generic_javascript_obfuscation in images-eu.ssl-images-amazon.com

On 2019-12-17T12:38:13.528871+00:00 we found pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://images-eu.ssl-images-amazon.com… referenced from https://www.amazon.in/MS-International-… .

Code sample:

b'var e=[];a(b,c).each(~\xe9\xdc\xb6*\'(){var b=a(this);if(!b.data("a-image-already-loaded")){b.data("a-image-already-loaded",!0);var c=m(b),f=a("\\x3c' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'\\x26' … b'"RequestAnimationFrame"' … b'"CancelRequestAnimationFrame"' … b'"transitionSlideCircularFirstCardIndex"' … b'"registerCarouselClass"' … b'"registerCarouselClass"' … b'"hideHeaderCloseButtonLayout"' … b'"carduiExpandControlFooter"'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).