generic_javascript_obfuscation5 in consent.cookiebot.com

On 2020-09-09T15:48:00.771815+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://consent.cookiebot.com/0a9e7bed-… referenced from http://oscarvmago.com/ .

Code sample:

b'["ar","he","fa","az","ur","pa","ps","ug","yi"],H="left";this.textDirection="ltr";for(B=0;B<P.length;B++)if(P[B]===this.userLanguage.toLowerCase()){this.textDirection="rtl",' … b"['connect.facebook.net','\x15\xc2\xa7\x1en\xc2\x8a$','https://www.facebook.com/policy.php'],['cookiebot.com','Cookiebot','https://www.cookiebot.com/goto/privacy-policy/'],['www.facebook.com','\x15\xc2\xa7\x1en\xc2\x8a$','https://www.facebook.com/policies/cookies/'],['youtube.com','YouTube',"

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).

Fully automated RESTful API is now available. Subscribe for your free trial today!