thecoli virus? Keeps asking me if I want to download some sh

[SheWantTheD]

On my iPhone only on thecoli I keep getting a pop-up asking "Do you want to download "f.txt.js"?

I'm not getting it on any other sites.

Y'all need to fix y'all shyt!

 

[TEH]

Send me your banking details and I’ll fix that right away for you.

 

[Gold]

Do not run any unauthorized javascript (.js) files!

But currently there is an issue with this site. If you want a high level technical breakdown, certain site cookies (will determine which later) are being passed through the header of the Get from certain browsers.

This is happening because the server is requesting these cookies incorrectly in the Post. This leads to a header being far too large and the Get being denied by the sever.

When this happens, the sever just routes you to pre-created error page and your traffic stops.

If any of you have seen a "Cookie too large/header too large/Cookie not set" error, that is what this.

If you the exact details I can do that when i get home. I often troubleshoot this website when im bored cuz its riddled with small issues

 

[SheWantTheD]

Do not run any unauthorized javascript (.js) files!

But currently there is an issue with this site. If you want a high level technical breakdown, certain site cookies (will determine which later) are being passed through the header of the Get from certain browsers.

This is happening because the server is requesting these cookies incorrectly in the Post. This leads to a header being far too large and the Get being denied by the sever.

When this happens, the sever just routes you to pre-created error page and your traffic stops.

If any of you have seen a "Cookie too large/header too large/Cookie not set" error, that is what this.

If you the exact details I can do that when i get home. I often troubleshoot this website when im bored cuz its riddled with small issues

Naw I'm not getting that error message/pop-up, the error message/pop-up I'm getting is the one I posted in the OP.

"Do you want to download "f.txt.js"?

 

[Gold]

Naw I'm not getting that error message/pop-up, the error message/pop-up I'm getting is the one I posted in the OP.

"Do you want to download "f.txt.js"?

When i get home ill pull that js file and read through it.

 

[Jacaveli The Don]

Throw your phone in a river RIGHT NOW

 

[ROFL_GUY]

 

[Don'tCallMeLuckyB]

On my iPhone only on thecoli I keep getting a pop-up asking "Do you want to download "f.txt.js"?

I'm not getting it on any other sites.

Y'all need to fix y'all shyt!

Download it breh, I did and my reps jumped something crazy. A gift from Brooklyn

 

[BaggerofTea]

When i get home ill pull that js file and read through it.

XSS?, But I have never encountered those errors on my personal device.

One if OPs browser is hijacked

 

[SheWantTheD]

Download it breh, I did and my reps jumped something crazy. A gift from Brooklyn

Bet

 

[Leao2005]

I used to get too

 

[Gold]

XSS?, But I have never encountered those errors on my personal device.

One if OPs browser is hijacked

Yeah it could be cross-site script trying to run in thecoli's frame. That actually makes alot of sense since we do sideload outside scripts for our advertisements.

But the script should run within the security confines of its frame and should be compiled by OP's browser's JIT engine. If it asks to download, its not running. Usually means that its a foreign MIME type (which its clearly not), or the creator of the script does not want it to run in the security confines of your browsers frame.... they want it to run as a standalone script on your pc/phone with your admin privileges

 

[Gold]

Download it breh, I did and my reps jumped something crazy. A gift from Brooklyn

 

[Gold]

Okay just got home, loaded up Devtools and went through many different coli pages to see if I ever load a "f.txt.js"
Never did.

Took a Fiddler trace of traffic to see if there ever any request to download/load "f.txt.js". There were none.

Is there a particular page or action that triggers this OP? Maybe I can focus on that page instead.


But this likely means that its cross-scripted from elsewhere. For example, take a look at this.

Just from loading this very page, we are getting scripting/images from all of these places.
Google, Amazon, twitter, etc.

It is very possible the f.txt.js did not originate from TheColi.com, and is cross-site injected (like @BaggerofTea mentioned).

If it originated from TheColi.com, we would all be able to see it, unless you are doing something special to request from the server that we are not