Potentially Suspicious files Found

What is the name of the domain?

swha.online

What is the error number?

NA

What is the error message?

NA

What is the issue you’re encountering

Detected potentially suspicious initialization of function pointer to JavaScript method eval CcodeE __tmpvar1580733426 = eval; Ccode/E

What steps have you taken to resolve the issue?

Affected URL : https://swha.online

Steps Taken:

  1. I have manually cleared all caches from both the Cloudflare CDN and my web hosting service, but the error persists.
  2. Verify the path on the web hosting that could not be located.
  3. Additionally, utilize multiple malware scanners to ensure the site is secure.

Online malware scan using as below:

  1. https://scanner.pcrisk.com/detailed_report/swha.online#details
  2. VirusTotal

Remark: Please refer to attached images for details.

Note: I am the webmaster of the site.

Error:
/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8c8ba9c17f09a03d
Severity: Potentially Suspicious
Reason: Detected potentially suspicious initialization of function pointer to JavaScript method eval CcodeE __tmpvar1580733426 = eval; Ccode/E
Details: Detected potentially suspicious content.
Offset: 4859
Threat dump: View code
File size[byte]: 154280
File type: ASCII
MD5: 2F5DA21F8688B9E6492215BD1F36A56A
Scan duration[sec]: 6.576

File name: /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8c8ba9c17f09a03d
Code : [C(826),eP++);eQ=(0,eval)(gC(237)),eR=atob(gC(879)),fh=function(h7,d,e,f,g){return h7=gC,d={‘wfXuv’:h7(609),‘TtinZ’:function(h,i){return h(i)},‘vZEkL’:function(h,i){return h-i},‘dJsvQ’:function(h,i){return h(i)},‘juHfU’:function(h,i){return i|h},'xXGuC]]

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

Using the online malware scan links provided.

Screenshot of the error

The files detailed below have been detected by Quttera as potentially suspicious.

Please kindly assist which has also flagged in VirusTotal.com

Online scan by Quttera
Detected Potentially Suspicious Files
File name :/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8cbbcc8ae826dc95
Threat name: PS.SuspScript.gen
File type : ASCII
Reason: Detected potentially suspicious initialization of function pointer to JavaScript method eval CcodeE __tmpvar189149325 = eval; Ccode/E
Details: Detected potentially suspicious content.
Threat dump: [(1022),fY++);fZ=(0,eval)(gC(881)),g0=atob(gC(655)),eM[gC(1153)]=function(c){try{return gs(c)}catch(e){return gq(gr(c))}},gt=function(f,ja,g,h,i,j,k,l,m){for(ja=gC,g={},g[ja(455)]=function(n,s){return n%s},g[ja(981)]=function(n,s){return n+s},g[ja(1383]]
Threat MD5: 2083BCEE0DCED56AB4CF7670AEED15B5
File MD5: 7A81B194805CA4678B1A80EBFE5892EB

Online Verification sites link

Obfuscation might be an indication of malware but is not a signal strong enough to flag something as malicious.

The code snippets you shared are part of CFs bot protection, those files are obfuscated and the code is hard to read to make analyzing the bot protection harder, it’s not malware and all alerts related to those files can be dismissed.

1 Like

Could you please be possible reaching out to the relevant vendors, Bfore.Ai PreCrime and Quttera (virusutotal.com), to notify them about the false malware detection?

This update will ensure that all Cloudflare users can benefit from a smoother experience without causing an impact to their online reputation and credibility.

The steps you take will be greatly valued and appreciated by the Cloudflare community.