generic_javascript_obfuscation5 in www.youtube.com

On 2020-05-09T22:37:17.157518+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.youtube.com/yts/jsbin/web-a… referenced from http://www.youtube.com/ .

Code sample:

b'["borderBottomWidth",\n"borderBottomStyle","borderBottomColor"],borderColor:["borderTopColor","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bB\xc2\xa2Z+","borderBottomColor","borderLeftColor"],borderLeft:["borderLeftWidth","borderLeftStyle","borderLeftColor"],borderRadius:["borderTopLeftRadius","n\xc2\x8a\xc3\x9dz\xc2\xb4\xc3\xa8\xc2\xa5\x18\xc2\xa0\xc2\x86\xc3\x94Zv+\xc2\xac","borderBottomRightRadius","borderBottomLeftRadius"],borderRight:["n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bR\xc2\xb7)^","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bB\xc2\xa2Z+"],borderTop:["borderTopWidth","borderTopStyle","borderTopColor"],borderWidth:["borderTopWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b' … b'["borderTopColor","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bB\xc2\xa2Z+","borderBottomColor","borderLeftColor"],borderLeft:["borderLeftWidth","borderLeftStyle","borderLeftColor"],borderRadius:["borderTopLeftRadius","n\xc2\x8a\xc3\x9dz\xc2\xb4\xc3\xa8\xc2\xa5\x18\xc2\xa0\xc2\x86\xc3\x94Zv+\xc2\xac","borderBottomRightRadius","borderBottomLeftRadius"],borderRight:["n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bR\xc2\xb7)^","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bB\xc2\xa2Z+"],borderTop:["borderTopWidth","borderTopStyle","borderTopColor"],borderWidth:["borderTopWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","borderBottomWidth",\n"borderLeftWidth"],flex:["~W\xc2\xb1\x1a\xc2\xba0","flexSh' … b'["borderLeftWidth","borderLeftStyle","borderLeftColor"],borderRadius:["borderTopLeftRadius","n\xc2\x8a\xc3\x9dz\xc2\xb4\xc3\xa8\xc2\xa5\x18\xc2\xa0\xc2\x86\xc3\x94Zv+\xc2\xac","borderBottomRightRadius","borderBottomLeftRadius"],borderRight:["n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bR\xc2\xb7)^","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bB\xc2\xa2Z+"],borderTop:["borderTopWidth","borderTopStyle","borderTopColor"],borderWidth:["borderTopWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","borderBottomWidth",\n"borderLeftWidth"],flex:["~W\xc2\xb1\x1a\xc2\xba0","flexShrink",' … b'["borderTopLeftRadius","n\xc2\x8a\xc3\x9dz\xc2\xb4\xc3\xa8\xc2\xa5\x18\xc2\xa0\xc2\x86\xc3\x94Zv+\xc2\xac","borderBottomRightRadius","borderBottomLeftRadius"],borderRight:["n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bR\xc2\xb7)^","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bB\xc2\xa2Z+"],borderTop:["borderTopWidth","borderTopStyle","borderTopColor"],borderWidth:["borderTopWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","borderBottomWidth",\n"borderLeftWidth"],flex:["~W\xc2\xb1\x1a\xc2\xba0","flexShrink",' … b'["n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bR\xc2\xb7)^","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bB\xc2\xa2Z+"],borderTop:["borderTopWidth","borderTopStyle","borderTopColor"],borderWidth:["borderTopWidth","n\xc2\x8a\xc3\x9dz\xc2\xb4b\xc2\x82\x1bV\xc2\x89\xc3\x9ba","borderBottomWidth",\n"borderLeftWidth"],flex:["~W\xc2\xb1\x1a\xc2\xba0","flexShrink",' … b'["marginTop","marginRight","\xc2\x99\xc2\xaa\xc3\xa0\xc2\x8aph\xc2\xb6\xc3\x9a&","marginLeft"],outline:["\xc2\xa2\xc3\xabe\xc2\x8aw\xc2\x82\xc2\xa2Z+","\xc2\xa2\xc3\xabe\xc2\x8aw\xc2\x92\xc2\xb7)^","\xc2\xa2\xc3\xabe\xc2\x8aw\xc2\x96\xc2\x89\xc3\x9ba"],padding:["paddingTop","\xc2\xa5\xc2\xa7]\xc2\x8ax\x11\xc2\x8a\x08m","paddingBottom","paddingLeft"]},h=document.createElementNS("http://www.w3.org/1999/xhtml","div");v={thin:"1px",medium:"3px",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!