generic_javascript_obfuscation in pornhub.com

On 2019-09-05T09:11:33.362339+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://pornhub.com/

The suspicious code sample:

b'atob' … b'atob' … b'atob' … b'"loginTitlePlaylistAdd"' … b'"loginTitleUploadVideo"' … b'"loginTitleToAddFriend"' … b"'GoogleAnalyticsObject'" … b"'fmvh8h7224juuwniy1bg1'" … b'"yesNoModalConfirmation"' … b'"loginAccessRememberInfo"' … b'"signinConfirmationEmail"' … b'"verificationEnabledUsername"' … b'"enterVerificationCode"' … b'"enterVerificationCode"' … b'"enterVerificationCode"' … b'"resendVerificationCode"' … b'"errorDescriptionToManyUrls"' … b'"headerSearchWrapperFree"' … b'"headerUpgradePremiumBtn"' … b'"dropdownHeaderSubMenu"' … b'"/model/themagicmuffin"' … b'"playListHeaderSection"' … b'"/channels/momsteachsex"' … b'"/channels/momsteachsex"' … b"'playListHeaderSection'" … b'"dropdownPornstarsList"' … b'"dropdownPornstarsList"' … b'"dropdownPornstarsList"' … b'"dropdownPornstarsList"' … b'"verificationModalTitle"' … b'"verificationSuccessfulMessage"' … b'"countryRedirectMessage"' … b'"/channels/teenmegaworld"' … b'"mostRecentVideosSection"' … b'"/users/cumslutcarolyn"' … b'"/channels/whiteghetto"' … b'"/channels/teenylovers"' … b"'mostRecentVideosSection'" … b"'YWRkRXZlbnRMaXN0ZW5lcg=='" … b"'cXVlcnlTZWxlY3RvckFsbA=='" … b"'Z2V0RWxlbWVudHNCeUNsYXNzTmFtZQ=='" … b"'aW52YWxpZCBzZWxlY3Rvcjog'" … b"'Y3JlYXRlU2hhZG93Um9vdA=='" … b"'c3RvcFByb3BhZ2F0aW9u'" … b"'aHR0cDovL2NwLmRiYnAxLm5ldC4vX3gv'" … b"'I2hkLXJpZ2h0Q29sVmlkZW9QYWdl'" … b"'LnBvcm5zdGFyX2NvbnRhaW5lciAudG9wVHJlbmRpbmdQb3Juc3RhcnM='" … b"'LnBvcm5zdGFyX2NvbnRhaW5lciA6bm90KC50b3BUcmVuZGluZ1Bvcm5zdGFycyk='" … b"'LnNob3dpbmdDb3VudGVy'" … b"'LnNuaXBlck1vZGVFbmdhZ2Vk'" … b"'Z2V0RWxlbWVudHNCeVRhZ05hbWU='" … b"'ZGlzcGxheTogbm9uZSAhaW1wb3J0YW50Ow=='" … b"'Z2V0Q29udGFpbmVyQ2hpbGQ='" … b"'OwoJCQkJYm9yZGVyOiBub25lOwoJCQkJZGlzcGxheTogYmxvY2s7CgkJCQltYXJnaW4tbGVmdDogYXV0bzsKCQkJCW1hcmdpbi1yaWdodDogYXV0bzsKCQkJfQ=='" … b"'Y29udGFpbmVyTmFtZUZvb3Rlcg=='" … b"'dGpfYWRfY29udGFpbmVyX2lk'" … b"'PHN0eWxlPgoJCQkJCQkJLg=='" … b"'IHsKCQkJCQkJCQl3aWR0aDo='" … b"'OwoJCQkJCQkJCWhlaWdodDo='" … b"'OwoJCQkJCQkJCWJhY2tncm91bmQtaW1hZ2U6dXJsKCdkYXRhOg=='" … b"'Jyk7CgkJCQkJCQkJYmFja2dyb3VuZC1yZXBlYXQ6bm8tcmVwZWF0OwoJCQkJCQkJCWJhY2tncm91bmQtcG9zaXRpb246Y2VudGVyOwoJCQkJCQkJCWRpc3BsYXk6YmxvY2shaW1wb3J0YW50OwoJCQkJCQkJCWN1cnNvcjpwb2ludGVyOwoJCQkJCQkJCW1hcmdpbi1ib3R0b206MTVweDsKCQkJCQkJCQljbGVhcjpib3RoOwoJCQkJCQkJfQoJCQkJCQk8L3N0eWxlPgoJCQkJCQk8ZGl2IGNsYXNzPSc='" … b"'YXBwbHlHcmlkU3R5bGVz'" … b"'Z2V0RGVmYXVsdFN0eWxl'" … b"'Z2V0UG9yblN0YXJTdHlsZXM='" … b"'cG9ybnN0YXJDYXRlZ29yeQ=='" … b"'Z2V0UG9ybnN0YXJDYXRlZ29yeVN0eWxlcw=='" … b"'Z2V0U2VhcmNoU3R5bGVz'" … b"'IHsKCQkJCWFsaWduLXNlbGY6IGNlbnRlcjsKCQkJfQ=='" … b"'IHsKCQkJCQlncmlkLXJvdzogMS9zcGFuIDI7CgkJCQkJZ3JpZC1jb2x1bW46IDMvc3BhbiAyOwoJCQkJfQoJCQkJCgkJCQlAbWVkaWEgb25seSBzY3JlZW4gYW5kIChtaW4td2lkdGg6IDEzNTBweCkgewoJCQkJCQ=='" … b"'IHsKCQkJCQkJZ3JpZC1jb2x1bW4tc3RhcnQ6IDQ7CgkJCQkJfQoJCQkJfQ=='" … b"'IHsKCQkJCQlncmlkLXJvdzogMS9zcGFuIDI7CgkJCQkJZ3JpZC1jb2x1bW46IDMvc3BhbiAyOwoJCQkJfQoJCQkJCgkJCQlAbWVkaWEgb25seSBzY3JlZW4gYW5kIChtYXgtd2lkdGg6IDEzNTBweCkgewoJCQkJCQ=='" … b"'IHsKCQkJCQkJZ3JpZC1jb2x1bW4tc3RhcnQ6IDI7CgkJCQkJfQoJCQkJfQ=='" … b"'IHsKCQkJCQlncmlkLXJvdzogMS9zcGFuIDI7CgkJCQkJZ3JpZC1jb2x1bW46IDcvc3BhbiAzOwoJCQkJfQoJCQkJCgkJCQlAbWVkaWEgb25seSBzY3JlZW4gYW5kIChtYXgtd2lkdGg6IDEzNTBweCkgewoJCQkJCQ=='" … b"'IHsKCQkJCQlncmlkLXJvdzogMi9zcGFuIDI7CgkJCQkJZ3JpZC1jb2x1bW46IDQvc3BhbiAyOwoJCQkJfQoJCQkJCgkJCQlAbWVkaWEgb25seSBzY3JlZW4gYW5kIChtaW4td2lkdGg6IDEzNTBweCkgewoJCQkJCQ=='" … b"'ID4gdmlkZW8gewoJCQkJCQkJCXdpZHRoOjEwMCU7CgkJCQkJCQkJZGlzcGxheTpibG9jazsKCQkJCQkJCX0KCQkJCQkJCS4='" … b"'OwoJCQkJCQkJfQoJCQkJCQkJLg=='" … b"'OmJlZm9yZSB7CgkJCQkJCQkJY29udGVudDonJzsKCQkJCQkJCQlwb3NpdGlvbjphYnNvbHV0ZTsKCQkJCQkJCQl0b3A6MDsKCQkJCQkJCQlyaWdodDowOwoJCQkJCQkJCWJvdHRvbTowOwoJCQkJCQkJCWxlZnQ6MDsKCQkJCQkJCQliYWNrZ3JvdW5kLXJlcGVhdDpuby1yZXBlYXQ7CgkJCQkJCQkJYmFja2dyb3VuZC1wb3NpdGlvbjpjZW50ZXI7CgkJCQkJCQkJYmFja2dyb3VuZC1pbWFnZTp1cmwoJ2RhdGE6'" … b"'Jyk7CgkJCQkJCQl9CgkJCQkJCTwvc3R5bGU+CgkJCQkJCTxkaXYgY2xhc3M9Ig=='" … b"'Ij4KCQkJCQkJCTx2aWRlbyBhdXRvcGxheSBsb29wIHBsYXlpbmxpbmUgbXV0ZWQ+CgkJCQkJCQkJPHNvdXJjZSBzcmM9ImRhdGE6'" … b"'Ij48L3NvdXJjZT4KCQkJCQkJCTwvdmlkZW8+CgkJCQkJCTwvZGl2Pg=='" … b"'LiBUaGUgc3BvdCBJRCBpcyB1bmRlZmluZWQu'" … b"'cmVxdWVzdFRyYWZmaWNKdW5reUFkcw=='" … b"'cHJveGlmeUJsYW5rTGlua3M='" … b"'Zml4QWJzZW50TWVkaWFUeXBl'" … b"'YVt0YXJnZXQ9Il9ibGFuayJd'" … b"'QWRibG9jayBmb3IgcG9ybmh1Yg=='" … b"'QzpcdmFyXHd3d1x0ai10eXBlc2NyaXB0LWFkYmxvY2tcZGlzdFxwb3JuaHVi'" … b"'Y3JlYXRlU3BlY2lhbEVsZW1lbnQ='" … b"'aW5pdENsYXNzV2l0aFRyeUNhdGNo'" … b"'abcdefghijklmnopqrstuvwxyz'" … b"'createSpecialElement'" … b"'getPornstarCategoryStyles'"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!