What link is malware, well it is: -js.users.51.la/19058538.js
Where we saw it flagged: http://urlquery.net/report.php?id=1496927840089
Read here: https://security.stackexchange.com/questions/66729/what-does-this-javascript-file-do-is-this-a-virus
See: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fjs.users.51.la%2F19058538.js interaction with form.js
Errors in the adware malcode
error: undefined variable Image&
error: ./pre.js:249: TypeError: Image is not a constructor
line:6: TypeError: Image is not a constructorBecause object is overriding the default constructor! info credits StackOverflow’s Arun P. Johny.
Here the whole issue is not being flagged and could it be avast only detects in PUP-mode? Re:
https://www.virustotal.com/pl/url/745908ecd44047ca027312660baa17374d85c50ba512b3a929d545008919f1fe/analysis/1496957889/
Quttera detects further two suspicious files in -/templets/default/style/jquer.js with
Detected potentially suspicious initialization of function pointer to JavaScript method write __tmpvar257594717 = write;
No javascript errors there apparently.
Here an all green? → http://zulu.zscaler.com/submission/show/d420e4a29aeb5ea4ff50e0546967ff2d-1496958394
Two warnings here: https://asafaweb.com/Scan?Url=biggsuperstore.com We performed this scan as China is known as a Microsoft-IIS webserver mono-culture in this case two warnings - server info proliferation as the address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Microsoft-IIS/6.0
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.
polonus (volunteer website security analyst and website error-hunter)