generic_javascript_obfuscation5 in platform-api.sharethis.com

On 2020-08-30T16:08:19.839380+00:00 we found pattern generic_javascript_obfuscation5, type: Suspicious, (JavaScript obfuscation is frequently used to hide malicious code (or with hope to protect intellectual property)) in the page https://platform-api.sharethis.com/js/s… referenced from https://sktorrent.org/ .

Code sample:

b'["@type"],r="product"===e.meta["og:type"],o=e.getMeta(["og:price:amount","price","product:price:amount"]),(n||r||o)&&(t=JSON.stringify(e.omit({j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r:e.getMeta(["og:j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r","product:j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r","j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r"]),brand:e.getMeta(["brand","og:site_name"]),currency:e.getMeta(["og:price:currency","product:price:currency","priceCurrency"]),description:e.getMeta(["og:description","twitter:description","description"]),image:e.getMeta(["og:image:secure_url","og:image","twitter:image"]),mpn:' … b'["og:type"],o=e.getMeta(["og:price:amount","price","product:price:amount"]),(n||r||o)&&(t=JSON.stringify(e.omit({j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r:e.getMeta(["og:j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r","product:j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r","j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r"]),brand:e.getMeta(["brand","og:site_name"]),currency:e.getMeta(["og:price:currency","product:price:currency","priceCurrency"]),description:e.getMeta(["og:description","twitter:description","description"]),image:e.getMeta(["og:image:secure_url","og:image","twitter:image"]),mpn:e.getMeta(["mpn"]),name:e.getM' … b'["og:price:amount","price","product:price:amount"]),(n||r||o)&&(t=JSON.stringify(e.omit({j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r:e.getMeta(["og:j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r","product:j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r","j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r"]),brand:e.getMeta(["brand","og:site_name"]),currency:e.getMeta(["og:price:currency","product:price:currency","priceCurrency"]),description:e.getMeta(["og:description","twitter:description","description"]),image:e.getMeta(["og:image:secure_url","og:image","twitter:image"]),mpn:e.getMeta(["mpn"]),name:e.getMeta(["og:title","twitter' … b'["og:j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r","product:j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r","j\xc3\xb6\xc2\xa2\xc2\x95\xc2\xa6\xc3\xa2\xc2\x96+r"]),brand:e.getMeta(["brand","og:site_name"]),currency:e.getMeta(["og:price:currency","product:price:currency","priceCurrency"]),description:e.getMeta(["og:description","twitter:description","description"]),image:e.getMeta(["og:image:secure_url","og:image","twitter:image"]),mpn:e.getMeta(["mpn"]),name:e.getMeta(["og:title","twitter:title","name"]),price:e.getMeta(["og:price:amount","product:price:amount","price"]),rating:e.getMeta(["og:rating",' … b'["brand","og:site_name"]),currency:e.getMeta(["og:price:currency","product:price:currency","priceCurrency"]),description:e.getMeta(["og:description","twitter:description","description"]),image:e.getMeta(["og:image:secure_url","og:image","twitter:image"]),mpn:e.getMeta(["mpn"]),name:e.getMeta(["og:title","twitter:title","name"]),price:e.getMeta(["og:price:amount","product:price:amount","price"]),rating:e.getMeta(["og:rating","ratingValue"]),reviews:e.getMeta(["reviewCount","ratingCount"]),sku:e.getMeta(["sku' … b'["og:price:currency","product:price:currency","priceCurrency"]),description:e.getMeta(["og:description","twitter:description","description"]),image:e.getMeta(["og:image:secure_url","og:image","twitter:image"]),mpn:e.getMeta(["mpn"]),name:e.getMeta(["og:title","twitter:title","name"]),price:e.getMeta(["og:price:amount","product:price:amount","price"]),rating:e.getMeta(["og:rating","ratingValue"]),reviews:e.getMeta(["reviewCount","ratingCount"]),sku:e.getMeta(["sku"])})),e.log({event:"ecommerce_pview",ecommer' … b'["og:description","twitter:description","description"]),image:e.getMeta(["og:image:secure_url","og:image","twitter:image"]),mpn:e.getMeta(["mpn"]),name:e.getMeta(["og:title","twitter:title","name"]),price:e.getMeta(["og:price:amount","product:price:amount","price"]),rating:e.getMeta(["og:rating","ratingValue"]),reviews:e.getMeta(["reviewCount","ratingCount"]),sku:e.getMeta(["sku"])})),e.log({event:"ecommerce_pview",ecommerce:t}),e.addEventListener(document,"click",' … b'["og:image:secure_url","og:image","twitter:image"]),mpn:e.getMeta(["mpn"]),name:e.getMeta(["og:title","twitter:title","name"]),price:e.getMeta(["og:price:amount","product:price:amount","price"]),rating:e.getMeta(["og:rating","ratingValue"]),reviews:e.getMeta(["reviewCount","ratingCount"]),sku:e.getMeta(["sku"])})),e.log({event:"ecommerce_pview",ecommerce:t}),e.addEventListener(document,"click",' … b'[".embed-twitter",".embedly-card",".fb-post",".fb-video",".instagram-media",".reddit",".reddit-card",".rm-shortcode",".spotify",".tumblr-embed",".twitter-embed",".twitter-follow",".twitter-tweet",".twitter-video",".twitter-widget","embed","iframe",\'[class^="PIN"]\'],o=[{type:"audio",url:"anchor.fm"},{type:"audio",url:"open.spotify.com/embed"},{type:"audio",url:"player.megaphone.fm"},{type:"audio",url:"playlist.megaphone.fm"},{type:"audio",url:"w.soundcloud.com"},{type:"image",url:"gfycat.com"},{type:"image",' … b'["cite","data-click-to-open-target","data-href","data-instgrm-permalink","data-lazy-src","data-permalink","data-pin-href","data-src","data-src-2x","href","src"],a={},l=document.querySelectorAll(r.join(",' … b'["custom-share-buttons","ecommerce","email-list-builder","ga","gdpr-compliance-tool","gdpr-compliance-tool-v2","google-analytics","image-share-buttons","image-share-buttons-wp","inline-follow-buttons","inline-\xc2\xad\xc3\xa6\xc2\x9c\xc2\xb6*\'-buttons","inline-share-buttons","inline-share-buttons-wp","powr-social-feed","privy-share-buttons","promo-bar","reviews","social-ab","sop","sop-wordpress-plugin","sticky-share-buttons","sticky-share-buttons-wp","top-content","unknown","video-share-buttons",' … b'["blogger","blm","buffer","v&\xc2\xac\xc2\xa6\xc2\x8a\xc3\x9a","digg","douban","email","z\xc3\xb7\xc2\xab\xc2\x9e\xc2\x8b^","}\xc2\xa7\x1en\xc2\x8a$","flipboard","getpocket","github","gmail","googlebookmarks","hackernews","instapaper","line","\xc2\x96)\xc3\xa4y\xc3\x98\xc2\xa7","livejournal","mailru","meneame","messenger","odnoklassniki","pinterest","print","qzone","reddit","refind","renren","sharethis","skype","sms","\xc2\xb2v\xc2\xa9r\x16\xc2\xad","surfingbird","\xc2\xb5\xc3\xa9^\xc2\x82\xc2\xb6\xc2\xa6","tumblr","twitter","vk","wechat","weibo","\xc3\x82\x16\xc2\xad\xc2\xb1\xc2\xaai","wordpress","xing",'

This feature is experimental so please feel free to contact us if you feel any of the reported issues is a false positive or you want to suggest a pattern that should be detected (we are using Yara standard).