Host: vanvovan2000@yahoo.com
Result:
HTTP/1.1 301 Redirect
Cache-Control: no-store, no-cache
Connection: keep-alive
Date: Thu, 01 Jan 2015 23:52:37 GMT
Via: http/1.1 ir40.fp.bf1.yahoo.com (ApacheTrafficServer)
Location: https://www.yahoo.com/
Server: ATS
Content-Language: en
Content-Length: 1450
Content-Type: text/html
...1450 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: vanvovan2000@yahoo.com
Referer: http://www.google.com/search?q=vanvovan2000@yahoo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vanvovan2000@yahoo.com
Referer: http://www.google.com/search?q=vanvovan2000@yahoo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vanvovan2000@yahoo.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vanvovan2000@yahoo.com/
Result: vanvovan2000@yahoo.com is not infected or malware details are not published yet.
Result: vanvovan2000@yahoo.com is not infected or malware details are not published yet.