Jump to content

FP? Can you remove or give more details?


RayLP
Go to solution Solved by BjelakovicL,

Recommended Posts

For Malwarebytes staffers:

Trojan.JS.Redir.gen.94 might be detected in 11 JavaScript files.

https://quttera.com/detailed_report/www.art-mind.shop

https://www.abuseipdb.com/check/23.227.38.32

https://www.phishtank.com/phish_detail.php?phish_id=8151445

MBG: Website Blocked: www.art-mind.shop

v2.6.10 | Riskware: 2.0.202309141321

 

Edited by 1PW
Link to post
Share on other sites

We identified the reason and removed the code - it is a very bad attempt to trick page speed performance tools like Google Lighthouse. It checks if such a performance tool is accessing the page and delivers only header and footer then, no other page content, which of course has a huge impact on speed score then...

Thanks all for your hints!

https://guides.magefix.com/2022/01/shopify-speed-optimization-scam/

Link to post
Share on other sites

  • Staff

Hi,

The suspicious code is still present on the site.

[[var _0xb950=["\x73\x74\x61\x72\x74\x61\x73\x79\x6E\x63\x6C\x6F\x61\x64\x69\x6E\x67","\x6C\x69\x6E\x6B","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x6C\x65\x6E\x67\x74\x68","\x64\x61\x74\x61\x2D\x68\x72\x65\x66","\x67\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x68\x72\x65\x66","\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x64\x61\x74\x61\x73\x65\x74","\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72"];document[_0xb950[9]](_0xb950[0],function(){var _0x10b6x1=document[_0xb950[2]](_0xb950[1]);for(i= 0;i< _0x10b6x1[_0xb950[3]];i++){if(_0x10b6x1[i][_0xb950[5]](_0xb950[4])!== null){_0x10b6x1[i][_0xb950[7]](_0xb950[6],_0x10b6x1[i][_0xb950[5]](_0xb950[4]));]]
Link to post
Share on other sites

sorry to ask dumb questions - just to be sure..

Did you reload the page Cmd+F5? Because if I check the source of the page now, I can not find that snippet anymore.
Or, otherwise, could you give me the exact URL where you still found it?

Thx!

53 minutes ago, BjelakovicL said:

Hi,

The suspicious code is still present on the site.

[[var _0xb950=["\x73\x74\x61\x72\x74\x61\x73\x79\x6E\x63\x6C\x6F\x61\x64\x69\x6E\x67","\x6C\x69\x6E\x6B","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x6C\x65\x6E\x67\x74\x68","\x64\x61\x74\x61\x2D\x68\x72\x65\x66","\x67\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x68\x72\x65\x66","\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x64\x61\x74\x61\x73\x65\x74","\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72"];document[_0xb950[9]](_0xb950[0],function(){var _0x10b6x1=document[_0xb950[2]](_0xb950[1]);for(i= 0;i< _0x10b6x1[_0xb950[3]];i++){if(_0x10b6x1[i][_0xb950[5]](_0xb950[4])!== null){_0x10b6x1[i][_0xb950[7]](_0xb950[6],_0x10b6x1[i][_0xb950[5]](_0xb950[4]));]]

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.