Here you see the scan of the redirect that alerted content:
https://quttera.com/detailed_report/gta5mod.netThis code appears to be a mix of JavaScript obfuscation techniques, including:
Function wrappers
Base64 encoding
Use of unnamed variables and functions
These techniques make it challenging for anti-malware engines to accurately detect the malware's intent. However, experienced analysts and specialised tools can still identify the malicious behaviour and reverse-engineer the code.
In summary, the detection of PS.SuspScript.gen is likely due to the presence of suspicious JavaScript code that uses various obfuscation techniques to evade detection. The redirect behavior detected by Avast suggests that the file is designed to execute scripts or redirect users to another website, which can be classified as malicious.
jquery-migrate (version 3.4.1): jQuery Migrate is a library that helps bridge the gap between different versions of jQuery
by providing a compatibility layer.
However, older versions of jQuery Migrate (like 3.4.1) may have known vulnerabilities or security issues.
It's recommended to update to a newer version of jQuery Migrate to ensure you're getting the latest security patches.
As for the jQuery library (version 3.7.1), it's a widely used JavaScript library for handling HTML document traversing.
manipulation, and event handling. While it's a reputable library, older versions may have known vulnerabilities or security issues.
It's always a good idea to keep your libraries up-to-date to ensure you're getting the latest security patches.
These findings might be contributing to the detection of PS.SuspScript.gen, especially if they're not properly configured
or are being used in conjunction with other malicious code.
I recommend reviewing that site's JavaScript code and ensuring that all libraries
are up-to-date and properly configured to minimise the risk of security issues.
Even in the cloud and behind CloudFlare's protection.
pol