generic_javascript_obfuscation5 in goo4anywhere.com

On 2020-05-08T01:39:42.619449+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://goo4anywhere.com/7f/f9/4e/7ff94… referenced from http://onejav.com/ .

Code sample:

b"['-99999px','readyState','checkBlock','detect','map','pages','simple','4','0','1','0','http://slaveforgetfulsneak.com/wsf1nit26j','&scrHeight=','&tz=','getTimezoneOffset','&ship=','&pst=','&dev=','isEmulate','false','false','https://cdn15.acloudimages.com/36/\xc2\xb5\xc3\xa9\xc2\xa9\xc2\x95\xc2\xab^/pu1473410272.pdf','','','false','true','false','100','getArr','exclude','20.8.v.1',"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).