generic_javascript_obfuscation5 in apis.google.com

On 2020-05-04T20:39:18.476320+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://apis.google.com/_/scs/apps-stat… referenced from https://sites.google.com/site/moversint… .

Code sample:

b'["j\xc3\xaba\xc2\xba\xc3\x87\xc2\xab","after_\xc2\xad\xc3\xa7b\xc2\xad\xc3\xa7-","access_type","hl"],tw=["login_hint","prompt"],uw={clientid:"client_id",cookiepolicy:"cookie_policy"},vw=["approval_prompt","j\xc3\xaba\xc2\xba\xc3\x87\xc2\xab","login_hint",\n"prompt","hd"],ww=["login_hint","g-oauth-window","status"],xw=Math.min(_.R("oauth-flow/authWindowWidth",599),screen.width-20),yw=Math.min(_.R("oauth-flow/authWindowHeight",' … b'["login_hint","prompt"],uw={clientid:"client_id",cookiepolicy:"cookie_policy"},vw=["approval_prompt","j\xc3\xaba\xc2\xba\xc3\x87\xc2\xab","login_hint",\n"prompt","hd"],ww=["login_hint","g-oauth-window","status"],xw=Math.min(_.R("oauth-flow/authWindowWidth",599),screen.width-20),yw=Math.min(_.R("oauth-flow/authWindowHeight",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!