Part of my job is to help shut down phish attempts. I typically decode their encoded javascripts, find the offending domain, and report them. Some get all their data wiped out. It’s pretty easy to visually tell when something is base64 encoded etc, but I am having trouble recognizing this kind of encoding? Do you know what this is when it looks like: an underscore, a zero, an x and then a string? example: _0x5c2c5e(0x1ef)] = _0x5c2c5e(0x21d), _0x2ee449[‘innerHTML’] = _0x625f90, emailBlock[_0x5c2c5e(0x1cf)][_0x5c2c5e(0x1d3)]
If I could decode these parts, I could shut down many more, but I don’t know this encoding. It might be obvious to you, so I ask 🙂