Author Topic: Suspicious patterns found in cookie code link of Dutch newspaper...  (Read 1150 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Code for faster downloading on CDN between various cached sites using the same libraries.

Where we found it? -> https://webcookies.org/cookies/code.createjs.com/2375018
script for tweening and animation, made with Google Font API.

In this 5 instances of suspicious Canvas Fingerprinting detected.

Error inside code:
Quote
-code.createjs.com/createjs-2015.11.26.min.js
     status: (referer=http:/XXX/web?q=puppies)saved 190630 bytes 38f36c6ec32fd81b36696bde36649898fb851446
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [decodingLevel=0] found JavaScript
     error: undefined function console.log
     error: undefined function Object.defineProperty
     info: [element] URL=-code.createjs.com/undefined
     info: [1] no JavaScript
     file: 38f36c6ec32fd81b36696bde36649898fb851446: 190630 bytes
     file: 728f086527819cb673400ab973b2dca044e203e2: 300 bytes
Subclass. Throws an error when descriptor is a non-object.
called CreateElement canvas, .url element = undefined, that is all we know.

No vuln. libraries here: https://retire.insecurity.today/#!/scan/d6eb224edd9fb3673caacefaf2241ba1ba223ccfb5607a2bd8e4deebe79eb78e

polonus (volunteer website error-hunter)
« Last Edit: August 17, 2018, 10:51:37 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!