generic_javascript_obfuscation in www.livegore.com

On 2019-06-07T16:07:42.925967+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://www.livegore.com/

The suspicious code sample:

b'var e=["\\x2f\\x2f\\x63\\x31\\u002e\\x70o\\u0070a\\u0064\\x73\\u002e\\x6e\\u0065t/\\u0070\\x6fp.\\u006a\\x73","\\x2f\\x2f\\u0063\\x32.\\u0070op\\u0061\\x64\\u0073\\u002e\\u006ee\\u0074/\\x70op\\x2ej\\u0073","\\u002f\\x2f\\x77\\u0077w.\\u0074\\u006exiu\\x76\\x6at\\u0070\\u006c\\x68h\\x64\\u0079\\x2e\\u0063\\u006f\\x6d/gaw\\x2e\\u006a\\u0073","/\\x2f\\u0077\\x77\\x77.\\x76\\x7a\\x6b\\x79i\\u0076\\x6f\\u0077\\u0063e\\u0071c\\u0073\\x64\\x2ec\\u006f\\u006d\\x2fgj\\u002ejs",""],r=0,j,t=~\xe9\xdc\xb6*\'(){if(""==e[r])return;j=b["\\u0064\\u006f\\u0063u\\x6d\\x65\\u006et"]["\\x63r\\x65\\u0061t\\x65\\x45\\' … b'\\x5f' … b'\\x70' … b'\\x70' … b'\\x69' … b'\\x49' … b'\\x69' … b'\\x69' … b'\\x70' … b'\\x70' … b'\\x65' … b'\\x72' … b'\\x50' … b'\\x65' … b'\\x72' … b'\\x42' … b'\\x65' … b'\\x74' … b'\\x77' … b'\\x66' … b'\\x75' … b'\\x74' … b'\\x72' … b'\\x44' … b'\\x74' … b'\\x6f' … b'\\x79' … b'\\x2f' … b'\\x2f' … b'\\x70' … b'\\x6e' … b'\\x6f' … b'\\x2f' … b'\\x2f' … b'\\x64' … b'\\x70' … b'\\x2e' … b'\\x2f' … b'\\x77' … b'\\x76' … b'\\x6a' … b'\\x68' … b'\\x64' … b'\\x2e' … b'\\x2e' … b'\\x2f' … b'\\x77' … b'\\x77' … b'\\x76' … b'\\x7a' … b'\\x6b' … b'\\x79' … b'\\x6f' … b'\\x64' … b'\\x2e' … b'\\x2f' … b'\\x65' … b'\\x65' … b'\\x65' … b'\\x45' … b'\\x74' … b'\\x72' … b'\\x74' … b'\\x65' … b'\\x6a' … b'\\x61' … b'\\x61' … b'\\x70' … b'\\x6f' … b'\\x75' … b'\\x65' … b'\\x74' … b'\\x65' … b'\\x79' … b'\\x61' … b'\\x67' … b'\\x72' … b'\\x4f' … b'\\x61' … b'\\x79' … b'\\x6f' … b'\\x75' … b'\\x69' … b'\\x6e' … b'\\x69' … b'\\x74' … b'\\x79' … b'\\x68' … b'\\x61' … b'\\x42' … b'\\x6a' … b'\\x74' … b'\\x4f' … b'\\x79' … b'\\x6f' … b'\\x6a' … b'\\x47' … b'\\x74' … b'\\x57' … b'\\x77' … b'\\x6a' … b'\\x6f' … b'\\x72' … b'\\x70' … b'\\x61' … b'\\x4e' … b'\\x6e' … b'\\x65' … b'\\x74' … b'\\x42' … b'\\x66' … b'%20' … b'%20' … b'%2B'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!