generic_javascript_obfuscation in www.bigbootymania.com

On 2019-09-05T16:22:55.148963+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://www.bigbootymania.com/

The suspicious code sample:

b'var a=["/\\x2f\\x63\\u0031\\u002e\\u0070\\u006f\\u0070\\u0061\\x64\\x73.\\x6ee\\u0074\\x2f\\u0070o\\u0070\\u002e\\x6as","\\u002f/c2\\x2e\\x70\\u006f\\x70\\x61\\x64\\u0073\\u002e\\u006e\\u0065t\\u002f\\u0070\\x6f\\x70\\x2ejs","/\\u002f\\u0077\\x77w.b\\u0063\\x76\\u0072c\\u007a\\x76qlm\\u002e\\x63\\u006f\\u006d\\u002fa.js","\\x2f\\x2f\\x77\\u0077\\x77.\\x68\\x70asvf\\x73nd\\x67\\x72\\u002e\\u0063\\u006fm\\u002fbd.j\\x73",""],v=0,p,n=function(){if(""==a[v])return;p=y["\\u0064\\x6f\\x63\\u0075\\u006d\\u0065nt"]["\\u0063rea\\u0074e\\u0045\\u006c\\x65\\x6d\\x65\\u006et"]("\\x73\\u0063r\\u0' … b'\\x70' … b'\\x69' … b'\\x49' … b'\\x64' … b'\\x69' … b'\\x6e' … b'\\x42' … b'\\x70' … b'\\x75' … b'\\x6e' … b'\\x64' … b'\\x65' … b'\\x50' … b'\\x74' … b'\\x65' … b'\\x65' … b'\\x64' … b'\\x65' … b'\\x66' … b'\\x61' … b'\\x44' … b'\\x79' … b'\\x74' … b'\\x6f' … b'\\x70' … b'\\x79' … b'\\x2f' … b'\\x64' … b'\\x6e' … b'\\x2f' … b'\\x6a' … b'\\x2e' … b'\\x70' … b'\\x70' … b'\\x61' … b'\\x64' … b'\\x6f' … b'\\x70' … b'\\x2e' … b'\\x77' … b'\\x76' … b'\\x76' … b'\\x2f' … b'\\x2f' … b'\\x77' … b'\\x77' … b'\\x68' … b'\\x70' … b'\\x67' … b'\\x72' … b'\\x6f' … b'\\x65' … b'\\x65' … b'\\x74' … b'\\x79' … b'\\x65' … b'\\x6a' … b'\\x72' … b'\\x74' … b'\\x6e' … b'\\x75' … b'\\x74' … b'\\x65' … b'\\x65' … b'\\x42' … b'\\x54' … b'\\x61' … b'\\x61' … b'\\x72' … b'\\x72' … b'\\x6f' … b'\\x72' … b'\\x69' … b'\\x6e' … b'\\x61' … b'\\x6e' … b'\\x6f' … b'\\x75' … b'\\x6f' … b'\\x72' … b'\\x72' … b'\\x4e' … b'\\x6f' … b'\\x6e' … b'\\x65' … b'\\x72' … b'"transformPornhubPlayer"' … b'"transformRedtubePlayer"' … b'"transformXvideosPlayer"' … b'"transformYoupornPlayer"' … b'"transformYoupornGayPlayer"'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!