generic_javascript_obfuscation in vitaminstorepavia.it

On 2019-10-03T14:28:42.829439+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://vitaminstorepavia.it/

The suspicious code sample:

b'atob' … b'atob' … b"'W3sidGl0bGUiOiJIb21lIiwiYWxpYXMiOiJob21lIiwicGF0aCI6Ii8iLCJpbk5hdmlnYXRpb24iOnRydWUsInN1Yk5hdiI6W119LHsidGl0bGUiOiJWaXRhbWluIFN0b3JlIiwiYWxpYXMiOiJ2aXRhbWluLXN0b3JlIiwicGF0aCI6Ii92aXRhbWluLXN0b3JlIiwiaW5OYXZpZ2F0aW9uIjp0cnVlLCJzdWJOYXYiOlt7InRpdGxlIjoiSW50ZWdyYXRvcmkiLCJhbGlhcyI6Im51dHJpemlvbmUtc3BvcnRpdmEiLCJwYXRoIjoiL251dHJpemlvbmUtc3BvcnRpdmEiLCJpbk5hdmlnYXRpb24iOmZhbHNlLCJzdWJOYXYiOltdfSx7InRpdGxlIjoiQWxpbWVudGkgcHJvdGVpY2kiLCJhbGlhcyI6InJpZHV6aW9uZS1kZWwtcGVzbyIsInBhdGgiOiIvcmlkdXppb25lLWRlbC1wZXNvIiw" … b'"innerLeftSideBarLayout"' … b'"eyJzbGlkZXMiOlsiaHR0cHM6Ly9pcnAtY2RuLm11bHRpc2NyZWVuc2l0ZS5jb20vMmY3NjNhMDIvZG1zM3JlcC9tdWx0aS8yMjE0MDg2Nl85ODUzNDQ2MzE2MTI4MDNfNDk3NjU1MTE1Mjg0NzQwNzI2NV9uLTg1MmQ2MDJiLmpwZyIsImh0dHBzOi8vaXJwLWNkbi5tdWx0aXNjcmVlbnNpdGUuY29tLzJmNzYzYTAyL2RtczNyZXAvbXVsdGkvMTc2MzU0NTNfODgwODMyMDQyMDY0MDYzXzQyMDk2ODU4Njk5OTE2MTI1Mjlfby00ZjZjYTkzMC5qcGciLCJodHRwczovL2lycC1jZG4ubXVsdGlzY3JlZW5zaXRlLmNvbS8yZjc2M2EwMi9kbXMzcmVwL211bHRpLzIwMjQ2MjUzXzk1MTczNTc2NDk3MzY5MF82MTEyMDE1NjgxMzg5NzgwNjgzX24uanBnIiwiaHR0cHM6Ly9pcnAtY2RuLm1' … b'"passiveeventlisteners"' … b"'AIzaSyBAwUOqPUB1CU31yDztoZYaUE7sPv4ktEI'" … b"'1hcIxLJcbybmtBYTD9Z1UA'"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!