Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on June 08, 2017, 11:52:17 PM
-
What link is malware, well it is: -js.users.51.la/19058538.js
Where we saw it flagged: http://urlquery.net/report.php?id=1496927840089
Read here: https://security.stackexchange.com/questions/66729/what-does-this-javascript-file-do-is-this-a-virus
See: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fjs.users.51.la%2F19058538.js interaction with form.js
Errors in the adware malcode error: undefined variable Image
error: ./pre.js:249: TypeError: Image is not a constructor
& line:6: TypeError: Image is not a constructor
Because object is overriding the default constructor! info credits StackOverflow's Arun P. Johny.
Here the whole issue is not being flagged and could it be avast only detects in PUP-mode? Re:
https://www.virustotal.com/pl/url/745908ecd44047ca027312660baa17374d85c50ba512b3a929d545008919f1fe/analysis/1496957889/
Quttera detects further two suspicious files in -/templets/default/style/jquer.js with Detected potentially suspicious initialization of function pointer to JavaScript method write <code> __tmpvar257594717 = write; <code/>
No javascript errors there apparently.
Here an all green? -> http://zulu.zscaler.com/submission/show/d420e4a29aeb5ea4ff50e0546967ff2d-1496958394
Two warnings here: https://asafaweb.com/Scan?Url=biggsuperstore.com We performed this scan as China is known as a Microsoft-IIS webserver mono-culture in this case two warnings - server info proliferation as the address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Microsoft-IIS/6.0
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.
polonus (volunteer website security analyst and website error-hunter)