Kaspersky
Solved

not-a-virus:HEUR:AdWare.Script.Pusher.gen, cdn.siteswithcontent.com/js/push

  • 16 March 2021
  • 8 replies
  • 1711 views

Trying to read a manga site I have used for years, I use adblockplus and kaspersky web protection. When I clicked the main page I get these two events.

 

 

Event: Download denied
User: DESKTOP-6JBFB3M\Tom
User type: Active user
Application name: firefox.exe
Application path: C:\Program Files\Mozilla Firefox
Component: Web Anti-Virus
Result description: Blocked
Type: Contains adware, auto-dialers, legitimate software that can be used by criminals to damage your computer or personal data
Name: not-a-virus:HEUR:AdWare.Script.Pusher.gen
Precision: Partially
Threat level: Medium
Object type: File
Object name: subscribe.js?v=1.1.0
Object path: https://cdn.siteswithcontent.com/js/push
MD5: 189F6DDD0A08DD184BFE6CD4082874BF
Reason: Expert analysis
Databases release date: Yesterday, 15/03/2021 04:35:00

 

and

 

Event: Detected legitimate software that can be used by intruders to damage your computer or personal data
User: DESKTOP-6JBFB3M\Tom
User type: Active user
Application name: firefox.exe
Application path: C:\Program Files\Mozilla Firefox
Component: Web Anti-Virus
Result description: Detected
Type: Contains adware, auto-dialers, legitimate software that can be used by criminals to damage your computer or personal data
Name: not-a-virus:HEUR:AdWare.Script.Pusher.gen
Precision: Partially
Threat level: Medium
Object type: File
Object name: subscribe.js?v=1.1.0
Object path: https://cdn.siteswithcontent.com/js/push
MD5: 189F6DDD0A08DD184BFE6CD4082874BF
Reason: Expert analysis
Databases release date: Yesterday, 15/03/2021 04:35:00

 

 

Is this just a bad ad that was blocked by adblockplus and reported by kaspersky?
Scanned everything multiple times afterwards and found nothing.

icon

Best answer by Wesly.Zhang 17 March 2021, 09:19

Hello,

It is a push adv from google services: firebase

https://cdn.siteswithcontent.com/js/push/subscribe.js?v=1.1.0

You will open a js file. Its function is create a img object and inject a script in the webpage.

If you understand the function of this script and try to access the following url:

https://www.siteswithcontent.com/firebase-messaging-sw.js

Let’s follow the import scripts url to

https://cdn.siteswithcontent.com/js/push/news-siteswithcontent-sw.js?v=3

Some interesting strings list in your eyes. OK, this case is closed.

Regards.

View original

This topic has been closed for comments

8 replies

Userlevel 7
Badge +8

@animeglar Welcome.

Please submit the suspicious link here https://opentip.kaspersky.com
and ask for “Reanalyze”

When I try I get a error messege.

“ An error occurred while sending the object for re-validation. Please try again later. “

Userlevel 7
Badge +8

@animeglar Please submit a request to Kaspersky Technical Support.

What should I say?

Userlevel 7
Badge +8

@animeglar

Please copy/paste your original Post in your request :
https://my.kaspersky.com/techsupport#/requests/new

Alright, done, thanks for the help.

Userlevel 7
Badge +4

Hello,

It is a push adv from google services: firebase

https://cdn.siteswithcontent.com/js/push/subscribe.js?v=1.1.0

You will open a js file. Its function is create a img object and inject a script in the webpage.

If you understand the function of this script and try to access the following url:

https://www.siteswithcontent.com/firebase-messaging-sw.js

Let’s follow the import scripts url to

https://cdn.siteswithcontent.com/js/push/news-siteswithcontent-sw.js?v=3

Some interesting strings list in your eyes. OK, this case is closed.

Regards.

Glad there is nothing to worry about, thanks.