generic_javascript_obfuscation5 in msagsytest-001-site1.atempurl.com

On 2020-10-08T00:23:30.729056+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page http://msagsytest-001-site1.atempurl.co… referenced from http://msagsytest-001-site1.atempurl.co… .

Code sample:

b'["IMAGE","FLASH","VIDEO","YOUTUBE","VIMEO","PDF","MP3","WEB","FLV","DAILYMOTION","DIV","WISTIA",' … b'["\xc2\x96\xc2\x86\xc2\x9d\xc2\x8ax"\xc2\x99\xc2\xa8\x1e","nextimage","previmage","closeimage","playvideoimage","\xc2\xb6+ey\xc2\xb8"\xc2\x99\xc2\xa8\x1e",\n"navarrowsprevimage","navarrowsnextimage","navcontrolimage","playimage","pauseimage","~\xc3\xa9e\xc2\xb1\xc3\x8a\xc3\x9ezw%\xc2\xa2\xc3\x87\xc2\xa2\xc2\x99\xc2\xa8\x1e","fullscreennextimage",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).