generic_javascript_obfuscation5 in cdn.stripst.com

On 2020-08-04T03:33:40.981805+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://cdn.stripst.com/assets/perfect-… referenced from https://go.schjmp.com/ .

Code sample:

b'["containerWidth","r\xc2\x89\xc3\xadz{V\xc2\x89\xc3\x9ba","pageX","railXWidth","scrollbarX","scrollbarXWidth","scrollLeft","x","scrollbarXRail"]),T(t,["containerHeight","contentHeight","pageY","railYHeight","scrollbarY","\xc2\xb1\xc3\x8a\xc3\xa8\xc2\x96V\xc3\x9a\xc2\xad\xc2\x81\xc3\x9e\xc2\x8a\x08m","scrollTop","y",' … b'["containerHeight","contentHeight","pageY","railYHeight","scrollbarY","\xc2\xb1\xc3\x8a\xc3\xa8\xc2\x96V\xc3\x9a\xc2\xad\xc2\x81\xc3\x9e\xc2\x8a\x08m","scrollTop","y",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).