generic_javascript_obfuscation in www.cpclips.com

On 2019-05-12T22:19:17.112271+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.cpclips.com/

The suspicious code sample:

b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b"'GoogleAnalyticsObject'" … b"'getElementsByTagName'" … b"'stopImmediatePropagation'" … b"'clearTimeoutIGhhcyBub3QgYmVlbiBkZWZpbmVk'" … b"'removeQWxsTGlzdGVuZXJz'" … b"'getExtentionDialyUrl'" … b"'removeRXZlbnRMaXN0ZW5lcg=='" … b"'getBoundingClientRect'" … b"'zfgloadedinterstitial'" … b"'objectLCBpZnJhbWUsIGVtYmVkLCB2aWRlbywgYXVkaW8='" … b"'returnIChmdW5jdGlvbigpIHt9LmNvbnN0cnVjdG9yKCJyZXR1cm4gdGhpcyIpKCApKTs='" … b"'q1sb7peiYj0qz9dwz1kalWnmnw7cj3Atm5hzan2Z0yn5uateXwhb4fw64Cbmhajc8hQhbybcahoJehnqd7hpMpta5uwjm'" … b"'vtlU153Ni7sAvpDj2htrGpezhlHvtlRj1U7hlBoja'" … b"'l22L24rE8g9T3zglmCqe5MxmMl22RrekC6k35Gesr'"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!