- Jun 6, 2023
I have a simple asp.net website. Recently, I have noticed it adds one div with an anchor tag to an external. I have also noticed another link of apparent jQuery file from a thirdparty site that obviously is not a jQuery at all. So when clicked anywhere on my site - another tab is opened to redirect to the third party site. I have checked within the code for any clue of the urls that are being added - with no luck. Following are the suspicious div and url. Will be much appreciated if anyone can suggest anything - how it is being injected or how I can find it ?
<div id="div642028" style="width: 100%; height: 100%; position: fixed; left: 0px; top: 0px; z-index: 99999999;"><a href="hxxp: //c822c1b63853ed273b89687ac505f9fa .onepro .club/redirect?u=aHR0cHM6Ly91cy51c2FkYXkuYml6Lz91dG1fbWVkaXVtPTYyMTQ0MzY3OGNlNzI1YzE1NjkxMjgzMTdlNDA3ZDg4ODI2NWVkZGUmdXRtX2NhbXBhaWduPW15Y2Ft" target="_blank" style="display: block; width:100%; height: 100%; cursor: default"></a></div>
hxxps ://abu.usaday .biz/jquery-3.6.0.min.js[/CODE I can see some reference for these urls as potential malware reporting : Ref: [URL]https://www.virustotal.com/gui/url/5bf7d472c484efae33e45e33373c06cf515508afa7f76782d5016cd1fc8f0df3/detection[/URL] [URL]https://www.virustotal.com/gui/url/6ab9b7111a9015aec417d92de6b93c659230f25db64e479fdc14f4676fc6f081/community[/URL] [URL]https://hybrid-analysis.com/sample/957448b513c4403ae13f7d0d6c19c70f13c92a1f9664e41f39521dd51e80adda[/URL]
Last edited by a moderator: