Question DSLreports- "Alien Script Detected" - Should I be Worried?

[The Guy From The Thing]

following up my previous question about the difference in Ethernet drivers, I decided to test my internet connection/speed using sites like Speedtest by Ookla, Fast.com, Testmynet.com, and DSLreports. I do not have any browser extensions


I've only done 1 DSLreports test, and I don't recall if this message was there or not, but it says "Warning: Alien Script Detected", like this:

https://imgur.com/a/iKkxaeO

View: https://imgur.com/a/iKkxaeO


(I just highlighted over the cookie, idrk if that's necessary but eh)


anyway, I decided to test to see if this message came up on Microsoft Edge since I was using Chrome. initially it didn't, but I refreshed the page and it appeared. I also brought the site up on my phone and on my family laptop, neither of which of course have Ethernet connections; both of which displayed the same message, saying there was Alien Script Detected

I asked my friend to check on his PC, but the website did not have the warning on his page. so this has greatly confused and scared me. I ran MalwareBytes and Windows Defender, but they didn't detect anything; I can still run the speed test on DSLreport, but the message is present'

is this something to worry about?

 

[Ralston18]

If you click that link "what is an alien script" what explanation, if any, is provided?

FYI:

http://www.dslreports.com/faq/17944...low,Malware - for example advertising malware

 

[The Guy From The Thing]

If you click that link "what is an alien script" what explanation, if any, is provided?

FYI:

http://www.dslreports.com/faq/17944#:~:text=If a warning appears below,Malware - for example advertising malware

https://imgur.com/a/FnPDxkW

View: https://imgur.com/a/FnPDxkW


that is pretty much what shows up; I had no antivirus other than Windows Defender active when I first saw this message

 

[Ralston18]

If Windows Defender did not find any problems I would expect that all is well.

What do you see if you click the link at the bottom of the warning?

This is what I saw:

" this is a minimal page.
If you 'Show Page Source' or 'View Page Source' it should have
html body meta title and pre tags, and no scripts either external or inline."

What site did you target for the speed test?

 

[The Guy From The Thing]

If Windows Defender did not find any problems I would expect that all is well.

What do you see if you click the link at the bottom of the warning?

This is what I saw:

" this is a minimal page.
If you 'Show Page Source' or 'View Page Source' it should have
html body meta title and pre tags, and no scripts either external or inline."

What site did you target for the speed test?

I also saw that "minimal page" thing, what you sent word for word is what I also saw. what do you mean by "what site did you target"?

also I inspected the source for the website, but I'm not exactly certain what it even meant by the "no scripts either external or inline" since I have no experience with source text like this. I see the words "function, download JSatonload", 'script' and '<javascript>' and stuff, but every source code I'm inspecting seems to have the script stuff

 

[Ralston18]

When the speed test was run what IP address was used?

For example Google (8.8.8.8 or 8.8.4.4) is commonly used.

There may be some other default site/IP address being used by the test. You may or may not have the option to change the target. ISP speed tests, for example, may target an ideal location to obtain more favorable results. Versus real world sites that most testers would use.

= = = =

The warnings flag the use of something that is not normally used or is otherwise unexpected in some manner.

Overall, java script is the biggest threat as I view it all. Followed by links that lead to some site with flashing warnings and "call us immediately to fix" pop-ups etc.. May pretend to be Microsoft. No "close" or "exit" buttons and may just loop and loop forcing end users to close the browser or even shutdown to escapte.

And you seem to be doing what should be done. Look at the scripts/code to learn more about them and what they are doing or may be attempting to do.

I understand "no scripts either external or inline" to mean that the page is indeed minimal.

Just enough code to present a page.

 

[The Guy From The Thing]

When the speed test was run what IP address was used?

For example Google (8.8.8.8 or 8.8.4.4) is commonly used.

There may be some other default site/IP address being used by the test. You may or may not have the option to change the target. ISP speed tests, for example, may target an ideal location to obtain more favorable results. Versus real world sites that most testers would use.

= = = =

The warnings flag the use of something that is not normally used or is otherwise unexpected in some manner.

Overall, java script is the biggest threat as I view it all. Followed by links that lead to some site with flashing warnings and "call us immediately to fix" pop-ups etc.. May pretend to be Microsoft. No "close" or "exit" buttons and may just loop and loop forcing end users to close the browser or even shutdown to escapte.

And you seem to be doing what should be done. Look at the scripts/code to learn more about them and what they are doing or may be attempting to do.

I understand "no scripts either external or inline" to mean that the page is indeed minimal.

Just enough code to present a page.

I’m not sure what the IP was but it kept pinging until ig it eventually “connected” to Tokyo (I’m in Australia)


I’m generally not sure what would be normal or unusual for the source code; I just know I saw the “download JSatload” stuff near the top, and occasionally on the way down, but idrk what that is

but in general, I of course didn’t click any of the ads on the site and I just reloaded the site if there was a popup. one thing that stood out to me when I was cross checking with the laptop is that the “Alien Script Detected” didn’t show up if I managed to load the website without the ad that appears on the top of the site

if that ad loaded in, I’d have the Alien Script warning there. even if the warning and ad was not present, the source code (at least the top areas) was pretty much the same on both devices

however, my friend loaded up the website on his phone, where he had no adblock active, and still didn’t get the Warning either. so I’m worried but…maybe it’s something to do with the ISP causing the site to generate the warning? considering it’s doing it on all my separate devices

 

[Ralston18]

Not likely the ISP.

Could be that your friend's phone was not vulnerable in some manner and there was no need to block the ad or whatever. Thus no warning.

Your devices being a desktop, family laptop, and phone - correct?

Your devices may have some common vulnerability; e.g.. browser(s) and you were thus warned. Something in the ad link or the ad itself depending on what was being pushed at your devices.

Albeit without the warning including more about the direct nature of the vulnerability or vulnerabillities involved.

Overall, as I understand the things you have done, nothing actually threatening was found.

Check for any cookies related to the website.

Completely block the website via the router if there is still concern.