generic_javascript_obfuscation5 in thetradingsignals.com

On 2020-06-30T21:08:23.173323+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://thetradingsignals.com/wp-conten… referenced from https://thetradingsignals.com/ .

Code sample:

b'["bmp","gif","jpeg","jpg","png","tiff","tif","jfif","jpe","svg","mp4","ogg",' … b'["paddingLeft","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m","paddingTop","paddingBottom","marginLeft","marginRight","marginTop","\xc2\x99\xc2\xaa\xc3\xa0\xc2\x8aph\xc2\xb6\xc3\x9a&","borderLeftWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","borderTopWidth",' … b'["\xc2\xa2\xc3\xabek\'\xc2\xab/\xc2\xa2\xc3\xabek\'\xc2\xab","get-size/get-size","desandro-matches-\xc2\xb1\xc3\xa9^r\xc3\x9a+/matches-\xc2\xb1\xc3\xa9^r\xc3\x9a+","fizzy-ui-utils/utils","isotope-layout/js/item","isotope-layout/js/layout-mode","isotope-layout/js/layout-modes/masonry","isotope-layout/js/layout-modes/fit-rows",' … b'["AT","BE","BG","HR","CZ","CY","DK","EE","FI","FR","DE","EL","HU","IE","IT","LV","LT","LU","MT","NL","PL","PT","SK","SI","ES","SE","GB","UK"],revokable:["HR","CY","DK","EE","FR","DE","LV","LT","NL","PT","ES"],explicitAction:["HR","IT",' … b'["HR","CY","DK","EE","FR","DE","LV","LT","NL","PT","ES"],explicitAction:["HR","IT",' … b'["innerHeight","innerWidth","off","offset","on","outerHeight","outerWidth","scrollLeft",' … b'["requestFullscreen","exitFullscreen","fullscreenElement","fullscreenEnabled","~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","fullscreenerror"],["webkitRequestFullscreen","\xc3\x81\xc3\xa6\xc3\xa4\xc2\x8a\xc3\x911\xc2\x8a\xc3\x91n\xc2\x96[\x1c\xc2\xad\xc3\xa7\xc2\xa7","webkitFullscreenElement","webkitFullscreenEnabled","webkit~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","webkitfullscreenerror"],["webkitRequestFullScreen","webkitCancelFullScreen","webkitCurrentFullScreenElement","webkitCancelFullScreen","webkit~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","webkitfullscreenerror"],["\xc2\x9a\xc2\x8c\xc3\x91z\xc2\xab\xc2\x9e\xc2\xb2\xc3\x91n\xc2\x96T\xc2\x9c\xc2\xad\xc3\xa7\xc2\xa7","mozCancelFullScreen","\xc2\x9a\xc2\x8c\xc3\x85\xc2\xbaYRr\xc2\xb7\xc2\x9e\xc2\x9cI^\xc2\x99\xc3\xa9\xc3' … b'["webkitRequestFullscreen","\xc3\x81\xc3\xa6\xc3\xa4\xc2\x8a\xc3\x911\xc2\x8a\xc3\x91n\xc2\x96[\x1c\xc2\xad\xc3\xa7\xc2\xa7","webkitFullscreenElement","webkitFullscreenEnabled","webkit~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","webkitfullscreenerror"],["webkitRequestFullScreen","webkitCancelFullScreen","webkitCurrentFullScreenElement","webkitCancelFullScreen","webkit~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","webkitfullscreenerror"],["\xc2\x9a\xc2\x8c\xc3\x91z\xc2\xab\xc2\x9e\xc2\xb2\xc3\x91n\xc2\x96T\xc2\x9c\xc2\xad\xc3\xa7\xc2\xa7","mozCancelFullScreen","\xc2\x9a\xc2\x8c\xc3\x85\xc2\xbaYRr\xc2\xb7\xc2\x9e\xc2\x9cI^\xc2\x99\xc3\xa9\xc3\xad","\xc2\x9a\xc2\x8c\xc3\x85\xc2\xbaYRr\xc2\xb7\xc2\x9e\xc2\x9cI\xc3\x9anW\xc2\x9d","moz~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","mozfullscreenerror"],["msRequestFullscreen","\xc2\x9a\xc3\x811\xc2\x8a\xc3\x91n\xc2\x96[\x1c\xc2\xad\xc3\xa7' … b'["webkitRequestFullScreen","webkitCancelFullScreen","webkitCurrentFullScreenElement","webkitCancelFullScreen","webkit~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","webkitfullscreenerror"],["\xc2\x9a\xc2\x8c\xc3\x91z\xc2\xab\xc2\x9e\xc2\xb2\xc3\x91n\xc2\x96T\xc2\x9c\xc2\xad\xc3\xa7\xc2\xa7","mozCancelFullScreen","\xc2\x9a\xc2\x8c\xc3\x85\xc2\xbaYRr\xc2\xb7\xc2\x9e\xc2\x9cI^\xc2\x99\xc3\xa9\xc3\xad","\xc2\x9a\xc2\x8c\xc3\x85\xc2\xbaYRr\xc2\xb7\xc2\x9e\xc2\x9cI\xc3\x9anW\xc2\x9d","moz~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","mozfullscreenerror"],["msRequestFullscreen","\xc2\x9a\xc3\x811\xc2\x8a\xc3\x91n\xc2\x96[\x1c\xc2\xad\xc3\xa7\xc2\xa7","msFullscreenElement","msFullscreenEnabled","MSFullscreenChange",' … b'["\xc2\x9a\xc2\x8c\xc3\x91z\xc2\xab\xc2\x9e\xc2\xb2\xc3\x91n\xc2\x96T\xc2\x9c\xc2\xad\xc3\xa7\xc2\xa7","mozCancelFullScreen","\xc2\x9a\xc2\x8c\xc3\x85\xc2\xbaYRr\xc2\xb7\xc2\x9e\xc2\x9cI^\xc2\x99\xc3\xa9\xc3\xad","\xc2\x9a\xc2\x8c\xc3\x85\xc2\xbaYRr\xc2\xb7\xc2\x9e\xc2\x9cI\xc3\x9anW\xc2\x9d","moz~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw!jx\x1e","mozfullscreenerror"],["msRequestFullscreen","\xc2\x9a\xc3\x811\xc2\x8a\xc3\x91n\xc2\x96[\x1c\xc2\xad\xc3\xa7\xc2\xa7","msFullscreenElement","msFullscreenEnabled","MSFullscreenChange",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!