generic_javascript_obfuscation5 in www.lisboa.pt

On 2020-05-12T14:59:18.507095+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.lisboa.pt/typo3conf/ext/boo… referenced from https://lisboa.pt/ .

Code sample:

b'["background","cite","href","\xc2\x8a\xc3\x97\xc2\xa6\xc2\xb7*^","\xc2\x96\xc2\x89\xc3\xa0u\xc3\xab\x1c","poster","src","xlink:href"],Ee={"*":["class","dir","id","lang","role",/^aria-[\\w-]*$/i],a:["target","href","title","rel"],area:[],b:[],br:[],col:[],code:[],div:[],em:[],hr:[],h1:[],h2:[],h3:[],h4:[],h5:[],h6:[],i:[],img:["src","alt","title","width",' … b'["class","dir","id","lang","role",/^aria-[\\w-]*$/i],a:["target","href","title","rel"],area:[],b:[],br:[],col:[],code:[],div:[],em:[],hr:[],h1:[],h2:[],h3:[],h4:[],h5:[],h6:[],i:[],img:["src","alt","title","width",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).