Scanned pages/files
Request | Server response | Status |
http://romeostudio.ru/ | 200 OK Content-Length: 13355 Content-Type: text/html | clean |
http://romeostudio.ru/str/offers.js | 200 OK Content-Length: 3020 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function showhide(id) { if(document.getElementById('text'+id).style.display=='none') { document.getElementById('indet'+id).innerHTML='Ñêðûòü òåêñò'; document.getElementById('text'+id).style.display='inline'; document.getElementById('indet'+id).style.background='url(/images/uparr.gif) right 2px no-repeat'; } else{ document.getElementById('indet'+id).innerHTML='Ïîäðîáíåå'; document.getElementById('text'+id).style.display='none'; document.getEl Antivirus reports:
| ||
http://romeostudio.ru/str/estim.js | 200 OK Content-Length: 3115 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function active(name,est){ document.getElementById(name+'1').className=''; document.getElementById(name+'2').className=''; document.getElementById(name+'3').className=''; document.getElementById(name+'4').className=''; document.getElementById(name+'5').className=''; for(i=1;i<=est;i++) { document.getElementById(name+i).className='act'; } } function clearest(name){ document.getElementById(name+'1').className=''; docume Antivirus reports:
| ||
http://romeostudio.ru/popup/popup.js | 200 OK Content-Length: 2930 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function work(id, width, height) { window.open('/popup/work.php?id='+id,'photo','(menubar=no,scrollbars=no,status=no, width='+width+', height='+height+')') } function master(id, width, height) { window.open('/popup/master.php?id='+id,'photo','(menubar=no,scrollbars=no,status=no, width='+width+', height='+height+')') } function photo(id, width, height) { window.open('/popup/photo.php?id='+id,'photo','(menubar=no,scrollbars=no,status=no, width='+width+', hei Antivirus reports:
| ||
http://romeostudio.ru/js/swfobject.js | 200 OK Content-Length: 11973 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var flashEnable = 0; if(typeof deconcept == "undefined") var deconcept = new Object(); if(typeof deconcept.util == "undefined") deconcept.util = new Object(); if(typeof deconcept.SWFObjectUtil == "undefined") deconcept.SWFObjectUtil = new Object(); deconcept.SWFObject = function(swf, id, w, h, ver, c, quality, xiRedirectUrl, redirectUrl, detectKey) { if (!document.getElementById) { return; } this.DETECT_KEY = detectKey ? detectKey : 'detectflash'; this.skipDetect = Antivirus reports:
| ||
http://romeostudio.ru/pages/8/ | 200 OK Content-Length: 25780 Content-Type: text/html | clean |
http://romeostudio.ru/pages/8/swfobject.js | 404 Not Found Content-Length: 351 Content-Type: text/html | clean |
http://romeostudio.ru/test404page.js | 404 Not Found Content-Length: 351 Content-Type: text/html | clean |
http://romeostudio.ru/pages/71/ | 200 OK Content-Length: 26395 Content-Type: text/html | clean |
http://romeostudio.ru/pages/71/swfobject.js | 404 Not Found Content-Length: 351 Content-Type: text/html | clean |
http://romeostudio.ru/pages/75/ | 200 OK Content-Length: 17141 Content-Type: text/html | clean |
http://romeostudio.ru/pages/75/swfobject.js | 404 Not Found Content-Length: 351 Content-Type: text/html | clean |
http://romeostudio.ru/pages/14/ | 200 OK Content-Length: 15389 Content-Type: text/html | clean |
http://romeostudio.ru/pages/14/swfobject.js | 404 Not Found Content-Length: 351 Content-Type: text/html | clean |
http://romeostudio.ru/pages/13/ | 200 OK Content-Length: 12442 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: romeostudio.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 13 Jan 2015 08:51:34 GMT
Pragma: no-cache
Server: DataPalm/3.5
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=fa4450b424ff2eb1d644c5bcd9f841bf; path=/
GET / HTTP/1.1
Host: romeostudio.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 13 Jan 2015 08:51:34 GMT
Pragma: no-cache
Server: DataPalm/3.5
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=fa4450b424ff2eb1d644c5bcd9f841bf; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: romeostudio.ru
Referer: http://www.google.com/search?q=romeostudio.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: romeostudio.ru
Referer: http://www.google.com/search?q=romeostudio.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=romeostudio.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://romeostudio.ru/
Result: romeostudio.ru is not infected or malware details are not published yet.
Result: romeostudio.ru is not infected or malware details are not published yet.