thefrnd Posted June 7, 2023 ID:1570990 Share Posted June 7, 2023 I have a simple asp.net website. Recently, I have noticed it adds one div with an anchor tag to an external. I have also noticed another link of apparent jQuery file from a thirdparty site that obviously is not a jQuery at all. So when clicked anywhere on my site - another tab is opened to redirect to the third party site. I have checked within the code for any clue of the urls that are being added - with no luck. Following are the suspicious div and url. Will be much appreciated if anyone can suggest anything - how it is being injected or how I can find it ? <div id="div642028" style="width: 100%; height: 100%; position: fixed; left: 0px; top: 0px; z-index: 99999999;"><a href="http://c822c1b63853ed273b89687ac505f9fa.onepro.club/redirect?u=aHR0cHM6Ly91cy51c2FkYXkuYml6Lz91dG1fbWVkaXVtPTYyMTQ0MzY3OGNlNzI1YzE1NjkxMjgzMTdlNDA3ZDg4ODI2NWVkZGUmdXRtX2NhbXBhaWduPW15Y2Ft" target="_blank" style="display: block; width:100%; height: 100%; cursor: default"></a></div> https://abu.usaday.biz/jquery-3.6.0.min.js I can see some reference for these urls as potential malware reporting : Ref: https://www.virustotal.com/gui/url/5bf7d472c484efae33e45e33373c06cf515508afa7f76782d5016cd1fc8f0df3/detection https://www.virustotal.com/gui/url/6ab9b7111a9015aec417d92de6b93c659230f25db64e479fdc14f4676fc6f081/community https://hybrid-analysis.com/sample/957448b513c4403ae13f7d0d6c19c70f13c92a1f9664e41f39521dd51e80adda Link to post Share on other sites More sharing options...
Porthos Posted June 7, 2023 ID:1570991 Share Posted June 7, 2023 We do not do website cleanup at Malwarebytes. There are services for that. For example, https://sucuri.net/ Link to post Share on other sites More sharing options...
thefrnd Posted June 7, 2023 Author ID:1570992 Share Posted June 7, 2023 @prothos: I think in my post I haven't made any request to clean up my website !! :) I asked for some expert advice so that I can detect how this code is being injected - and possibly how I can rectify it. Link to post Share on other sites More sharing options...
Porthos Posted June 7, 2023 ID:1570993 Share Posted June 7, 2023 2 minutes ago, thefrnd said: I asked for some expert advice so that I can detect how this code is being injected - and possibly how I can rectify it. That is not what we are here to do. This section is to assist home users to clean their infected systems. This entire forum is dedicated to the support of Malwarebytes products. Honesty you might find better free assistance here. https://www.bleepingcomputer.com/forums/f/38/web-site-development/ 2 Link to post Share on other sites More sharing options...
Recommended Posts