generic_javascript_obfuscation in suhunsoo.uk

On 2019-05-12T22:27:06.236672+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://suhunsoo.uk/ajax/dropzone/9.05.…

The suspicious code sample:

b'atob' … b'atob' … b'atob' … b'atob' … b'atob' … b'"promiseOrFailByTimeout"' … b'"getIframeStyleByPosition"' … b'"checkCappingAndFrequency"' … b'"notificationsDelaySHR0cA=="' … b'"createIframeConfirmAndAskPermissions"' … b'"mobileVPositionWm9uZQ=="' … b'"desktopXPositionZone"' … b'"iframeRG9jIGlzIG5vdCByZWFkeSA6KA=="' … b'"c2tpcF9ieV9naWRfcookie"' … b'"iframeIGlzIG5vdCByZWFkeSBkb2MuYm9keSBvciBkb2Muhead"' … b'"getBoundingClientRect"' … b'"iframeX2RlbnlfY2xpY2tlZA=="' … b'"iframeX2FsbG93X2NsaWNrZWQ="' … b'"beforePermissionPrompt"' … b'"notificationUnsupported"' … b'"requestPermissionHandlerDone"' … b'"swFallbackErrorDomain"' … b'"ZXJyb3IgaXMgundefinedIG9yIG51bGw="' … b'"tccv8Pv3n3IwHii37Dgh6gb"' … b'"on7ivuPtktu7LvffgkUkc"' … b'"hvi6w6oti6vh7DgctzHii37"' … b'"hvi6w6oti6vh7DgctzHii3"'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!