Scanned pages/files
Request | Server response | Status |
http://secretdet.com.ua/ | 200 OK Content-Length: 45615 Content-Type: text/html | clean |
http://secretdet.com.ua/media/system/js/caption.js | 200 OK Content-Length: 6830 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://secretdet.com.ua/plugins/content/rusbuttons/odkl_share.js | 200 OK Content-Length: 5533 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (!window.ODKL) { ODKL = {};} if (!ODKL.P) { ODKL.P = { w : 565, h : 350, l : (screen.width/2)-(this.w/2), t : (screen.height/2)-(this.h/2), share_host : 'www.odnoklassniki.ru' }; } if (!ODKL.Share) { ODKL.Share = function(el){ if (el.tagName.toLowerCase() != "a") {return ;} var url = 'http://'+ODKL.P.share_host+'/dk?st.cmd=addShare&st._surl='+encodeURIComponent(el.h Antivirus reports:
| ||
http://secretdet.com.ua/modules/mod_lofpiecemaker/assets/swfobject/swfobject.js | 200 OK Content-Length: 15087 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLowerCase(),ae=Y?/win/.test(Y):/win/.test(ah),ac= Antivirus reports:
| ||
http://secretdet.com.ua/plugins/content/thickbox/includes/smoothbox.js | 200 OK Content-Length: 17849 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var homepath=""; window.addEvent('domready', TB_init); TB_WIDTH = 0; TB_HEIGHT = 0; var TB_doneOnce = 0 ; function TB_init(){ $$("a.smoothbox").each(function(el){el.onclick=TB_bind}); } function TB_bind(event) { var event = new Event(event); event.preventDefault(); this.blur(); var caption = this.title || this.name || ""; var caption = this.name || ""; var group = this.rel || false; TB_show(caption, this.href, group); Antivirus reports:
| ||
http://secretdet.com.ua/plugins/content/thickbox/includes/slimbox.js | 200 OK Content-Length: 11940 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Lightbox = { init: function(options){ this.options = $extend({ resizeDuration: 400, resizeTransition: false, initialWidth: 250, initialHeight: 250, animateCaption: true, showCounter: true }, options || {}); this.anchors = []; $each(document.links, function(el){ if (el.rel && el.rel.test(/^lightbox/i)){ el.onclick = this.click.pass(el, this); this.anchors.push(el); } }, this); Antivirus reports:
| ||
http://secretdet.com.ua/templates/jvgallery/jv_menus/jv_moomenu/jv.moomenu.js | 200 OK Content-Length: 8297 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var subnav = new Array();
Element.extend( { doActive: function () { this.className+='hover'; }, doDeactive: function () { this.className=this.className.replace(new RegExp("hover\\b"), ""); }, hide: function(timeout) { this.status = 'hide'; clearTimeout (this.timeout); if (timeout) { this.timeout = setTimeout (this.animation.bind(this), timeout); }else{ t Antivirus reports:
| ||
http://secretdet.com.ua/templates/jvgallery/js/jv.script.js | 200 OK Content-Length: 12557 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var siteurl = ''; function fixIEPNG(el, bgimgdf, sizingMethod, type, offset){ var objs = el; if(!objs) return; if ($type(objs) != 'array') objs = [objs]; if(!sizingMethod) sizingMethod = 'crop'; if(!offset) offset = 0; var blankimg = siteurl + 'images/blank.png'; objs.each(function(obj) { var bgimg = bgimgdf; if (obj.tagName == 'IMG') { if (!bgimg) bgimg = obj.src; if (!(/\.png$/i).test(bgimg) || (/blank\.png$/i).test(bgimg)) re Antivirus reports:
| ||
http://secretdet.com.ua/templates/jvgallery/js/jvswitchwidth.js | 200 OK Content-Length: 6364 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Fx.Morph = Fx.Styles.extend({
start: function(className){ var to = {}; $each(document.styleSheets, function(style){ var rules = style.rules || style.cssRules; $each(rules, function(rule){ if (!rule.selectorText.test('\.' + className + '$')) return; Fx.CSS.Styles.each(function(style){ if (!rule.style || !rule.style[style]) return; var ruleStyle = rule.style[style]; to[style] = (style.test(/col Antivirus reports:
| ||
http://secretdet.com.ua/templates/jvgallery/js/lytebox.js | 200 OK Content-Length: 44441 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Array.prototype.removeDuplicates = function () { for (var i = 1; i < this.length; i++) { if (this[i][0] == this[i-1][0]) { this.splice(i,1); } } }
Array.prototype.empty = function () { for (var i = 0; i <= this.length; i++) { this.shift(); } } String.prototype.trim = function () { return this.replace(/^\s+|\s+$/g, ''); } function LyteBox() { this.theme = 'grey'; this.hideFlash = true; this.outerBorder = true; this.resizeSpeed = 8; this.m Antivirus reports:
| ||
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12388 Content-Type: application/javascript | clean |
http://secretdet.com.ua//plugins/system/u24/lytebox/3.22/lytebox.original.js/ | 404 Not Found Content-Length: 332 Content-Type: text/html | clean |
http://secretdet.com.ua/test404page.js | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
http://secretdet.com.ua/modules/mod_simple_video_flash_player/jwplayer.js | 200 OK Content-Length: 116350 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof jwplayer=="undefined"){var jwplayer=function(a){if(jwplayer.api){return jwplayer.api.selectPlayer(a)}};var $jw=jwplayer;jwplayer.version="5.6.1768";(function(b){b.utils=function(){};b.utils.typeOf=function(d){var c=typeof d;if(c==="object"){if(d){if(d instanceof Array){c="array"}}else{c="null"}}return c};b.utils.extend=function(){var c=b.utils.extend["arguments"];if(c.length>1){for(var e=1;e<c.length;e++){for(var d in c[e]){c[0][d]=c[e][d]}}return c[0]}return null};b.utils.clone= Antivirus reports:
| ||
http://secretdet.com.ua//platform.twitter.com/widgets.js/ | 404 Not Found Content-Length: 1810 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: secretdet.com.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 15 Aug 2014 16:03:24 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 15 Aug 2014 16:03:24 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 37c57db734cbf165dd1f26d66403aec2=ch3l595q98fh0t3upo8tt57i22; path=/
Set-Cookie: jvgallery_tpl=jvgallery; expires=Wed, 05-Aug-2015 16:03:24 GMT; path=/
X-Powered-By: PHP/5.4.4-14+deb7u5
GET / HTTP/1.1
Host: secretdet.com.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 15 Aug 2014 16:03:24 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 15 Aug 2014 16:03:24 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 37c57db734cbf165dd1f26d66403aec2=ch3l595q98fh0t3upo8tt57i22; path=/
Set-Cookie: jvgallery_tpl=jvgallery; expires=Wed, 05-Aug-2015 16:03:24 GMT; path=/
X-Powered-By: PHP/5.4.4-14+deb7u5
Second query (visit from search engine):
GET / HTTP/1.1
Host: secretdet.com.ua
Referer: http://www.google.com/search?q=secretdet.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: secretdet.com.ua
Referer: http://www.google.com/search?q=secretdet.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=secretdet.com.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://secretdet.com.ua/
Result: secretdet.com.ua is not infected or malware details are not published yet.
Result: secretdet.com.ua is not infected or malware details are not published yet.