Yandex marked site and Adguard tells to be cautious!

See: http://killmalware.com/ya3ale.com/#
Infested with JiangminTrojan/Script.Gen aka eSafeJS.ISTBAR.cn
Flagged once only here: https://www.virustotal.com/nl/url/88a392a09a7cb45e7c9ef71b76719d30df74be3ca15f86966eaf3635716e9ac1/analysis/
Blaclisted by Quttera’s: http://quttera.com/labs-data-url/ya3ale.com

Scan for: http://ya3ale.com
Hostname: ya3ale.com
IP address: 192.99.45.212

System Details:
Running on: nginx
Powered by: PHP/5.3.28
Cached from: Backend

Web application details:
Application: vBulletin 3.8.7 - http://www.vbulletin.com/
Running cPanel 11.44.1.18: ya3ale.com:2082

Web application version:
vBulletin 3.8.7

Vulnerabilities http://www.saintcorporation.com/cgi-bin/demo_tut.pl?tutorial_name=vBulletin_vulnerabilities.html
combined with http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/PHP-PHP.html

A remote attacker could execute arbitrary PHP script, execute SQL queries, obtain potentially sensitive information, or launch a cross-site scripting attack.

IP badness history: https://www.virustotal.com/nl/ip-address/192.99.45.212/information/

polonus

Time to do some checks:
iFrame check:
Suspicious

htxp://www.dr-24.net’
htxp://www.elso9.biz’
htxp://www.elso9.com’

Javascript check:Suspicious

script type=“text/javascript”>document.write(unescape(“%3cscript src=%27htxp://s10.histats.com/js15.js%27 type=%27text/javascript%27%3e%3c/script%3e”)); <a href="http://w

404 error check:
Suspicious

Suspicious 404 Page:
document.write(unescape(“%3cscript src=%27htxp://s10.histats.com/js15.js%27 type=%27text/javascript%27%3e%3c/script%3e”)

External link check - htxp://www.histats.com/ going there was blocked bby an extension for me.

Verdict - site suspicious. Not blocked by avast!

pol