Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on December 16, 2018, 03:19:53 PM

Title: Adware injector detected...
Post by: polonus on December 16, 2018, 03:19:53 PM
See: https://urlquery.net/report/2b7f0110-25c3-4d5f-b776-91a8f8292e1c
re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LnZ6dW55Wy5eXW0%3D~enc
obfuscated script here: -http://www.vzunyi.com/js/jq.tj.js
DOM-XSS vulnerable uri with source = document.write and sink = src=.
Consider: https://www.virustotal.com/#/url/10edf5b018a31070f4500aecc5349ff1db46385ab0716009d5e08caa3d32d82b/detection
and https://www.virustotal.com/#/domain/js.users.51.la  and   https://www.virustotal.com/#/file/14d4d1ed759476408d043a819b5754394684ce1c7d81b304f05b0549b2c14465/detection
No flagged here: https://quttera.com/detailed_report/js.users.51.la -> https://check-host.net/check-dns?host=js.users.51.la
Generic malware detected on various occasions: https://www.maltiverse.com/hostname/js.users.51.la

polonus (volunteer website security analyst & website error-hunter)