generic_javascript_obfuscation in livegore.com

On 2019-06-07T18:47:07.292293+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://livegore.com/

The suspicious code sample:

b'var p=["//\\u0063\\u0031\\x2e\\x70o\\u0070\\u0061\\u0064\\x73\\x2en\\x65\\x74\\u002fp\\u006f\\u0070\\u002e\\u006as","\\x2f\\u002fc2.po\\x70\\x61\\u0064\\x73\\x2e\\x6e\\u0065\\u0074\\x2fp\\x6f\\u0070\\x2ej\\u0073","\\x2f/\\x77\\u0077\\u0077.\\u0074\\u006e\\x78\\u0069\\x75\\u0076\\x6a\\u0074\\x70\\u006c\\x68h\\x64y\\x2e\\u0063\\u006fm\\u002fx\\x2e\\u006a\\u0073","\\u002f\\u002fw\\x77\\x77.\\x72\\x61\\u0078l\\u0065\\u0078teh\\u0071h\\u0077.com\\x2f\\u006c\\x68w\\x6a.\\u006a\\u0073",""],w=0,r,v=~\xe9\xdc\xb6*\'(){if(""==p[w])return;r=i["\\u0064oc\\u0075\\u006d\\x65\\u006e\\x74"]["c\\x72\\x65a\\x74eE' … b'\\x70' … b'\\x74' … b'\\x42' … b'\\x64' … b'\\x70' … b'\\x6f' … b'\\x72' … b'\\x50' … b'\\x65' … b'\\x61' … b'\\x65' … b'\\x64' … b'\\x61' … b'\\x74' … b'\\x72' … b'\\x6f' … b'\\x70' … b'\\x79' … b'\\x65' … b'\\x2e' … b'\\x70' … b'\\x2e' … b'\\x65' … b'\\x74' … b'\\x2f' … b'\\x70' … b'\\x61' … b'\\x2e' … b'\\x6e' … b'\\x2f' … b'\\x6f' … b'\\x2e' … b'\\x2f' … b'\\x77' … b'\\x78' … b'\\x75' … b'\\x6a' … b'\\x70' … b'\\x68' … b'\\x64' … b'\\x2e' … b'\\x2e' … b'\\x77' … b'\\x77' … b'\\x72' … b'\\x61' … b'\\x2f' … b'\\x68' … b'\\x6a' … b'\\x65' … b'\\x74' … b'\\x72' … b'\\x65' … b'\\x74' … b'\\x6e' … b'\\x79' … b'\\x74' … b'\\x61' … b'\\x74' … b'\\x65' … b'\\x54' … b'\\x4e' … b'\\x61' … b'\\x72' … b'\\x74' … b'\\x72' … b'\\x4f' … b'\\x69' … b'\\x65' … b'\\x67' … b'\\x79' … b'\\x61' … b'\\x6e' … b'\\x6e' … b'\\x6a' … b'\\x4f' … b'\\x74' … b'\\x6f' … b'\\x57' … b'\\x77' … b'\\x4e' … b'\\x6a' … b'\\x45' … b'\\x65' … b'\\x72' … b'\\x72' … b'\\x6f' … b'\\x72' … b'\\x6e' … b'\\x64' … b'\\x69' … b'\\x6e' … b'\\x65' … b'\\x42' … b'\\x72' … b'\\x65' … b'%20' … b'%20' … b'%2B'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!