generic_javascript_obfuscation in henlighlinglitt.pro

On 2019-10-04T21:07:00.194738+00:00 we found suspicious pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://henlighlinglitt.pro/CZJU?tag_id…

The suspicious code sample:

b'atob' … b'"YndLd0s5VXJZeUBbaUB9UEB4T2lOVXxHKFtGekMqTxZzQ3lPQ3lOck9PeEIpT0YuRi5TRXoVf1MRe1VnQFp6T3laQH5Ae1RGfk58W0Z+RH5TVWdVLVtELU5+BxFmQnwGEmZDewNAZhZ7VkRmQChSRXsVeAFPKk97QFtpNQI7RiMjIzAZLTsDWj56JTMRNR45PjBaLiBmEjwJOQQEIAIGKVomeTJyFjN4IT4tPhsELk8RODkyNkd5MxlUBwwhCiQScx4FBQQBJC0SGwEgO1QdOkU8QFtpBS4GHjkSKBZVZ1U5BxMiBS4BA2lbaRASLx45BxQ/VWdSW2kfPxYHOFJ4I1J5MW5QMS0FKgwUJB44FgQhFigTAmUeJQQYbkUNR0QNAyIGUngzfFRFfEN9R0V9GSQNFDtSeCZGbkV9EQIpHi9HRA9AewFOekZ/A1oqT39QWn9Fcltac0R+AFp6EnoHRnlGKVZGLUdpTlU4AzkHFiZVZ0BVZ1VpTlVpWy0DGzg'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!