generic_javascript_obfuscation in seehall.net

On 2019-05-12T21:29:23.805812+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://seehall.net/?mp3-pesnya=LXE+%26+…

The suspicious code sample:

b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b"'getExtentionDialyUrl'" … b"'getBoundingClientRect'" … b"'zfgloadedinterstitial'" … b"'broadcastQ2FsbHNpZ24='" … b"'getElementsByTagName'" … b"'stopImmediatePropagation'" … b"'clearTimeoutIGhhcyBub3QgYmVlbiBkZWZpbmVk'" … b"'removeQWxsTGlzdGVuZXJz'" … b"'returnIChmdW5jdGlvbigpIHt9LmNvbnN0cnVjdG9yKCJyZXR1cm4gdGhpcyIpKCApKTs='" … b"'t474zrtbQkdk15eskJqd2mxcwjNwpe3te5aJ2ev4mcehOzkkjn9eiNaw7y4ygfT8u72r70hMeqqilg2mOsw83naev'" … b"'yw0VfypZsgQgwiI44MskiG9m7UfypCla7Pgwi'" … b"'vteJ15wK7eapyHmnxlUj5eMphwGvteWi5zU7heWdtw'" … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK0VkaXNvbislRDAlOTclRDAlQjAlRDAlQjIlRDAlQjglRDElODElRDAlQjglRDAlQkMrUEVQU0lVWk5FVA"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK0VESVNPTislRDAlOTclRDAlQjAlRDAlQkMlRDAlQjUlRDAlQkIlRDAlQjArc25pcHBldA"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCU5QyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFJTJDK0VESVNPTislRDAlQUYlRDAlQjQlRDAlQjAlRDAlQkMlRDAlQjgrJTVCYmFzcw"' … b'"JTNGTFhFJTJDRURJU09OJTNGKyslRDAlOTclRDAlQjAlRDAlQkMlRDAlQjUlRDAlQkIlRDAlQjBCYXNzQm9vc3RlZCtCeQ"' … b'"TFhFK2ZlYXQrJUQwJTk3JUQwJUIwJUQwJUJDJUQwJUI1JUQwJUJCJUQwJUIwKyVEMCU5RCVEMCVCRSVEMCVCMiVEMCVCOCVEMCVCRCVEMCVCQSVEMCVCMA"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCU5QyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK2ZlYXQrJUQwJTlGJUQxJThDJUQxJThGJUQwJUJEJUQxJThCJUQwJUI5KyVEMCVCRiVEMSU4QyVEMSU4RiVEMCVCRCVEMSU4QiVEMCVCOQ"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK2ZlYXQrJUQwJTk0JUQwJUI1JUQxJTgwJUQwJUI2JUQwJUI4JTJDKyVEMCU5RCVEMCVCNQ"' … b'"TFhFK2ZlYXQrJUQwJUFGJUQwJUI0JUQwJUIwJUQwJUJDJUQwJUI4Kw"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"Karen+Voskanyan+LXE+feat"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"TFhFK2ZlYXQrJUQwJTk3JUQwJUIwJUQwJUJDJUQwJUI1JUQwJUJCJUQwJUIwKyVEMCU5QyVEMCVCMCVEMSU4MCVEMSU4MyVEMSU4MSVEMSU4Rg"' … b'"TFhFK2ZlYXQrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"JTNGKyVEMCU5QSVEMCVCMCVEMCVCMiVEMCVCQSVEMCVCMCVEMCVCNyVEMSU4MSVEMCVCQSVEMCVCOCVEMCVCNStMWEUrZmVhdA"' … b'"NTBIeitMWEUrJUQwJTlFJUQwJUJEJUQwJUIwKyVEMCVCQyVEMCVCNSVEMCVCRCVEMSU4Rg"' … b'"JTNGJTVCQmFzcytNdXNpYytMWEUrZmVhdA"' … b'"TFhFK2ZlYXQrJUQwJUI3JUQwJUIwJUQwJUIxJUQxJThCJUQwJUJCJUQwJUIwKw"' … b'"JTNGJTNGJTNGQmFzcytNdXNpYyslM0ZMWEUrZmVhdA"'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!