generic_javascript_obfuscation5 in nta1vb6cdlrl.com

On 2020-05-31T13:40:34.686198+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://nta1vb6cdlrl.com/86/be/77/86be7… referenced from http://onejav.com/ .

Code sample:

b"['1','sb_main_','script','forEach','regexpSrcDomainPlaceholder','send','timing','now','onerror','\xc2\xb2\xc2\xb7\x03\xc2\xa2f\xc2\xa2\xc2\x9c\xc3\xb9Zq\xc3\xa8h\xc2\x95\xc3\x97\xc2\xab','onload','containerID','none','20.9.8066','url','target',"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).