generic_javascript_obfuscation5 in www.oscarvmago.com

On 2020-09-09T15:47:59.782668+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://www.oscarvmago.com/wp-content/t… referenced from http://oscarvmago.com/ .

Code sample:

b'["innerHeight","innerWidth","off","offset","on","outerHeight","outerWidth","sc\xc2\xae\xc2\x89e-\xc3\xa7\xc3\xad",' … b'["area","base","br","col","embed","hr","img","input","link","\xc2\x99\xc3\xa9\xc3\xae\xc2\x8a\xc3\x97\xc2\xa6","meta","param","source","track","wbr",' … b'["%"],n.substr(-1,1))?"%":a()(["deg","rem"],n.substr(-3,3))?n.substr(-3,3):a()(["em","px","cm","mm","in","pt","pc","ex","vh","vw",' … b'["deg","rem"],n.substr(-3,3))?n.substr(-3,3):a()(["em","px","cm","mm","in","pt","pc","ex","vh","vw",' … b'["em","px","cm","mm","in","pt","pc","ex","vh","vw",' … b'["em","px","cm","mm","in","pt","pc","ex","vh","vw",' … b'["assignAll","j\xc3\x8b"\xc2\x82r\'All","attempt","castArray","ceil","create","curry","curryRight","u\xc3\xa7\xc3\x9a\xc2\xba[lAll","u\xc3\xa7\xc3\x9a\xc2\xba[lDeepAll","floor","flow","flowRight","fromPairs","invert","\xc2\x8a\xc3\x97\xc2\xabj\xc3\x97\xc2\x9e","memoize","method",' … b'["add","after","ary","assign","assignAllWith","j\xc3\x8b"\xc2\x82r\'","j\xc3\x8b"\xc2\x82r\'AllWith","at","before","bind","bindAll","bindKey","chunk","cloneDeepWith","cloneWith","concat","conformsTo","countBy","curryN","curryRightN","u\xc3\xa6\xc3\xa8\xc2\xbaw\x1e","u\xc3\xa7\xc3\x9a\xc2\xba[l","u\xc3\xa7\xc3\x9a\xc2\xba[lDeep","defaultTo","delay","difference","divide","drop","dropRight","dropRightWhile","dropWhile","zwlZ+a","eq","every","filter","find","findIndex","findKey","~)\xc3\x9d-\xc2\xab-","~)\xc3\x9d-\xc2\xab-Index","~)\xc3\x9d-\xc2\xab-Key","flatMap","flatMapDeep","~V\xc2\xad\xc2\xb5\xc3\xa9\xc3\x83z\xc2\x9ba","forEach","~\xc2\x8a\xc3\x84i\xc3\x88Q\xc2\x8a\x08m","forIn"' … b'["j\xc3\x8b"\xc2\x82r\'With","assignWith","clamp","v\'\xc3\x9fz\xc2\xb7\xc2\xa7q\xc3\xa0r","differenceWith","~)\xc3\x9d\x16\xc2\xba&","findIndexFrom","~)\xc3\x9d-\xc2\xab-From","~)\xc3\x9d-\xc2\xab-IndexFrom","getOr","\xc2\x8aw%\xc2\xb9\xc3\x97\xc2\xacFrom","indexOfFrom","inRange","\xc2\x8a{^\xc2\xae\xc3\x87\xc2\x9c\xc2\xb6*\'By","\xc2\x8a{^\xc2\xae\xc3\x87\xc2\x9c\xc2\xb6*\'With","invokeArgs","invokeArgsMap","isEqualWith","isMatchWith","~V\xc2\xad1\xc2\xaaCz\xc2\x9ba","lastIndexOfFrom","mergeWith","orderBy","\xc2\xa5\xc2\xa7B\xc2\x85\xc2\xaa\xc3\xac","\xc2\xa5\xc2\xa7B\xc2\x85\xc2\xaa\xc3\xacEnd","\xc2\xa5\xc2\xa7B\xc2\x85\xc2\xaa\xc3\xacStart","pullAllBy","pullAllWith","rangeStep","rangeStepRight","reduce","reduceRight","replace","set","slice","sortedIndexBy","sortedLast' … b'["et_animated","\xc2\x8aw\xc3\xa2\xc2\x9e+^","et-waypoint","fade","fadeTop","fadeRight","fadeBottom","}\xc2\xa7^-\xc3\xa7\xc3\xad","slide","\xc2\xb2X\xc2\x9dy:)","slideRight","slideBottom","slideLeft","bounce","bounceTop","bounceRight","n\xc2\x8b\xc2\xa7q\xc3\xa0h\xc2\xb6\xc3\x9a&","bounceLeft","zoom","zoomTop","zoomRight","zoomBottom","\xc3\x8e\xc2\x8a&-\xc3\xa7\xc3\xad","flip","flipTop","flipRight","flipBottom","~X\xc2\xa9-\xc3\xa7\xc3\xad","fold","foldTop","foldRight","foldBottom","~\xc2\x89]-\xc3\xa7\xc3\xad","roll","rollTop","rollRight","rollBottom","\xc2\xae\xc2\x89e-\xc3\xa7\xc3\xad",' … b'["et_animated","\xc2\x8aw\xc3\xa2\xc2\x9e+^","et-waypoint","fade","fadeTop","fadeRight","fadeBottom","}\xc2\xa7^-\xc3\xa7\xc3\xad","slide","\xc2\xb2X\xc2\x9dy:)","slideRight","slideBottom","slideLeft","bounce","bounceTop","bounceRight","n\xc2\x8b\xc2\xa7q\xc3\xa0h\xc2\xb6\xc3\x9a&","bounceLeft","zoom","zoomTop","zoomRight","zoomBottom","\xc3\x8e\xc2\x8a&-\xc3\xa7\xc3\xad","flip","flipTop","flipRight","flipBottom","~X\xc2\xa9-\xc3\xa7\xc3\xad","fold","foldTop","foldRight","foldBottom","~\xc2\x89]-\xc3\xa7\xc3\xad","roll","rollTop","rollRight","rollBottom","\xc2\xae\xc2\x89e-\xc3\xa7\xc3\xad",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!