Scanned pages/files
| Request | Server response | Status |
http://www.yaa.su/ | 200 OK Content-Length: 21440 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. (function(){ var D=new Date(),d=document,b='body',ce='createElement',ac='appendChild',st='style',ds='display',n='none',gi='getElementById'; var i=d[ce]('iframe');i[st][ds]=n;d[gi]("MarketGidScriptRootC572220")[ac](i);try{var iw=i.contentWindow.document;iw.open();iw.writeln("<ht"+"ml><bo"+"dy>"+"dy>"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("MarketGidScriptRootC572220");}var dv=iw[ce]('div');dv.id="MG_ID";dv[st][ds]=n;dv.innerHTML=572220;c[ac](dv); var s=iw[ce]('script');s.async='async';s.defer='defer';s.charset='utf-8';s.src="//jsc.marketgid.com/2/y/2.yaa.su.572220.js?t="+D.getYear()+D.getMonth()+D.getDate()+D.getHours();c[ac](s);})(); | ||
http://www.yaa.su/js/jquery-1.8.3.min.js | 200 OK Content-Length: 93636 Content-Type: text/javascript | clean |
http://www.yaa.su/js/bootstrap.min.js | 200 OK Content-Length: 26898 Content-Type: text/javascript | clean |
http://www.yaa.su/js/main.js | 200 OK Content-Length: 2074 Content-Type: text/javascript | clean |
http://s7.addthis.com/js/250/addthis_widget.js | 200 OK Content-Length: 10816 Content-Type: text/javascript | clean |
http://pr.metabar.ru/sitebar.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 05 Mar 2015 03:00:10 GMT Location: http://cdn.metabar.ru/toolbar/download/pr/page/sitebar.js Server: nginx/1.2.1 Content-Type: text/html | clean |
http://cdn.metabar.ru/toolbar/download/pr/page/sitebar.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://cdn.metabar.ru/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://code.directadvert.ru/show.cgi?adp=212775&div=DIV_DA_212775 | 200 OK Content-Length: 1043 Content-Type: application/x-javascript | clean |
http://tv.cmlt.tv/js/informer/2078/2078.js | 200 OK Content-Length: 6921 Content-Type: text/javascript | clean |
http://tv.cmlt.tv/js/informer/informerSelChan.js?encoding=windows-1251 | 200 OK Content-Length: 2085 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yaa.su
Result:
GET / HTTP/1.1
Host: yaa.su
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: yaa.su
Referer: http://www.google.com/search?q=yaa.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yaa.su
Referer: http://www.google.com/search?q=yaa.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yaa.su
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://yaa.su/
Result: yaa.su is not infected or malware details are not published yet.
Result: yaa.su is not infected or malware details are not published yet.