PS.SuspScript.gen found on one of the servers in Columbia ba third-party scannery

Answer these questions to help the Community help you with Security questions.

What is the domain name?

Have you searched for an answer?
Yes

Please share your search results url:
[Google]

When you tested your domain using the [Cloudflare Diagnostic Center], what were the results?
404

Describe the issue you are having:
Potential malware inside the Rocket Loader:

What error message or number are you receiving?
[Potentially Suspicious files: 1]

What steps have you taken to resolve the issue?

1. Search for the file

Was the site working with SSL prior to adding it to Cloudflare?
Yes

What are the steps to reproduce the error:

1. Scan it

Have you tried from another browser and/or incognito mode?
N/A

Please attach a screenshot of the error:

Have you confirmed this with another scanning service?

No. The only search results for this file all from the same scanning website, Quttera.

False positive?

So the tool thinks there is an issue in Cloudflare’s Managed Challege code which intended to be difficult for automated tools like bots to bypass?

If the vendor believes they have found actual malicious code they can submit a vulnerability to Cloudflare’s public VDP. More likely it is a false positive.

The scan is simply notifying that a file has the capability to load dynamic code using the “eval” function. This is not unusual with CF products and can be disregarded safely. Other features from CF, such as bot management, may also use this function.

The scan marks this capability as suspicious because, in the past, malware has taken advantage of this technique, which could lead to infections if the “eval” function is utilized by untrustworthy sources.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.