Code: PORNDROID9007QD1 (insufficient privileges to post in Browser Hijacks forum)

Discussion in 'malware problems & news' started by Valder, Nov 5, 2015.

  1. Valder

    Valder Registered Member

    Joined:
    Dec 28, 2008
    Posts:
    97
    I got in this ~ Snipped as per TOS ~: https://www.google.com/search?q="Microsoft+Security+Department+-+WARNING"

    In fact, the link which looks like https://storage.googleapis.com/alertinfoerrors/windows/error-windows-aus.html


    But don't visit it if your life is dear. Okay, okay, I admit: I was searching for a book download on the freer parts of the net. That was my sin.

    It all happened with the latest Iron Browser. Now what? I am total noob with these.

    I secure my Windows 7 system with ToolWiz Time Freeze 2016 (already?), after a reboot, no virus scanner will show anything. It's just the browser... what to do?
     
    Last edited by a moderator: Nov 5, 2015
  2. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,239
    @Valder Your link is truncated and doesn't work. Did you get the warning in a browser window? If you did, it's absolutely nothing to worry about, as it just coming from a webpage, rather than an infection on your computer.
     
  3. Valder

    Valder Registered Member

    Joined:
    Dec 28, 2008
    Posts:
    97
    How do I edit my OP for the proper link?

    @roger_m

    If you do the Google search (1st line in OP) you can easily identify the link I got hijacked to (or how to call it)

    Thanks for the tip!
     
  4. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,239
    @Valder There is an edit button under your post. Was the alart just in a browser window?
     
    Last edited: Nov 5, 2015
  5. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    It's a scam. The window is a Javascript popup, designed to fool you into calling the scammer's number. It doesn't look like there's any malware there.

    Note though, the JS popup's behavior (where the it blocks all other interaction with Chrome, even closing the window) should probably be considered a UI bug in Chrome.

    Edit: ... or maybe that's not all there is to it. The page made Chromium segfault after a while. I'll take another look at this.

    Edit 2: Hmm.

    Code:
    sandbox@debianbox:~$ chromium 
    [9456:9477:1105/174046:FATAL:audio_manager.cc(112)] Check failed: ++hang_failures_ < kMaxHangFailureCount (2 vs. 2)
    #0 0x0000b0cd492d <unknown>
    #1 0x0000b0cee4b2 <unknown>
    #2 0x0000b18a63fc <unknown>
    #3 0x0000b18a6534 <unknown>
    #4 0x0000b0d5132f <unknown>
    #5 0x0000b0cf4b6d <unknown>
    #6 0x0000b0cf4f5f <unknown>
    #7 0x0000b0cf5612 <unknown>
    #8 0x0000b0cc9a8b <unknown>
    #9 0x0000b0cf46e4 <unknown>
    #10 0x0000b0d0b8f5 <unknown>
    #11 0x0000b0cf4068 <unknown>
    #12 0x0000b0d2e994 <unknown>
    #13 0x0000b37aac85 <unknown>
    #14 0x0000b37aae52 <unknown>
    #15 0x0000b0d2ea85 <unknown>
    #16 0x0000b0d2a07e <unknown>
    #17 0x0000aed2defb start_thread
    #18 0x0000aec6662e clone
    
    Aborted
    
    Probably a side effect of whatever the page is doing, rather than a code execution attack. But lets' see...
     
    Last edited: Nov 5, 2015
  6. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Huh. I just noticed, the scam site has a valid TLS certificate. Groovy. :(

    Edit: right, d'oh, this is on GoogleAPIs.

    Edit 2: the IP addresses involved are all owned by Google. I don't see any connections to non-Google addresses.

    Meanwhile, whatever this thing is, it makes Chromium go *berserk* on the CPU.
     
  7. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    ... And the phone number is invalid as a US number (only 9 digits). Nice.
     
  8. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    So, I can actually look at this in the element inspector... Let me see if I can dump the page sources, or something.
     
  9. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Links2 and Linux CLI tools to the rescue. As usual. Gimme a minute.
     
  10. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    There is a seemingly unique JS file, "analytics.js". No idea what it does. Here it is after pretty-printing, though, if anyone wants to take a gander at it:

    Code:
    (function() {
        var aa = encodeURIComponent,
            f = window,
            n = Math;
    
        function Pc(a, b) {
            return a.href = b
        }
        var Qc = "replace",
            q = "data",
            m = "match",
            xc = "send",
            ja = "port",
            u = "createElement",
            id = "setAttribute",
            da = "getTime",
            A = "split",
            B = "location",
            ra = "hasOwnProperty",
            ma = "hostname",
            ga = "search",
            E = "protocol",
            Ab = "href",
            kd = "action",
            G = "apply",
            p = "push",
            h = "hash",
            pa = "test",
            ha = "slice",
            r = "cookie",
            t = "indexOf",
            ia = "defaultValue",
            v = "name",
            y = "length",
            Ga = "sendBeacon",
            z = "prototype",
            la = "clientWidth",
            jd = "target",
            C = "call",
            na = "clientHeight",
            F = "substring",
            oa = "navigator",
            H = "join",
            I = "toLowerCase";
        var $c = function(a) {
            this.w = a || []
        };
        $c[z].set = function(a) {
            this.w[a] = !0
        };
        $c[z].encode = function() {
            for (var a = [], b = 0; b < this.w[y]; b++) this.w[b] && (a[n.floor(b / 6)] = a[n.floor(b / 6)] ^ 1 << b % 6);
            for (b = 0; b < a[y]; b++) a[b] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_".charAt(a[b] || 0);
            return a[H]("") + "~"
        };
        var vd = new $c;
    
        function J(a) {
            vd.set(a)
        }
        var Nd = function(a, b) {
                var c = new $c(Dd(a));
                c.set(b);
                a.set(Gd, c.w)
            },
            Td = function(a) {
                a = Dd(a);
                a = new $c(a);
                for (var b = vd.w[ha](), c = 0; c < a.w[y]; c++) b[c] = b[c] || a.w[c];
                return (new $c(b)).encode()
            },
            Dd = function(a) {
                a = a.get(Gd);
                ka(a) || (a = []);
                return a
            };
        var ea = function(a) {
                return "function" == typeof a
            },
            ka = function(a) {
                return "[object Array]" == Object[z].toString[C](Object(a))
            },
            qa = function(a) {
                return void 0 != a && -1 < (a.constructor + "")[t]("String")
            },
            D = function(a, b) {
                return 0 == a[t](b)
            },
            sa = function(a) {
                return a ? a[Qc](/^[\s\xa0]+|[\s\xa0]+$/g, "") : ""
            },
            ta = function(a) {
                var b = M[u]("img");
                b.width = 1;
                b.height = 1;
                b.src = a;
                return b
            },
            ua = function() {},
            K = function(a) {
                if (aa instanceof Function) return aa(a);
                J(28);
                return a
            },
            L = function(a, b, c, d) {
                try {
                    a.addEventListener ? a.addEventListener(b,
                        c, !!d) : a.attachEvent && a.attachEvent("on" + b, c)
                } catch (e) {
                    J(27)
                }
            },
            wa = function(a, b) {
                if (a) {
                    var c = M[u]("script");
                    c.type = "text/javascript";
                    c.async = !0;
                    c.src = a;
                    b && (c.id = b);
                    var d = M.getElementsByTagName("script")[0];
                    d.parentNode.insertBefore(c, d)
                }
            },
            Ud = function() {
                return "https:" == M[B][E]
            },
            xa = function() {
                var a = "" + M[B][ma];
                return 0 == a[t]("www.") ? a[F](4) : a
            },
            ya = function(a) {
                var b = M.referrer;
                if (/^https?:\/\//i [pa](b)) {
                    if (a) return b;
                    a = "//" + M[B][ma];
                    var c = b[t](a);
                    if (5 == c || 6 == c)
                        if (a = b.charAt(c + a[y]), "/" == a || "?" == a || "" ==
                            a || ":" == a) return;
                    return b
                }
            },
            za = function(a, b) {
                if (1 == b[y] && null != b[0] && "object" === typeof b[0]) return b[0];
                for (var c = {}, d = n.min(a[y] + 1, b[y]), e = 0; e < d; e++)
                    if ("object" === typeof b[e]) {
                        for (var g in b[e]) b[e][ra](g) && (c[g] = b[e][g]);
                        break
                    } else e < a[y] && (c[a[e]] = b[e]);
                return c
            };
        var ee = function() {
            this.keys = [];
            this.values = {};
            this.m = {}
        };
        ee[z].set = function(a, b, c) {
            this.keys[p](a);
            c ? this.m[":" + a] = b : this.values[":" + a] = b
        };
        ee[z].get = function(a) {
            return this.m[ra](":" + a) ? this.m[":" + a] : this.values[":" + a]
        };
        ee[z].map = function(a) {
            for (var b = 0; b < this.keys[y]; b++) {
                var c = this.keys[b],
                    d = this.get(c);
                d && a(c, d)
            }
        };
        var O = f,
            M = document,
            Mc = function() {
                for (var a = O[oa].userAgent + (M[r] ? M[r] : "") + (M.referrer ? M.referrer : ""), b = a[y], c = O.history[y]; 0 < c;) a += c-- ^ b++;
                return La(a)
            };
        var Aa = function(a) {
            var b = O._gaUserPrefs;
            if (b && b.ioo && b.ioo() || a && !0 === O["ga-disable-" + a]) return !0;
            try {
                var c = O.external;
                if (c && c._gaUserPrefs && "oo" == c._gaUserPrefs) return !0
            } catch (d) {}
            return !1
        };
        var Ca = function(a) {
                var b = [],
                    c = M[r][A](";");
                a = new RegExp("^\\s*" + a + "=\\s*(.*?)\\s*$");
                for (var d = 0; d < c[y]; d++) {
                    var e = c[d][m](a);
                    e && b[p](e[1])
                }
                return b
            },
            zc = function(a, b, c, d, e, g) {
                e = Aa(e) ? !1 : eb[pa](M[B][ma]) || "/" == c && vc[pa](d) ? !1 : !0;
                if (!e) return !1;
                b && 1200 < b[y] && (b = b[F](0, 1200), J(24));
                c = a + "=" + b + "; path=" + c + "; ";
                g && (c += "expires=" + (new Date((new Date)[da]() + g)).toGMTString() + "; ");
                d && "none" != d && (c += "domain=" + d + ";");
                d = M[r];
                M.cookie = c;
                if (!(d = d != M[r])) t: {
                    a = Ca(a);
                    for (d = 0; d < a[y]; d++)
                        if (b == a[d]) {
                            d = !0;
                            break t
                        }
                    d = !1
                }
                return d
            },
            Cc = function(a) {
                return K(a)[Qc](/\(/g, "%28")[Qc](/\)/g, "%29")
            },
            vc = /^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,
            eb = /(^|\.)doubleclick\.net$/i;
        var oc = function() {
                return (Ba || Ud() ? "https:" : "http:") + "//www.google-analytics.com"
            },
            Da = function(a) {
                this.name = "len";
                this.message = a + "-8192"
            },
            wc = function(a, b, c) {
                var d = ta(a + "?" + b);
                d.onload = d.onerror = function() {
                    d.onload = null;
                    d.onerror = null;
                    c()
                }
            },
            xd = function(a, b, c) {
                var d;
                d = O.XDomainRequest;
                if (!d) return !1;
                d = new d;
                d.open("POST", a);
                d.onerror = function() {
                    c()
                };
                d.onload = c;
                d[xc](b);
                return !0
            },
            wd = function(a, b, c) {
                var d = O.XMLHttpRequest;
                if (!d) return !1;
                var e = new d;
                if (!("withCredentials" in e)) return !1;
                e.open("POST", a, !0);
                e.withCredentials = !0;
                e.setRequestHeader("Content-Type", "text/plain");
                e.onreadystatechange = function() {
                    4 == e.readyState && (c(), e = null)
                };
                e[xc](b);
                return !0
            },
            ge = function(a, b, c) {
                1 <= 100 * n.random() || Aa("?") || (a = ["t=error", "_e=" + a, "_v=j33", "sr=1"], b && a[p]("_f=" + b), c && a[p]("_m=" + K(c[F](0, 100))), a[p]("aip=1"), a[p]("z=" + fe()), wc(oc() + "/collect", a[H]("&"), ua))
            };
        var Ha = function() {
            this.t = []
        };
        Ha[z].add = function(a) {
            this.t[p](a)
        };
        Ha[z].D = function(a) {
            try {
                for (var b = 0; b < this.t[y]; b++) {
                    var c = a.get(this.t[b]);
                    c && ea(c) && c[C](O, a)
                }
            } catch (d) {}
            b = a.get(Ia);
            b != ua && ea(b) && (a.set(Ia, ua, !0), setTimeout(b, 10))
        };
    
        function Ja(a) {
            if (100 != a.get(Ka) && La(P(a, Q)) % 1E4 >= 100 * R(a, Ka)) throw "abort";
        }
    
        function Ma(a) {
            if (Aa(P(a, Na))) throw "abort";
        }
    
        function Oa() {
            var a = M[B][E];
            if ("http:" != a && "https:" != a) throw "abort";
        }
    
        function Pa(a) {
            try {
                O.XMLHttpRequest && "withCredentials" in new O.XMLHttpRequest ? J(40) : O.XDomainRequest && J(41), O[oa][Ga] && J(42)
            } catch (b) {}
            a.set(ld, Td(a), !0);
            a.set(Ac, R(a, Ac) + 1);
            var c = [];
            Qa.map(function(b, e) {
                if (e.p) {
                    var g = a.get(b);
                    void 0 != g && g != e[ia] && ("boolean" == typeof g && (g *= 1), c[p](e.p + "=" + K("" + g)))
                }
            });
            c[p]("z=" + Bd());
            a.set(Ra, c[H]("&"), !0)
        }
    
        function Sa(a) {
            var b = P(a, gd) || oc() + "/collect",
                c = P(a, Ra),
                d = a.get(Ia),
                e = a.get(Vd),
                d = d || ua;
            e && (e = d, O[oa][Ga] ? O[oa][Ga](b, c) ? (e(), e = !0) : e = !1 : e = !1);
            if (!e)
                if (2036 >= c[y]) wc(b, c, d);
                else if (8192 >= c[y]) wd(b, c, d) || xd(b, c, d) || wc(b, c, d);
            else throw ge("len", c[y]), new Da(c[y]);
            a.set(Ia, ua, !0)
        }
    
        function Hc(a) {
            var b = O.gaData;
            b && (b.expId && a.set(Nc, b.expId), b.expVar && a.set(Oc, b.expVar))
        }
    
        function cd() {
            if (O[oa] && "preview" == O[oa].loadPurpose) throw "abort";
        }
    
        function yd(a) {
            var b = O.gaDevIds;
            ka(b) && 0 != b[y] && a.set("&did", b[H](","), !0)
        }
    
        function vb(a) {
            if (!a.get(Na)) throw "abort";
        };
        var hd = function() {
                return n.round(2147483647 * n.random())
            },
            Bd = function() {
                try {
                    var a = new Uint32Array(1);
                    O.crypto.getRandomValues(a);
                    return a[0] & 2147483647
                } catch (b) {
                    return hd()
                }
            },
            fe = hd;
    
        function Ta(a) {
            var b = R(a, Ua);
            500 <= b && J(15);
            var c = P(a, Va);
            if ("transaction" != c && "item" != c) {
                var c = R(a, Wa),
                    d = (new Date)[da](),
                    e = R(a, Xa);
                0 == e && a.set(Xa, d);
                e = n.round(2 * (d - e) / 1E3);
                0 < e && (c = n.min(c + e, 20), a.set(Xa, d));
                if (0 >= c) throw "abort";
                a.set(Wa, --c)
            }
            a.set(Ua, ++b)
        };
        var Ya = function() {
                this.data = new ee
            },
            Qa = new ee,
            Za = [];
        Ya[z].get = function(a) {
            var b = $a(a),
                c = this[q].get(a);
            b && void 0 == c && (c = ea(b[ia]) ? b[ia]() : b[ia]);
            return b && b.n ? b.n(this, a, c) : c
        };
        var P = function(a, b) {
                var c = a.get(b);
                return void 0 == c ? "" : "" + c
            },
            R = function(a, b) {
                var c = a.get(b);
                return void 0 == c || "" === c ? 0 : 1 * c
            };
        Ya[z].set = function(a, b, c) {
            if (a)
                if ("object" == typeof a)
                    for (var d in a) a[ra](d) && ab(this, d, a[d], c);
                else ab(this, a, b, c)
        };
        var ab = function(a, b, c, d) {
                if (void 0 != c) switch (b) {
                    case Na:
                        wb[pa](c)
                }
                var e = $a(b);
                e && e.o ? e.o(a, b, c, d) : a[q].set(b, c, d)
            },
            bb = function(a, b, c, d, e) {
                this.name = a;
                this.p = b;
                this.n = d;
                this.o = e;
                this.defaultValue = c
            },
            $a = function(a) {
                var b = Qa.get(a);
                if (!b)
                    for (var c = 0; c < Za[y]; c++) {
                        var d = Za[c],
                            e = d[0].exec(a);
                        if (e) {
                            b = d[1](e);
                            Qa.set(b[v], b);
                            break
                        }
                    }
                return b
            },
            yc = function(a) {
                var b;
                Qa.map(function(c, d) {
                    d.p == a && (b = d)
                });
                return b && b[v]
            },
            S = function(a, b, c, d, e) {
                a = new bb(a, b, c, d, e);
                Qa.set(a[v], a);
                return a[v]
            },
            cb = function(a, b) {
                Za[p]([new RegExp("^" +
                    a + "$"), b])
            },
            T = function(a, b, c) {
                return S(a, b, c, void 0, db)
            },
            db = function() {};
        var gb = qa(f.GoogleAnalyticsObject) && sa(f.GoogleAnalyticsObject) || "ga",
            Ba = !1,
            he = S("_br"),
            hb = T("apiVersion", "v"),
            ib = T("clientVersion", "_v");
        S("anonymizeIp", "aip");
        var jb = S("adSenseId", "a"),
            Va = S("hitType", "t"),
            Ia = S("hitCallback"),
            Ra = S("hitPayload");
        S("nonInteraction", "ni");
        S("currencyCode", "cu");
        var Vd = S("useBeacon", void 0, !1);
        S("dataSource", "ds");
        S("sessionControl", "sc", "");
        S("sessionGroup", "sg");
        S("queueTime", "qt");
        var Ac = S("_s", "_s");
        S("screenName", "cd");
        var kb = S("location", "dl", ""),
            lb = S("referrer", "dr"),
            mb = S("page", "dp", "");
        S("hostname", "dh");
        var nb = S("language", "ul"),
            ob = S("encoding", "de");
        S("title", "dt", function() {
            return M.title || void 0
        });
        cb("contentGroup([0-9]+)", function(a) {
            return new bb(a[0], "cg" + a[1])
        });
        var pb = S("screenColors", "sd"),
            qb = S("screenResolution", "sr"),
            rb = S("viewportSize", "vp"),
            sb = S("javaEnabled", "je"),
            tb = S("flashVersion", "fl");
        S("campaignId", "ci");
        S("campaignName", "cn");
        S("campaignSource", "cs");
        S("campaignMedium", "cm");
        S("campaignKeyword", "ck");
        S("campaignContent", "cc");
        var ub = S("eventCategory", "ec"),
            xb = S("eventAction", "ea"),
            yb = S("eventLabel", "el"),
            zb = S("eventValue", "ev"),
            Bb = S("socialNetwork", "sn"),
            Cb = S("socialAction", "sa"),
            Db = S("socialTarget", "st"),
            Eb = S("l1", "plt"),
            Fb = S("l2", "pdt"),
            Gb = S("l3", "dns"),
            Hb = S("l4", "rrt"),
            Ib = S("l5", "srt"),
            Jb = S("l6", "tcp"),
            Kb = S("l7", "dit"),
            Lb = S("l8", "clt"),
            Mb = S("timingCategory", "utc"),
            Nb = S("timingVar", "utv"),
            Ob = S("timingLabel", "utl"),
            Pb = S("timingValue", "utt");
        S("appName", "an");
        S("appVersion", "av", "");
        S("appId", "aid", "");
        S("appInstallerId", "aiid", "");
        S("exDescription", "exd");
        S("exFatal", "exf");
        var Nc = S("expId", "xid"),
            Oc = S("expVar", "xvar"),
            Rc = S("_utma", "_utma"),
            Sc = S("_utmz", "_utmz"),
            Tc = S("_utmht", "_utmht"),
            Ua = S("_hc", void 0, 0),
            Xa = S("_ti", void 0, 0),
            Wa = S("_to", void 0, 20);
        cb("dimension([0-9]+)", function(a) {
            return new bb(a[0], "cd" + a[1])
        });
        cb("metric([0-9]+)", function(a) {
            return new bb(a[0], "cm" + a[1])
        });
        S("linkerParam", void 0, void 0, Bc, db);
        var ld = S("usage", "_u"),
            Gd = S("_um");
        S("forceSSL", void 0, void 0, function() {
            return Ba
        }, function(a, b, c) {
            J(34);
            Ba = !!c
        });
        var ed = S("_j1", "jid"),
            Hd = S("_j2", "gjid");
        cb("\\&(.*)", function(a) {
            var b = new bb(a[0], a[1]),
                c = yc(a[0][F](1));
            c && (b.n = function(a) {
                return a.get(c)
            }, b.o = function(a, b, g, ca) {
                a.set(c, g, ca)
            }, b.p = void 0);
            return b
        });
        var Qb = T("_oot"),
            dd = S("previewTask"),
            Rb = S("checkProtocolTask"),
            md = S("validationTask"),
            Sb = S("checkStorageTask"),
            Uc = S("historyImportTask"),
            Tb = S("samplerTask"),
            Vb = T("_rlt"),
            Wb = S("buildHitTask"),
            Xb = S("sendHitTask"),
            Vc = S("ceTask"),
            zd = S("devIdTask"),
            Cd = S("timingTask"),
            Ld = S("displayFeaturesTask"),
            V = T("name"),
            Q = T("clientId", "cid"),
            Ad = S("userId", "uid"),
            Na = T("trackingId", "tid"),
            U = T("cookieName", void 0, "_ga"),
            W = T("cookieDomain"),
            Yb = T("cookiePath", void 0, "/"),
            Zb = T("cookieExpires", void 0, 63072E3),
            $b = T("legacyCookieDomain"),
            Wc = T("legacyHistoryImport", void 0, !0),
            ac = T("storage", void 0, "cookie"),
            bc = T("allowLinker", void 0, !1),
            cc = T("allowAnchor", void 0, !0),
            Ka = T("sampleRate", "sf", 100),
            dc = T("siteSpeedSampleRate", void 0, 1),
            ec = T("alwaysSendReferrer", void 0, !1),
            gd = S("transportUrl"),
            Md = S("_r", "_r");
    
        function X(a, b, c, d) {
            b[a] = function() {
                try {
                    return d && J(d), c[G](this, arguments)
                } catch (b) {
                    throw ge("exc", a, b && b[v]), b;
                }
            }
        };
        var Od = function(a, b, c) {
                this.V = 1E4;
                this.fa = a;
                this.$ = !1;
                this.B = b;
                this.ea = c || 1
            },
            Ed = function(a, b) {
                var c;
                if (a.fa && a.$) return 0;
                a.$ = !0;
                if (b) {
                    if (a.B && R(b, a.B)) return R(b, a.B);
                    if (0 == b.get(dc)) return 0
                }
                if (0 == a.V) return 0;
                void 0 === c && (c = Bd());
                return 0 == c % a.V ? n.floor(c / a.V) % a.ea + 1 : 0
            };
        var ie = new Od(!0, he, 5),
            je = function(a) {
                if (!Ud() && !Ba) {
                    var b = Ed(ie, a);
                    if (b && (O[oa][Ga] || !(4 <= b))) {
                        var c = (new Date).getHours(),
                            d = [Bd(), Bd(), Bd()][H](".");
                        a = (3 == b || 5 == b ? "https:" : "http:") + "//www.google-analytics.com/collect?z=br.";
                        a += [b, "A", c, d][H](".");
                        var e = 1 != b && 4 != b ? "https:" : "http:",
                            e = e + "//www.google-analytics.com/collect?z=br.",
                            e = e + [b, "B", c, d][H]("."),
                            c = function() {
                                4 <= b ? O[oa][Ga](e, "") : ta(e)
                            };
                        Bd() % 2 ? (ta(a), c()) : (c(), ta(a))
                    }
                }
            };
    
        function fc() {
            var a, b, c;
            if ((c = (c = O[oa]) ? c.plugins : null) && c[y])
                for (var d = 0; d < c[y] && !b; d++) {
                    var e = c[d]; - 1 < e[v][t]("Shockwave Flash") && (b = e.description)
                }
            if (!b) try {
                a = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"), b = a.GetVariable("$version")
            } catch (g) {}
            if (!b) try {
                a = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.6"), b = "WIN 6,0,21,0", a.AllowScriptAccess = "always", b = a.GetVariable("$version")
            } catch (ca) {}
            if (!b) try {
                a = new ActiveXObject("ShockwaveFlash.ShockwaveFlash"), b = a.GetVariable("$version")
            } catch (l) {}
            b &&
                (a = b[m](/[\d]+/g)) && 3 <= a[y] && (b = a[0] + "." + a[1] + " r" + a[2]);
            return b || void 0
        };
        var gc = function(a, b) {
                var c = n.min(R(a, dc), 100);
                if (!(La(P(a, Q)) % 100 >= c) && (c = {}, Ec(c) || Fc(c))) {
                    var d = c[Eb];
                    void 0 == d || Infinity == d || isNaN(d) || (0 < d ? (Y(c, Gb), Y(c, Jb), Y(c, Ib), Y(c, Fb), Y(c, Hb), Y(c, Kb), Y(c, Lb), b(c)) : L(O, "load", function() {
                        gc(a, b)
                    }, !1))
                }
            },
            Ec = function(a) {
                var b = O.performance || O.webkitPerformance,
                    b = b && b.timing;
                if (!b) return !1;
                var c = b.navigationStart;
                if (0 == c) return !1;
                a[Eb] = b.loadEventStart - c;
                a[Gb] = b.domainLookupEnd - b.domainLookupStart;
                a[Jb] = b.connectEnd - b.connectStart;
                a[Ib] = b.responseStart - b.requestStart;
                a[Fb] = b.responseEnd - b.responseStart;
                a[Hb] = b.fetchStart - c;
                a[Kb] = b.domInteractive - c;
                a[Lb] = b.domContentLoadedEventStart - c;
                return !0
            },
            Fc = function(a) {
                if (O.top != O) return !1;
                var b = O.external,
                    c = b && b.onloadT;
                b && !b.isValidLoadTime && (c = void 0);
                2147483648 < c && (c = void 0);
                0 < c && b.setPageReadyTime();
                if (void 0 == c) return !1;
                a[Eb] = c;
                return !0
            },
            Y = function(a, b) {
                var c = a[b];
                if (isNaN(c) || Infinity == c || 0 > c) a[b] = void 0
            },
            Fd = function(a) {
                return function(b) {
                    "pageview" != b.get(Va) || a.I || (a.I = !0, gc(b, function(b) {
                        a[xc]("timing", b)
                    }))
                }
            };
        var hc = !1,
            mc = function(a) {
                if ("cookie" == P(a, ac)) {
                    var b = P(a, U),
                        c = nd(a),
                        d = kc(P(a, Yb)),
                        e = lc(P(a, W)),
                        g = 1E3 * R(a, Zb),
                        ca = P(a, Na);
                    if ("auto" != e) zc(b, c, d, e, ca, g) && (hc = !0);
                    else {
                        J(32);
                        var l;
                        t: {
                            c = [];
                            e = xa()[A](".");
                            if (4 == e[y] && (l = e[e[y] - 1], parseInt(l, 10) == l)) {
                                l = ["none"];
                                break t
                            }
                            for (l = e[y] - 2; 0 <= l; l--) c[p](e[ha](l)[H]("."));
                            c[p]("none");
                            l = c
                        }
                        for (var k = 0; k < l[y]; k++)
                            if (e = l[k], a[q].set(W, e), c = nd(a), zc(b, c, d, e, ca, g)) {
                                hc = !0;
                                return
                            }
                        a[q].set(W, "auto")
                    }
                }
            },
            nc = function(a) {
                if ("cookie" == P(a, ac) && !hc && (mc(a), !hc)) throw "abort";
            },
            Yc = function(a) {
                if (a.get(Wc)) {
                    var b = P(a, W),
                        c = P(a, $b) || xa(),
                        d = Xc("__utma", c, b);
                    d && (J(19), a.set(Tc, (new Date)[da](), !0), a.set(Rc, d.R), (b = Xc("__utmz", c, b)) && d[h] == b[h] && a.set(Sc, b.R))
                }
            },
            nd = function(a) {
                var b = Cc(P(a, Q)),
                    c = ic(P(a, W));
                a = jc(P(a, Yb));
                1 < a && (c += "-" + a);
                return ["GA1", c, b][H](".")
            },
            Gc = function(a, b, c) {
                for (var d = [], e = [], g, ca = 0; ca < a[y]; ca++) {
                    var l = a[ca];
                    if (l.r[c] == b) d[p](l);
                    else void 0 == g || l.r[c] < g ? (e = [l], g = l.r[c]) : l.r[c] == g && e[p](l)
                }
                return 0 < d[y] ? d : e
            },
            lc = function(a) {
                return 0 == a[t](".") ? a.substr(1) :
                    a
            },
            ic = function(a) {
                return lc(a)[A](".")[y]
            },
            kc = function(a) {
                if (!a) return "/";
                1 < a[y] && a.lastIndexOf("/") == a[y] - 1 && (a = a.substr(0, a[y] - 1));
                0 != a[t]("/") && (a = "/" + a);
                return a
            },
            jc = function(a) {
                a = kc(a);
                return "/" == a ? 1 : a[A]("/")[y]
            };
    
        function Xc(a, b, c) {
            "none" == b && (b = "");
            var d = [],
                e = Ca(a);
            a = "__utma" == a ? 6 : 2;
            for (var g = 0; g < e[y]; g++) {
                var ca = ("" + e[g])[A](".");
                ca[y] >= a && d[p]({
                    hash: ca[0],
                    R: e[g],
                    O: ca
                })
            }
            return 0 == d[y] ? void 0 : 1 == d[y] ? d[0] : Zc(b, d) || Zc(c, d) || Zc(null, d) || d[0]
        }
    
        function Zc(a, b) {
            var c, d;
            null == a ? c = d = 1 : (c = La(a), d = La(D(a, ".") ? a[F](1) : "." + a));
            for (var e = 0; e < b[y]; e++)
                if (b[e][h] == c || b[e][h] == d) return b[e]
        };
        var od = new RegExp(/^https?:\/\/([^\/:]+)/),
            pd = /(.*)([?&#])(?:_ga=[^&#]*)(?:&?)(.*)/;
    
        function Bc(a) {
            a = a.get(Q);
            var b = Ic(a, 0);
            return "_ga=1." + K(b + "." + a)
        }
    
        function Ic(a, b) {
            for (var c = new Date, d = O[oa], e = d.plugins || [], c = [a, d.userAgent, c.getTimezoneOffset(), c.getYear(), c.getDate(), c.getHours(), c.getMinutes() + b], d = 0; d < e[y]; ++d) c[p](e[d].description);
            return La(c[H]("."))
        }
        var Dc = function(a) {
            J(48);
            this.target = a;
            this.T = !1
        };
        Dc[z].Q = function(a, b) {
            if (a.tagName) {
                if ("a" == a.tagName[I]()) {
                    a[Ab] && Pc(a, qd(this, a[Ab], b));
                    return
                }
                if ("form" == a.tagName[I]()) return rd(this, a)
            }
            if ("string" == typeof a) return qd(this, a, b)
        };
        var qd = function(a, b, c) {
                var d = pd.exec(b);
                d && 3 <= d[y] && (b = d[1] + (d[3] ? d[2] + d[3] : ""));
                a = a[jd].get("linkerParam");
                var e = b[t]("?"),
                    d = b[t]("#");
                c ? b += (-1 == d ? "#" : "&") + a : (c = -1 == e ? "?" : "&", b = -1 == d ? b + (c + a) : b[F](0, d) + c + a + b[F](d));
                return b
            },
            rd = function(a, b) {
                if (b && b[kd]) {
                    var c = a[jd].get("linkerParam")[A]("=")[1];
                    if ("get" == b.method[I]()) {
                        for (var d = b.childNodes || [], e = 0; e < d[y]; e++)
                            if ("_ga" == d[e][v]) {
                                d[e][id]("value", c);
                                return
                            }
                        d = M[u]("input");
                        d[id]("type", "hidden");
                        d[id]("name", "_ga");
                        d[id]("value", c);
                        b.appendChild(d)
                    } else "post" ==
                        b.method[I]() && (b.action = qd(a, b[kd]))
                }
            };
        Dc[z].S = function(a, b, c) {
            function d(c) {
                try {
                    c = c || O.event;
                    var d;
                    t: {
                        var g = c[jd] || c.srcElement;
                        for (c = 100; g && 0 < c;) {
                            if (g[Ab] && g.nodeName[m](/^a(?:rea)?$/i)) {
                                d = g;
                                break t
                            }
                            g = g.parentNode;
                            c--
                        }
                        d = {}
                    }("http:" == d[E] || "https:" == d[E]) && sd(a, d[ma] || "") && d[Ab] && Pc(d, qd(e, d[Ab], b))
                } catch (w) {
                    J(26)
                }
            }
            var e = this;
            this.T || (this.T = !0, L(M, "mousedown", d, !1), L(M, "touchstart", d, !1), L(M, "keyup", d, !1));
            if (c) {
                c = function(b) {
                    b = b || O.event;
                    if ((b = b[jd] || b.srcElement) && b[kd]) {
                        var c = b[kd][m](od);
                        c && sd(a, c[1]) && rd(e, b)
                    }
                };
                for (var g = 0; g < M.forms[y]; g++) L(M.forms[g],
                    "submit", c)
            }
        };
    
        function sd(a, b) {
            if (b == M[B][ma]) return !1;
            for (var c = 0; c < a[y]; c++)
                if (a[c] instanceof RegExp) {
                    if (a[c][pa](b)) return !0
                } else if (0 <= b[t](a[c])) return !0;
            return !1
        };
        var Jd = function(a, b, c, d) {
                this.U = b;
                this.aa = c;
                (b = d) || (b = (b = P(a, V)) && "t0" != b ? Wd[pa](b) ? "_gat_" + Cc(P(a, Na)) : "_gat_" + Cc(b) : "_gat");
                this.Y = b
            },
            Rd = function(a, b) {
                var c = b.get(Wb);
                b.set(Wb, function(b) {
                    Pd(a, b);
                    var d = c(b);
                    Qd(a, b);
                    return d
                });
                var d = b.get(Xb);
                b.set(Xb, function(b) {
                    var c = d(b);
                    Id(a, b);
                    return c
                })
            },
            Pd = function(a, b) {
                b.get(a.U) || ("1" == Ca(a.Y)[0] ? b.set(a.U, "", !0) : b.set(a.U, "" + fe(), !0))
            },
            Qd = function(a, b) {
                b.get(a.U) && zc(a.Y, "1", b.get(Yb), b.get(W), b.get(Na), 6E5)
            },
            Id = function(a, b) {
                if (b.get(a.U)) {
                    var c = new ee,
                        d = function(a) {
                            c.set($a(a).p, b.get(a))
                        };
                    d(hb);
                    d(ib);
                    d(Na);
                    d(Q);
                    d(a.U);
                    c.set($a(ld).p, Td(b));
                    var e = a.aa;
                    c.map(function(a, b) {
                        e += K(a) + "=";
                        e += K("" + b) + "&"
                    });
                    e += "z=" + fe();
                    ta(e);
                    b.set(a.U, "", !0)
                }
            },
            Wd = /^gtm\d+$/;
        var fd = function(a, b) {
            var c = a.b;
            if (!c.get("dcLoaded")) {
                Nd(c, 29);
                b = b || {};
                var d;
                b[U] && (d = Cc(b[U]));
                d = new Jd(c, ed, "https://stats.g.doubleclick.net/collect?t=dc&aip=1&", d);
                Rd(d, c);
                c.set("dcLoaded", !0)
            }
        };
        var Sd = function(a) {
            var b;
            b = a.get("dcLoaded") ? !1 : "cookie" != a.get(ac) ? !1 : !0;
            b && (Nd(a, 51), b = new Jd(a, ed), Pd(b, a), Qd(b, a), a.get(b.U) && (a.set(Md, 1, !0), a.set(gd, oc() + "/r/collect", !0)))
        };
        var Kd = function(a, b) {
            var c = a.b;
            if (!c.get("_rlsaLoaded")) {
                Nd(c, 38);
                b = b || {};
                if (b[U]) var d = Cc(b[U]);
                d = new Jd(c, Hd, "https://www.google.com/ads/ga-audiences?t=sr&aip=1&", d);
                Rd(d, c);
                c.set("_rlsaLoaded", !0);
                tc("displayfeatures", a, b)
            }
        };
        var Lc = function() {
            var a = O.gaGlobal = O.gaGlobal || {};
            return a.hid = a.hid || fe()
        };
        var ad, bd = function(a, b, c) {
            if (!ad) {
                var d;
                d = M[B][h];
                var e = O[v],
                    g = /^#?gaso=([^&]*)/;
                if (e = (d = (d = d && d[m](g) || e && e[m](g)) ? d[1] : Ca("GASO")[0] || "") && d[m](/^(?:!([-0-9a-z.]{1,40})!)?([-.\w]{10,1200})$/i)) zc("GASO", "" + d, c, b, a, 0), f._udo || (f._udo = b), f._utcp || (f._utcp = c), a = e[1], wa("https://www.google.com/analytics/web/inpage/pub/inpage.js?" + (a ? "prefix=" + a + "&" : "") + fe(), "_gasojs");
                ad = !0
            }
        };
        var wb = /^(UA|YT|MO|GP)-(\d+)-(\d+)$/,
            pc = function(a) {
                function b(a, b) {
                    d.b[q].set(a, b)
                }
    
                function c(a, c) {
                    b(a, c);
                    d.filters.add(a)
                }
                var d = this;
                this.b = new Ya;
                this.filters = new Ha;
                b(V, a[V]);
                b(Na, sa(a[Na]));
                b(U, a[U]);
                b(W, a[W] || xa());
                b(Yb, a[Yb]);
                b(Zb, a[Zb]);
                b($b, a[$b]);
                b(Wc, a[Wc]);
                b(bc, a[bc]);
                b(cc, a[cc]);
                b(Ka, a[Ka]);
                b(dc, a[dc]);
                b(ec, a[ec]);
                b(ac, a[ac]);
                b(Ad, a[Ad]);
                b(hb, 1);
                b(ib, "j33");
                c(Qb, Ma);
                c(dd, cd);
                c(Rb, Oa);
                c(md, vb);
                c(Sb, nc);
                c(Uc, Yc);
                c(Tb, Ja);
                c(Vb, Ta);
                c(Vc, Hc);
                c(zd, yd);
                c(Ld, Sd);
                c(Wb, Pa);
                c(Xb, Sa);
                c(Cd, Fd(this));
                Jc(this.b, a[Q]);
                Kc(this.b);
                this.b.set(jb, Lc());
                bd(this.b.get(Na), this.b.get(W), this.b.get(Yb))
            },
            Jc = function(a, b) {
                if ("cookie" == P(a, ac)) {
                    hc = !1;
                    var c;
                    i: {
                        var d = Ca(P(a, U));
                        if (d && !(1 > d[y])) {
                            c = [];
                            for (var e = 0; e < d[y]; e++) {
                                var g;
                                g = d[e][A](".");
                                var ca = g.shift();
                                ("GA1" == ca || "1" == ca) && 1 < g[y] ? (ca = g.shift()[A]("-"), 1 == ca[y] && (ca[1] = "1"), ca[0] *= 1, ca[1] *= 1, g = {
                                    r: ca,
                                    s: g[H](".")
                                }) : g = void 0;
                                g && c[p](g)
                            }
                            if (1 == c[y]) {
                                J(13);
                                c = c[0].s;
                                break i
                            }
                            if (0 == c[y]) J(12);
                            else {
                                J(14);
                                d = ic(P(a, W));
                                c = Gc(c, d, 0);
                                if (1 == c[y]) {
                                    c = c[0].s;
                                    break i
                                }
                                d =
                                    jc(P(a, Yb));
                                c = Gc(c, d, 1);
                                c = c[0] && c[0].s;
                                break i
                            }
                        }
                        c = void 0
                    }
                    c || (c = P(a, W), d = P(a, $b) || xa(), c = Xc("__utma", d, c), void 0 != c ? (J(10), c = c.O[1] + "." + c.O[2]) : c = void 0);
                    c && (a[q].set(Q, c), hc = !0)
                }
                c = a.get(cc);
                if (e = (c = M[B][c ? "href" : "search"][m]("(?:&|#|\\?)" + K("_ga")[Qc](/([.*+?^=!:${}()|\[\]\/\\])/g, "\\$1") + "=([^&#]*)")) && 2 == c[y] ? c[1] : "") a.get(bc) ? (c = e[t]("."), -1 == c ? J(22) : (d = e[F](c + 1), "1" != e[F](0, c) ? J(22) : (c = d[t]("."), -1 == c ? J(22) : (e = d[F](0, c), c = d[F](c + 1), e != Ic(c, 0) && e != Ic(c, -1) && e != Ic(c, -2) ? J(23) : (J(11), a[q].set(Q,
                    c)))))) : J(21);
                b && (J(9), a[q].set(Q, K(b)));
                a.get(Q) || ((c = (c = O.gaGlobal && O.gaGlobal.vid) && -1 != c[ga](/^(?:utma\.)?\d+\.\d+$/) ? c : void 0) ? (J(17), a[q].set(Q, c)) : (J(8), a[q].set(Q, [fe() ^ Mc() & 2147483647, n.round((new Date)[da]() / 1E3)][H]("."))));
                mc(a)
            },
            Kc = function(a) {
                var b = O[oa],
                    c = O.screen,
                    d = M[B];
                a.set(lb, ya(a.get(ec)));
                if (d) {
                    var e = d.pathname || "";
                    "/" != e.charAt(0) && (J(31), e = "/" + e);
                    a.set(kb, d[E] + "//" + d[ma] + e + d[ga])
                }
                c && a.set(qb, c.width + "x" + c.height);
                c && a.set(pb, c.colorDepth + "-bit");
                var c = M.documentElement,
                    g = (e =
                        M.body) && e[la] && e[na],
                    ca = [];
                c && c[la] && c[na] && ("CSS1Compat" === M.compatMode || !g) ? ca = [c[la], c[na]] : g && (ca = [e[la], e[na]]);
                c = 0 >= ca[0] || 0 >= ca[1] ? "" : ca[H]("x");
                a.set(rb, c);
                a.set(tb, fc());
                a.set(ob, M.characterSet || M.charset);
                a.set(sb, b && "function" === typeof b.javaEnabled && b.javaEnabled() || !1);
                a.set(nb, (b && (b.language || b.browserLanguage) || "")[I]());
                if (d && a.get(cc) && (b = M[B][h])) {
                    b = b[A](/[?&#]+/);
                    d = [];
                    for (c = 0; c < b[y]; ++c)(D(b[c], "utm_id") || D(b[c], "utm_campaign") || D(b[c], "utm_source") || D(b[c], "utm_medium") || D(b[c],
                        "utm_term") || D(b[c], "utm_content") || D(b[c], "gclid") || D(b[c], "dclid") || D(b[c], "gclsrc")) && d[p](b[c]);
                    0 < d[y] && (b = "#" + d[H]("&"), a.set(kb, a.get(kb) + b))
                }
            };
        pc[z].get = function(a) {
            return this.b.get(a)
        };
        pc[z].set = function(a, b) {
            this.b.set(a, b)
        };
        var qc = {
            pageview: [mb],
            event: [ub, xb, yb, zb],
            social: [Bb, Cb, Db],
            timing: [Mb, Nb, Pb, Ob]
        };
        pc[z].send = function(a) {
            if (!(1 > arguments[y])) {
                var b, c;
                "string" === typeof arguments[0] ? (b = arguments[0], c = [][ha][C](arguments, 1)) : (b = arguments[0] && arguments[0][Va], c = arguments);
                b && (c = za(qc[b] || [], c), c[Va] = b, this.b.set(c, void 0, !0), this.filters.D(this.b), this.b[q].m = {}, je(this.b))
            }
        };
        var rc = function(a) {
            if ("prerender" == M.visibilityState) return !1;
            a();
            return !0
        };
        var td = /^(?:(\w+)\.)?(?:(\w+):)?(\w+)$/,
            sc = function(a) {
                if (ea(a[0])) this.u = a[0];
                else {
                    var b = td.exec(a[0]);
                    null != b && 4 == b[y] && (this.c = b[1] || "t0", this.e = b[2] || "", this.d = b[3], this.a = [][ha][C](a, 1), this.e || (this.A = "create" == this.d, this.i = "require" == this.d, this.g = "provide" == this.d, this.ba = "remove" == this.d), this.i && (3 <= this.a[y] ? (this.X = this.a[1], this.W = this.a[2]) : this.a[1] && (qa(this.a[1]) ? this.X = this.a[1] : this.W = this.a[1])));
                    b = a[1];
                    a = a[2];
                    if (!this.d) throw "abort";
                    if (this.i && (!qa(b) || "" == b)) throw "abort";
                    if (this.g &&
                        (!qa(b) || "" == b || !ea(a))) throw "abort";
                    if (ud(this.c) || ud(this.e)) throw "abort";
                    if (this.g && "t0" != this.c) throw "abort";
                }
            };
    
        function ud(a) {
            return 0 <= a[t](".") || 0 <= a[t](":")
        };
        var Yd, Zd, $d;
        Yd = new ee;
        $d = new ee;
        Zd = {
            ec: 45,
            ecommerce: 46,
            linkid: 47
        };
        var tc = function(a, b, c) {
                b == N || b.get(V);
                var d = Yd.get(a);
                if (!ea(d)) return !1;
                b.plugins_ = b.plugins_ || new ee;
                if (b.plugins_.get(a)) return !0;
                b.plugins_.set(a, new d(b, c || {}));
                return !0
            },
            ae = function(a) {
                function b(a) {
                    var b = (a[ma] || "")[A](":")[0][I](),
                        c = (a[E] || "")[I](),
                        c = 1 * a[ja] || ("http:" == c ? 80 : "https:" == c ? 443 : "");
                    a = a.pathname || "";
                    D(a, "/") || (a = "/" + a);
                    return [b, "" + c, a]
                }
                var c = M[u]("a");
                Pc(c, M[B][Ab]);
                var d = (c[E] || "")[I](),
                    e = b(c),
                    g = c[ga] || "",
                    ca = d + "//" + e[0] + (e[1] ? ":" + e[1] : "");
                D(a, "//") ? a = d + a : D(a, "/") ? a = ca + a : !a || D(a,
                    "?") ? a = ca + e[2] + (a || g) : 0 > a[A]("/")[0][t](":") && (a = ca + e[2][F](0, e[2].lastIndexOf("/")) + "/" + a);
                Pc(c, a);
                d = b(c);
                return {
                    protocol: (c[E] || "")[I](),
                    host: d[0],
                    port: d[1],
                    path: d[2],
                    G: c[ga] || "",
                    url: a || ""
                }
            };
        var Z = {
            ga: function() {
                Z.f = []
            }
        };
        Z.ga();
        Z.D = function(a) {
            var b = Z.J[G](Z, arguments),
                b = Z.f.concat(b);
            for (Z.f = []; 0 < b[y] && !Z.v(b[0]) && !(b.shift(), 0 < Z.f[y]););
            Z.f = Z.f.concat(b)
        };
        Z.J = function(a) {
            for (var b = [], c = 0; c < arguments[y]; c++) try {
                var d = new sc(arguments[c]);
                if (d.g) Yd.set(d.a[0], d.a[1]);
                else {
                    if (d.i) {
                        var e = d,
                            g = e.a[0];
                        if (!ea(Yd.get(g)) && !$d.get(g)) {
                            Zd[ra](g) && J(Zd[g]);
                            var ca = e.X;
                            !ca && Zd[ra](g) ? (J(39), ca = g + ".js") : J(43);
                            if (ca) {
                                ca && 0 <= ca[t]("/") || (ca = (Ba || Ud() ? "https:" : "http:") + "//www.google-analytics.com/plugins/ua/" + ca);
                                var l = ae(ca),
                                    e = void 0;
                                var k = l[E],
                                    w = M[B][E],
                                    e = "https:" == k || k == w ? !0 : "http:" != k ? !1 : "http:" == w;
                                var Xd;
                                if (Xd = e) {
                                    var e = l,
                                        be = ae(M[B][Ab]);
                                    if (e.G || 0 <= e.url[t]("?") ||
                                        0 <= e.path[t]("://")) Xd = !1;
                                    else if (e.host == be.host && e[ja] == be[ja]) Xd = !0;
                                    else {
                                        var ce = "http:" == e[E] ? 80 : 443;
                                        Xd = "www.google-analytics.com" == e.host && (e[ja] || ce) == ce && D(e.path, "/plugins/") ? !0 : !1
                                    }
                                }
                                Xd && (wa(l.url), $d.set(g, !0))
                            }
                        }
                    }
                    b[p](d)
                }
            } catch (de) {}
            return b
        };
        Z.v = function(a) {
            try {
                if (a.u) a.u[C](O, N.j("t0"));
                else {
                    var b = a.c == gb ? N : N.j(a.c);
                    if (a.A) "t0" == a.c && N.create[G](N, a.a);
                    else if (a.ba) N.remove(a.c);
                    else if (b)
                        if (a.i) {
                            if (!tc(a.a[0], b, a.W)) return !0
                        } else if (a.e) {
                        var c = a.d,
                            d = a.a,
                            e = b.plugins_.get(a.e);
                        e[c][G](e, d)
                    } else b[a.d][G](b, a.a)
                }
            } catch (g) {}
        };
        var N = function(a) {
            J(1);
            Z.D[G](Z, [arguments])
        };
        N.h = {};
        N.P = [];
        N.L = 0;
        N.answer = 42;
        var uc = [Na, W, V];
        N.create = function(a) {
            var b = za(uc, [][ha][C](arguments));
            b[V] || (b[V] = "t0");
            var c = "" + b[V];
            if (N.h[c]) return N.h[c];
            b = new pc(b);
            N.h[c] = b;
            N.P[p](b);
            return b
        };
        N.remove = function(a) {
            for (var b = 0; b < N.P[y]; b++)
                if (N.P[b].get(V) == a) {
                    N.P.splice(b, 1);
                    N.h[a] = null;
                    break
                }
        };
        N.j = function(a) {
            return N.h[a]
        };
        N.K = function() {
            return N.P[ha](0)
        };
        N.N = function() {
            "ga" != gb && J(49);
            var a = O[gb];
            if (!a || 42 != a.answer) {
                N.L = a && a.l;
                N.loaded = !0;
                var b = O[gb] = N;
                X("create", b, b.create);
                X("remove", b, b.remove);
                X("getByName", b, b.j, 5);
                X("getAll", b, b.K, 6);
                b = pc[z];
                X("get", b, b.get, 7);
                X("set", b, b.set, 4);
                X("send", b, b[xc]);
                b = Ya[z];
                X("get", b, b.get);
                X("set", b, b.set);
                if (!Ud() && !Ba) {
                    t: {
                        for (var b = M.getElementsByTagName("script"), c = 0; c < b[y] && 100 > c; c++) {
                            var d = b[c].src;
                            if (d && 0 == d[t]("https://www.google-analytics.com/analytics")) {
                                J(33);
                                b = !0;
                                break t
                            }
                        }
                        b = !1
                    }
                    b && (Ba = !0)
                }
                Ud() || Ba ||
                    !Ed(new Od) || (J(36), Ba = !0);
                (O.gaplugins = O.gaplugins || {}).Linker = Dc;
                b = Dc[z];
                Yd.set("linker", Dc);
                X("decorate", b, b.Q, 20);
                X("autoLink", b, b.S, 25);
                Yd.set("displayfeatures", fd);
                Yd.set("adfeatures", Kd);
                a = a && a.q;
                ka(a) ? Z.D[G](N, a) : J(50)
            }
        };
        N.k = function() {
            for (var a = N.K(), b = 0; b < a[y]; b++) a[b].get(V)
        };
        (function() {
            var a = N.N;
            if (!rc(a)) {
                J(16);
                var b = !1,
                    c = function() {
                        if (!b && rc(a)) {
                            b = !0;
                            var d = c,
                                e = M;
                            e.removeEventListener ? e.removeEventListener("visibilitychange", d, !1) : e.detachEvent && e.detachEvent("onvisibilitychange", d)
                        }
                    };
                L(M, "visibilitychange", c)
            }
        })();
    
        function La(a) {
            var b = 1,
                c = 0,
                d;
            if (a)
                for (b = 0, d = a[y] - 1; 0 <= d; d--) c = a.charCodeAt(d), b = (b << 6 & 268435455) + c + (c << 14), c = b & 266338304, b = 0 != c ? b ^ c >> 21 : b;
            return b
        };
    })(window);
    Edit: I suspect there was some kind of minification used on it, sorry.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I use the Stop Google Tracking add-on in IE and it blocks that javascript:

    IE Analytics.png
     
  12. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    @itman

    Probably a minified copy of some Google tracking stuff then.

    The real malice appears to be in the embedded JS.
     
Loading...