generic_javascript_obfuscation5 in apis.google.com

On 2020-07-23T22:28:46.427592+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://apis.google.com/_/scs/apps-stat… referenced from https://sites.google.com/site/moversint… .

Code sample:

b'["j\xc3\xaba\xc2\xba\xc3\x87\xc2\xab","after_\xc2\xad\xc3\xa7b\xc2\xad\xc3\xa7-","access_type","hl"],Zv=["login_hint","prompt"],$v={clientid:"client_id",cookiepolicy:"cookie_policy"},aw=["approval_prompt","j\xc3\xaba\xc2\xba\xc3\x87\xc2\xab","login_hint",\n"prompt","hd"],bw=["login_hint","g-oauth-window","status"],cw=Math.min(_.K("oauth-flow/authWindowWidth",599),screen.width-20),dw=Math.min(_.K("oauth-flow/authWindowHeight",' … b'["login_hint","prompt"],$v={clientid:"client_id",cookiepolicy:"cookie_policy"},aw=["approval_prompt","j\xc3\xaba\xc2\xba\xc3\x87\xc2\xab","login_hint",\n"prompt","hd"],bw=["login_hint","g-oauth-window","status"],cw=Math.min(_.K("oauth-flow/authWindowWidth",599),screen.width-20),dw=Math.min(_.K("oauth-flow/authWindowHeight",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).