generic_javascript_obfuscation in ftrweb-assets.s3.amazonaws.com

On 2020-06-30T20:48:18.830237+00:00 we found pattern generic_javascript_obfuscation, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://ftrweb-assets.s3.amazonaws.com/… referenced from http://ftr.dev.imagescape.com/ .

Code sample:

b'var e=[];for(var r in t)s.call(t,r)&&e.push(r);return e}}).call(this,"undefined"!=typeof global?global:"undefined"!=typeof self?self:"undefined"!=typeof window?window:{})},{"object-assign":455,"util/":73}],71:[~\xe9\xdc\xb6*\'(t,e,r){"~\xe9\xdc\xb6*\'"==typeof Object.create?e.exports=~\xe9\xdc\xb6*\'(t,e){t.super_=e,t.prototype=Object.create(e.prototype,{constructor:{value:t,enumerable:!1,writable:!0,configurable:!0}})}:e.exports=~\xe9\xdc\xb6*\'(t,e){t.super_=e;var r=~\xe9\xdc\xb6*\'(){};r.prototype=e.prototype,t.prototype=new r,t.prototype.constructor=t}' … b'var e=[],r=0;r<arguments.length;r++)e.push(s(arguments[r]));return e.join(" ")}r=1;for(var n=arguments,i=n.length,o=String(t).replace(a,~\xe9\xdc\xb6*\'(t){if("%%"===t)return"%";if(r>=i)return t;switch(t){case"%s":return String(n[r++]);case"%d":return Number(n[r++]);case"%j":try{return JSON.stringify(n[r++])}catch(t){return"[Circular]"}default:return t}}),l=n[r];r<i;l=n[++r])g(l)||!b(l)?o+=" "+l:o+=" "+s(l);return o},r.deprecate=~\xe9\xdc\xb6*\'(t,a){if(y(n.process))return ~\xe9\xdc\xb6*\'(){return r.deprecate(t,a).apply(this,arguments)' … b'var f=[];r!==i&&r!==o;)f.push(r),r=h();e&&null==(f=e(f,u++))||s.push(f)}return s},a.format=~\xe9\xdc\xb6*\'(e){if(Array.isArray(e[0]))return a.formatRows(e);var r=new C,n=[];return e.forEach(~\xe9\xdc\xb6*\'(t){for(var e in t)r.has(e)||n.push(r.add(e))}),[n.map(l).join(t)].concat(e.map(~\xe9\xdc\xb6*\'(e){return n.map(~\xe9\xdc\xb6*\'(t){return l(e[t])}).join(t)})).join("\\n")},a.formatRows=~\xe9\xdc\xb6*\'(t){return t.map(s).join("\\n")},a},t.csv=t.dsv(",","\xb5\xecm\xfd\xcb/"),t.tsv=t.dsv("\\t","text/tab-separated-values");var xe,be,_e,we,ke=this[z(this,"requestAnimati' … b'var Le=["y","z","a","f","p","n","\\xb5' … b"var r=[],n=new a(0,0),i=0;i<t.length;i++){for(var o=t[i],s=[],l=0;l<o.length;l++){var c=o[l-1],u=o[l],h=o[l+1],f=0===l?n:u.sub(c)._unit()._perp(),p=l===o.length-1?n:h.sub(u)._unit()._perp(),d=f._add(p)._unit(),g=d.x*p.x+d.y*p.y;d._mult(1/g),s.push(d._mult(e)._add(u))}r.push(s)}return r}(n,u*s)),~\xe9\xdc\xb6*'(t,e,r){for(var n=0;n<e.length;n++){var a=e[n];if(t.length>=3)for(var i=0;i<a.length;i++)if(gi(t,a[i]))return!0;if(ci(t,a,r))return!0}return!1}(l,n,c)},e.prototype.isTileClipped=~\xe9\xdc\xb6*'(){return!0},e}(Yn);~\xe9\xdc\xb6*'" … b'var r=[],n=i(t[t.length-1],e),a=t[t.length-1],s=t[0],l=0;l<t.length;++l,a=s){var c=i(s=t[l],e);(n<0&&c>0||n>0&&c<0)&&r.push(o(a,c,s,n)),c<=0&&r.push(s.slice()),n=c}return r}},{"robust-dot-product":505,"robust-sum":513}],526:[~\xe9\xdc\xb6*\'(t,e,r){!~\xe9\xdc\xb6*\'(){"use strict";var t={not_string:/[^s]/,not_bool:/[^t]/,not_type:/[^T]/,not_primitive:/[^v]/,number:/[diefg]/,numeric_arg:/[bcdiefguxX]/,json:/[j]/,not_json:/[^j]/,text:/^[^\\x25]+/,modulo:/^\\x25{2}/,placeholder:/^\\x25(?:([1-9]\\d*)\\$|\\(([^)]+)\\))?(\\+)?(0|\'[^$])?(-)?' … b'var s=[],l=r[2],c=[];if(null===(c=t.key.exec(l)))throw new SyntaxError("[sprintf] failed to parse named argument key");for(s.push(c[1]);""!==(l=l.substring(c[0].length));)if(null!==(c=t.key_access.exec(l)))s.push(c[1]);else{if(null===(c=t.index_access.exec(l)))throw new SyntaxError("[sprintf] failed to parse named argument key");s.push(c[1])}r[2]=s}else o|=2;if(3===o)throw new Error("[sprintf] mixing \xa6\x8b"\xb6*\'al and named placeholders is not (yet) supported");i.push({placeholder:r[0],param_no:r[1],keys:r[2],si' … b'var G=["f","p","n","\\u03bc","m","","k","M","G","T"];~\xe9\xdc\xb6*\' Y(t){return"SI"===t||"B"===t}~\xe9\xdc\xb6*\' W(t){return t>14||t<-15}~\xe9\xdc\xb6*\' X(t,e,r,n){var i=t<0,o=e._tickround,l=r||e.exponentformat||"B",c=e._tickexponent,u=E.getTickFormat(e),h=e.separatethousands;if(n){var f={exponentformat:l,dtick:"none"===e.\xb2\x1a0{\x1ah\x9d\xe9\xed?e.dtick:a(t)&&Math.abs(t)||1,range:"none"===e.\xb2\x1a0{\x1ah\x9d\xe9\xed?e.range.map(e.r2d):[0,t||1]};q(f),o=(Number(f._tickround)||0)+4,c=f._tickexponent,e.hoverformat&&(u=e.hoverformat)}if(u)return e._numFormat(u)(t).rep' … b'var T=["interpolate",["linear"],["get","z"],b.min,0,b.max,1];return a.extendFlat(c.heatmap.paint,{"heatmap-weight":d?T:1/(b.max-b.min),"heatmap-color":k,"heatmap-radius":g?{type:"\x89\xd7\xa7\xb6+r",\xa6\xba)z\xbbr:"r"}:e.radius,"heatmap-opacity":e.opacity}),c.geojson={type:"FeatureCollection",}\xe6\xad\xba\xb7\xac:h},c.heatmap.layout.visibility="visible",c}},{"../../components/color":591,"../../components/colorscale":603,"../../r\x89\xec\xb5\xa9\xeds/numerical":693,"../../lib":717,"../../lib/geojson_utils":712,"fast-isnumeric":228}],973:[~\xe9\xdc\xb6*\'(t,e,r){"use' … b'\\x1b' … b'\\x1b' … b'\\xe7' … b'\\xe9' … b'\\xe9' … b'\\xe9' … b'\\xb5' … b'\\x00' … b'\\x20' … b'\\x7F' … b'\\x00' … b'\\x20' … b'\\x7F' … b'\\xa2' … b'\\xa5' … b'\\xa6' … b'\\xaf' … b'\\x25' … b'\\x25' … b'\\x25' … b'\\xab' … b'\\xbb' … b'\\xe6' … b'\\xe6' … b'\\xb1' … b'\\xb1' … b'\\xa0' … b'\\xb1' … b'\\xb0' … b'\\xa9' … b'\\xa9' … b'\\xa9' … b'\\xb0' … b'\\xb1' … b'\\xb0' … b'\\xb0' … b'\\xb0' … b'\\xb5' … b'\\xb0' … b'\\xb0'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!