Code: PORNDROID9007QD1 (insufficient privileges to post in Browser Hijacks forum)

Valder · Nov 5, 2015

I got in this ~ Snipped as per TOS ~: https://www.google.com/search?q="Microsoft+Security+Department+-+WARNING"

In fact, the link which looks like https://storage.googleapis.com/alertinfoerrors/windows/error-windows-aus.html

But don't visit it if your life is dear. Okay, okay, I admit: I was searching for a book download on the freer parts of the net. That was my sin.

It all happened with the latest Iron Browser. Now what? I am total noob with these.

I secure my Windows 7 system with ToolWiz Time Freeze 2016 (already?), after a reboot, no virus scanner will show anything. It's just the browser... what to do?

roger_m · Nov 5, 2015

@Valder Your link is truncated and doesn't work. Did you get the warning in a browser window? If you did, it's absolutely nothing to worry about, as it just coming from a webpage, rather than an infection on your computer.

Valder · Nov 5, 2015

How do I edit my OP for the proper link?

@roger_m

If you do the Google search (1st line in OP) you can easily identify the link I got hijacked to (or how to call it)

Thanks for the tip!

roger_m · Nov 5, 2015

@Valder There is an edit button under your post. Was the alart just in a browser window?

Gullible Jones · Nov 5, 2015

It's a scam. The window is a Javascript popup, designed to fool you into calling the scammer's number. It doesn't look like there's any malware there.

Note though, the JS popup's behavior (where the it blocks all other interaction with Chrome, even closing the window) should probably be considered a UI bug in Chrome.

Edit: ... or maybe that's not all there is to it. The page made Chromium segfault after a while. I'll take another look at this.

Edit 2: Hmm.
Code:
sandbox@debianbox:~$ chromium 
[9456:9477:1105/174046:FATAL:audio_manager.cc(112)] Check failed: ++hang_failures_ < kMaxHangFailureCount (2 vs. 2)
#0 0x0000b0cd492d <unknown>
#1 0x0000b0cee4b2 <unknown>
#2 0x0000b18a63fc <unknown>
#3 0x0000b18a6534 <unknown>
#4 0x0000b0d5132f <unknown>
#5 0x0000b0cf4b6d <unknown>
#6 0x0000b0cf4f5f <unknown>
#7 0x0000b0cf5612 <unknown>
#8 0x0000b0cc9a8b <unknown>
#9 0x0000b0cf46e4 <unknown>
#10 0x0000b0d0b8f5 <unknown>
#11 0x0000b0cf4068 <unknown>
#12 0x0000b0d2e994 <unknown>
#13 0x0000b37aac85 <unknown>
#14 0x0000b37aae52 <unknown>
#15 0x0000b0d2ea85 <unknown>
#16 0x0000b0d2a07e <unknown>
#17 0x0000aed2defb start_thread
#18 0x0000aec6662e clone

Aborted
Probably a side effect of whatever the page is doing, rather than a code execution attack. But lets' see...

Gullible Jones · Nov 5, 2015

Huh. I just noticed, the scam site has a valid TLS certificate. Groovy.

Edit: right, d'oh, this is on GoogleAPIs.

Edit 2: the IP addresses involved are all owned by Google. I don't see any connections to non-Google addresses.

Meanwhile, whatever this thing is, it makes Chromium go *berserk* on the CPU.

Gullible Jones · Nov 5, 2015

... And the phone number is invalid as a US number (only 9 digits). Nice.

Gullible Jones · Nov 5, 2015

So, I can actually look at this in the element inspector... Let me see if I can dump the page sources, or something.

Gullible Jones · Nov 5, 2015

Links2 and Linux CLI tools to the rescue. As usual. Gimme a minute.

Gullible Jones · Nov 5, 2015

There is a seemingly unique JS file, "analytics.js". No idea what it does. Here it is after pretty-printing, though, if anyone wants to take a gander at it:

Code:

(function() {
    var aa = encodeURIComponent,
        f = window,
        n = Math;

    function Pc(a, b) {
        return a.href = b
    }
    var Qc = "replace",
        q = "data",
        m = "match",
        xc = "send",
        ja = "port",
        u = "createElement",
        id = "setAttribute",
        da = "getTime",
        A = "split",
        B = "location",
        ra = "hasOwnProperty",
        ma = "hostname",
        ga = "search",
        E = "protocol",
        Ab = "href",
        kd = "action",
        G = "apply",
        p = "push",
        h = "hash",
        pa = "test",
        ha = "slice",
        r = "cookie",
        t = "indexOf",
        ia = "defaultValue",
        v = "name",
        y = "length",
        Ga = "sendBeacon",
        z = "prototype",
        la = "clientWidth",
        jd = "target",
        C = "call",
        na = "clientHeight",
        F = "substring",
        oa = "navigator",
        H = "join",
        I = "toLowerCase";
    var $c = function(a) {
        this.w = a || []
    };
    $c[z].set = function(a) {
        this.w[a] = !0
    };
    $c[z].encode = function() {
        for (var a = [], b = 0; b < this.w[y]; b++) this.w[b] && (a[n.floor(b / 6)] = a[n.floor(b / 6)] ^ 1 << b % 6);
        for (b = 0; b < a[y]; b++) a[b] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_".charAt(a[b] || 0);
        return a[H]("") + "~"
    };
    var vd = new $c;

    function J(a) {
        vd.set(a)
    }
    var Nd = function(a, b) {
            var c = new $c(Dd(a));
            c.set(b);
            a.set(Gd, c.w)
        },
        Td = function(a) {
            a = Dd(a);
            a = new $c(a);
            for (var b = vd.w[ha](), c = 0; c < a.w[y]; c++) b[c] = b[c] || a.w[c];
            return (new $c(b)).encode()
        },
        Dd = function(a) {
            a = a.get(Gd);
            ka(a) || (a = []);
            return a
        };
    var ea = function(a) {
            return "function" == typeof a
        },
        ka = function(a) {
            return "[object Array]" == Object[z].toString[C](Object(a))
        },
        qa = function(a) {
            return void 0 != a && -1 < (a.constructor + "")[t]("String")
        },
        D = function(a, b) {
            return 0 == a[t](b)
        },
        sa = function(a) {
            return a ? a[Qc](/^[\s\xa0]+|[\s\xa0]+$/g, "") : ""
        },
        ta = function(a) {
            var b = M[u]("img");
            b.width = 1;
            b.height = 1;
            b.src = a;
            return b
        },
        ua = function() {},
        K = function(a) {
            if (aa instanceof Function) return aa(a);
            J(28);
            return a
        },
        L = function(a, b, c, d) {
            try {
                a.addEventListener ? a.addEventListener(b,
                    c, !!d) : a.attachEvent && a.attachEvent("on" + b, c)
            } catch (e) {
                J(27)
            }
        },
        wa = function(a, b) {
            if (a) {
                var c = M[u]("script");
                c.type = "text/javascript";
                c.async = !0;
                c.src = a;
                b && (c.id = b);
                var d = M.getElementsByTagName("script")[0];
                d.parentNode.insertBefore(c, d)
            }
        },
        Ud = function() {
            return "https:" == M[B][E]
        },
        xa = function() {
            var a = "" + M[B][ma];
            return 0 == a[t]("www.") ? a[F](4) : a
        },
        ya = function(a) {
            var b = M.referrer;
            if (/^https?:\/\//i [pa](b)) {
                if (a) return b;
                a = "//" + M[B][ma];
                var c = b[t](a);
                if (5 == c || 6 == c)
                    if (a = b.charAt(c + a[y]), "/" == a || "?" == a || "" ==
                        a || ":" == a) return;
                return b
            }
        },
        za = function(a, b) {
            if (1 == b[y] && null != b[0] && "object" === typeof b[0]) return b[0];
            for (var c = {}, d = n.min(a[y] + 1, b[y]), e = 0; e < d; e++)
                if ("object" === typeof b[e]) {
                    for (var g in b[e]) b[e][ra](g) && (c[g] = b[e][g]);
                    break
                } else e < a[y] && (c[a[e]] = b[e]);
            return c
        };
    var ee = function() {
        this.keys = [];
        this.values = {};
        this.m = {}
    };
    ee[z].set = function(a, b, c) {
        this.keys[p](a);
        c ? this.m[":" + a] = b : this.values[":" + a] = b
    };
    ee[z].get = function(a) {
        return this.m[ra](":" + a) ? this.m[":" + a] : this.values[":" + a]
    };
    ee[z].map = function(a) {
        for (var b = 0; b < this.keys[y]; b++) {
            var c = this.keys[b],
                d = this.get(c);
            d && a(c, d)
        }
    };
    var O = f,
        M = document,
        Mc = function() {
            for (var a = O[oa].userAgent + (M[r] ? M[r] : "") + (M.referrer ? M.referrer : ""), b = a[y], c = O.history[y]; 0 < c;) a += c-- ^ b++;
            return La(a)
        };
    var Aa = function(a) {
        var b = O._gaUserPrefs;
        if (b && b.ioo && b.ioo() || a && !0 === O["ga-disable-" + a]) return !0;
        try {
            var c = O.external;
            if (c && c._gaUserPrefs && "oo" == c._gaUserPrefs) return !0
        } catch (d) {}
        return !1
    };
    var Ca = function(a) {
            var b = [],
                c = M[r][A](";");
            a = new RegExp("^\\s*" + a + "=\\s*(.*?)\\s*$");
            for (var d = 0; d < c[y]; d++) {
                var e = c[d][m](a);
                e && b[p](e[1])
            }
            return b
        },
        zc = function(a, b, c, d, e, g) {
            e = Aa(e) ? !1 : eb[pa](M[B][ma]) || "/" == c && vc[pa](d) ? !1 : !0;
            if (!e) return !1;
            b && 1200 < b[y] && (b = b[F](0, 1200), J(24));
            c = a + "=" + b + "; path=" + c + "; ";
            g && (c += "expires=" + (new Date((new Date)[da]() + g)).toGMTString() + "; ");
            d && "none" != d && (c += "domain=" + d + ";");
            d = M[r];
            M.cookie = c;
            if (!(d = d != M[r])) t: {
                a = Ca(a);
                for (d = 0; d < a[y]; d++)
                    if (b == a[d]) {
                        d = !0;
                        break t
                    }
                d = !1
            }
            return d
        },
        Cc = function(a) {
            return K(a)[Qc](/\(/g, "%28")[Qc](/\)/g, "%29")
        },
        vc = /^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,
        eb = /(^|\.)doubleclick\.net$/i;
    var oc = function() {
            return (Ba || Ud() ? "https:" : "http:") + "//www.google-analytics.com"
        },
        Da = function(a) {
            this.name = "len";
            this.message = a + "-8192"
        },
        wc = function(a, b, c) {
            var d = ta(a + "?" + b);
            d.onload = d.onerror = function() {
                d.onload = null;
                d.onerror = null;
                c()
            }
        },
        xd = function(a, b, c) {
            var d;
            d = O.XDomainRequest;
            if (!d) return !1;
            d = new d;
            d.open("POST", a);
            d.onerror = function() {
                c()
            };
            d.onload = c;
            d[xc](b);
            return !0
        },
        wd = function(a, b, c) {
            var d = O.XMLHttpRequest;
            if (!d) return !1;
            var e = new d;
            if (!("withCredentials" in e)) return !1;
            e.open("POST", a, !0);
            e.withCredentials = !0;
            e.setRequestHeader("Content-Type", "text/plain");
            e.onreadystatechange = function() {
                4 == e.readyState && (c(), e = null)
            };
            e[xc](b);
            return !0
        },
        ge = function(a, b, c) {
            1 <= 100 * n.random() || Aa("?") || (a = ["t=error", "_e=" + a, "_v=j33", "sr=1"], b && a[p]("_f=" + b), c && a[p]("_m=" + K(c[F](0, 100))), a[p]("aip=1"), a[p]("z=" + fe()), wc(oc() + "/collect", a[H]("&"), ua))
        };
    var Ha = function() {
        this.t = []
    };
    Ha[z].add = function(a) {
        this.t[p](a)
    };
    Ha[z].D = function(a) {
        try {
            for (var b = 0; b < this.t[y]; b++) {
                var c = a.get(this.t[b]);
                c && ea(c) && c[C](O, a)
            }
        } catch (d) {}
        b = a.get(Ia);
        b != ua && ea(b) && (a.set(Ia, ua, !0), setTimeout(b, 10))
    };

    function Ja(a) {
        if (100 != a.get(Ka) && La(P(a, Q)) % 1E4 >= 100 * R(a, Ka)) throw "abort";
    }

    function Ma(a) {
        if (Aa(P(a, Na))) throw "abort";
    }

    function Oa() {
        var a = M[B][E];
        if ("http:" != a && "https:" != a) throw "abort";
    }

    function Pa(a) {
        try {
            O.XMLHttpRequest && "withCredentials" in new O.XMLHttpRequest ? J(40) : O.XDomainRequest && J(41), O[oa][Ga] && J(42)
        } catch (b) {}
        a.set(ld, Td(a), !0);
        a.set(Ac, R(a, Ac) + 1);
        var c = [];
        Qa.map(function(b, e) {
            if (e.p) {
                var g = a.get(b);
                void 0 != g && g != e[ia] && ("boolean" == typeof g && (g *= 1), c[p](e.p + "=" + K("" + g)))
            }
        });
        c[p]("z=" + Bd());
        a.set(Ra, c[H]("&"), !0)
    }

    function Sa(a) {
        var b = P(a, gd) || oc() + "/collect",
            c = P(a, Ra),
            d = a.get(Ia),
            e = a.get(Vd),
            d = d || ua;
        e && (e = d, O[oa][Ga] ? O[oa][Ga](b, c) ? (e(), e = !0) : e = !1 : e = !1);
        if (!e)
            if (2036 >= c[y]) wc(b, c, d);
            else if (8192 >= c[y]) wd(b, c, d) || xd(b, c, d) || wc(b, c, d);
        else throw ge("len", c[y]), new Da(c[y]);
        a.set(Ia, ua, !0)
    }

    function Hc(a) {
        var b = O.gaData;
        b && (b.expId && a.set(Nc, b.expId), b.expVar && a.set(Oc, b.expVar))
    }

    function cd() {
        if (O[oa] && "preview" == O[oa].loadPurpose) throw "abort";
    }

    function yd(a) {
        var b = O.gaDevIds;
        ka(b) && 0 != b[y] && a.set("&did", b[H](","), !0)
    }

    function vb(a) {
        if (!a.get(Na)) throw "abort";
    };
    var hd = function() {
            return n.round(2147483647 * n.random())
        },
        Bd = function() {
            try {
                var a = new Uint32Array(1);
                O.crypto.getRandomValues(a);
                return a[0] & 2147483647
            } catch (b) {
                return hd()
            }
        },
        fe = hd;

    function Ta(a) {
        var b = R(a, Ua);
        500 <= b && J(15);
        var c = P(a, Va);
        if ("transaction" != c && "item" != c) {
            var c = R(a, Wa),
                d = (new Date)[da](),
                e = R(a, Xa);
            0 == e && a.set(Xa, d);
            e = n.round(2 * (d - e) / 1E3);
            0 < e && (c = n.min(c + e, 20), a.set(Xa, d));
            if (0 >= c) throw "abort";
            a.set(Wa, --c)
        }
        a.set(Ua, ++b)
    };
    var Ya = function() {
            this.data = new ee
        },
        Qa = new ee,
        Za = [];
    Ya[z].get = function(a) {
        var b = $a(a),
            c = this[q].get(a);
        b && void 0 == c && (c = ea(b[ia]) ? b[ia]() : b[ia]);
        return b && b.n ? b.n(this, a, c) : c
    };
    var P = function(a, b) {
            var c = a.get(b);
            return void 0 == c ? "" : "" + c
        },
        R = function(a, b) {
            var c = a.get(b);
            return void 0 == c || "" === c ? 0 : 1 * c
        };
    Ya[z].set = function(a, b, c) {
        if (a)
            if ("object" == typeof a)
                for (var d in a) a[ra](d) && ab(this, d, a[d], c);
            else ab(this, a, b, c)
    };
    var ab = function(a, b, c, d) {
            if (void 0 != c) switch (b) {
                case Na:
                    wb[pa](c)
            }
            var e = $a(b);
            e && e.o ? e.o(a, b, c, d) : a[q].set(b, c, d)
        },
        bb = function(a, b, c, d, e) {
            this.name = a;
            this.p = b;
            this.n = d;
            this.o = e;
            this.defaultValue = c
        },
        $a = function(a) {
            var b = Qa.get(a);
            if (!b)
                for (var c = 0; c < Za[y]; c++) {
                    var d = Za[c],
                        e = d[0].exec(a);
                    if (e) {
                        b = d[1](e);
                        Qa.set(b[v], b);
                        break
                    }
                }
            return b
        },
        yc = function(a) {
            var b;
            Qa.map(function(c, d) {
                d.p == a && (b = d)
            });
            return b && b[v]
        },
        S = function(a, b, c, d, e) {
            a = new bb(a, b, c, d, e);
            Qa.set(a[v], a);
            return a[v]
        },
        cb = function(a, b) {
            Za[p]([new RegExp("^" +
                a + "$"), b])
        },
        T = function(a, b, c) {
            return S(a, b, c, void 0, db)
        },
        db = function() {};
    var gb = qa(f.GoogleAnalyticsObject) && sa(f.GoogleAnalyticsObject) || "ga",
        Ba = !1,
        he = S("_br"),
        hb = T("apiVersion", "v"),
        ib = T("clientVersion", "_v");
    S("anonymizeIp", "aip");
    var jb = S("adSenseId", "a"),
        Va = S("hitType", "t"),
        Ia = S("hitCallback"),
        Ra = S("hitPayload");
    S("nonInteraction", "ni");
    S("currencyCode", "cu");
    var Vd = S("useBeacon", void 0, !1);
    S("dataSource", "ds");
    S("sessionControl", "sc", "");
    S("sessionGroup", "sg");
    S("queueTime", "qt");
    var Ac = S("_s", "_s");
    S("screenName", "cd");
    var kb = S("location", "dl", ""),
        lb = S("referrer", "dr"),
        mb = S("page", "dp", "");
    S("hostname", "dh");
    var nb = S("language", "ul"),
        ob = S("encoding", "de");
    S("title", "dt", function() {
        return M.title || void 0
    });
    cb("contentGroup([0-9]+)", function(a) {
        return new bb(a[0], "cg" + a[1])
    });
    var pb = S("screenColors", "sd"),
        qb = S("screenResolution", "sr"),
        rb = S("viewportSize", "vp"),
        sb = S("javaEnabled", "je"),
        tb = S("flashVersion", "fl");
    S("campaignId", "ci");
    S("campaignName", "cn");
    S("campaignSource", "cs");
    S("campaignMedium", "cm");
    S("campaignKeyword", "ck");
    S("campaignContent", "cc");
    var ub = S("eventCategory", "ec"),
        xb = S("eventAction", "ea"),
        yb = S("eventLabel", "el"),
        zb = S("eventValue", "ev"),
        Bb = S("socialNetwork", "sn"),
        Cb = S("socialAction", "sa"),
        Db = S("socialTarget", "st"),
        Eb = S("l1", "plt"),
        Fb = S("l2", "pdt"),
        Gb = S("l3", "dns"),
        Hb = S("l4", "rrt"),
        Ib = S("l5", "srt"),
        Jb = S("l6", "tcp"),
        Kb = S("l7", "dit"),
        Lb = S("l8", "clt"),
        Mb = S("timingCategory", "utc"),
        Nb = S("timingVar", "utv"),
        Ob = S("timingLabel", "utl"),
        Pb = S("timingValue", "utt");
    S("appName", "an");
    S("appVersion", "av", "");
    S("appId", "aid", "");
    S("appInstallerId", "aiid", "");
    S("exDescription", "exd");
    S("exFatal", "exf");
    var Nc = S("expId", "xid"),
        Oc = S("expVar", "xvar"),
        Rc = S("_utma", "_utma"),
        Sc = S("_utmz", "_utmz"),
        Tc = S("_utmht", "_utmht"),
        Ua = S("_hc", void 0, 0),
        Xa = S("_ti", void 0, 0),
        Wa = S("_to", void 0, 20);
    cb("dimension([0-9]+)", function(a) {
        return new bb(a[0], "cd" + a[1])
    });
    cb("metric([0-9]+)", function(a) {
        return new bb(a[0], "cm" + a[1])
    });
    S("linkerParam", void 0, void 0, Bc, db);
    var ld = S("usage", "_u"),
        Gd = S("_um");
    S("forceSSL", void 0, void 0, function() {
        return Ba
    }, function(a, b, c) {
        J(34);
        Ba = !!c
    });
    var ed = S("_j1", "jid"),
        Hd = S("_j2", "gjid");
    cb("\\&(.*)", function(a) {
        var b = new bb(a[0], a[1]),
            c = yc(a[0][F](1));
        c && (b.n = function(a) {
            return a.get(c)
        }, b.o = function(a, b, g, ca) {
            a.set(c, g, ca)
        }, b.p = void 0);
        return b
    });
    var Qb = T("_oot"),
        dd = S("previewTask"),
        Rb = S("checkProtocolTask"),
        md = S("validationTask"),
        Sb = S("checkStorageTask"),
        Uc = S("historyImportTask"),
        Tb = S("samplerTask"),
        Vb = T("_rlt"),
        Wb = S("buildHitTask"),
        Xb = S("sendHitTask"),
        Vc = S("ceTask"),
        zd = S("devIdTask"),
        Cd = S("timingTask"),
        Ld = S("displayFeaturesTask"),
        V = T("name"),
        Q = T("clientId", "cid"),
        Ad = S("userId", "uid"),
        Na = T("trackingId", "tid"),
        U = T("cookieName", void 0, "_ga"),
        W = T("cookieDomain"),
        Yb = T("cookiePath", void 0, "/"),
        Zb = T("cookieExpires", void 0, 63072E3),
        $b = T("legacyCookieDomain"),
        Wc = T("legacyHistoryImport", void 0, !0),
        ac = T("storage", void 0, "cookie"),
        bc = T("allowLinker", void 0, !1),
        cc = T("allowAnchor", void 0, !0),
        Ka = T("sampleRate", "sf", 100),
        dc = T("siteSpeedSampleRate", void 0, 1),
        ec = T("alwaysSendReferrer", void 0, !1),
        gd = S("transportUrl"),
        Md = S("_r", "_r");

    function X(a, b, c, d) {
        b[a] = function() {
            try {
                return d && J(d), c[G](this, arguments)
            } catch (b) {
                throw ge("exc", a, b && b[v]), b;
            }
        }
    };
    var Od = function(a, b, c) {
            this.V = 1E4;
            this.fa = a;
            this.$ = !1;
            this.B = b;
            this.ea = c || 1
        },
        Ed = function(a, b) {
            var c;
            if (a.fa && a.$) return 0;
            a.$ = !0;
            if (b) {
                if (a.B && R(b, a.B)) return R(b, a.B);
                if (0 == b.get(dc)) return 0
            }
            if (0 == a.V) return 0;
            void 0 === c && (c = Bd());
            return 0 == c % a.V ? n.floor(c / a.V) % a.ea + 1 : 0
        };
    var ie = new Od(!0, he, 5),
        je = function(a) {
            if (!Ud() && !Ba) {
                var b = Ed(ie, a);
                if (b && (O[oa][Ga] || !(4 <= b))) {
                    var c = (new Date).getHours(),
                        d = [Bd(), Bd(), Bd()][H](".");
                    a = (3 == b || 5 == b ? "https:" : "http:") + "//www.google-analytics.com/collect?z=br.";
                    a += [b, "A", c, d][H](".");
                    var e = 1 != b && 4 != b ? "https:" : "http:",
                        e = e + "//www.google-analytics.com/collect?z=br.",
                        e = e + [b, "B", c, d][H]("."),
                        c = function() {
                            4 <= b ? O[oa][Ga](e, "") : ta(e)
                        };
                    Bd() % 2 ? (ta(a), c()) : (c(), ta(a))
                }
            }
        };

    function fc() {
        var a, b, c;
        if ((c = (c = O[oa]) ? c.plugins : null) && c[y])
            for (var d = 0; d < c[y] && !b; d++) {
                var e = c[d]; - 1 < e[v][t]("Shockwave Flash") && (b = e.description)
            }
        if (!b) try {
            a = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"), b = a.GetVariable("$version")
        } catch (g) {}
        if (!b) try {
            a = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.6"), b = "WIN 6,0,21,0", a.AllowScriptAccess = "always", b = a.GetVariable("$version")
        } catch (ca) {}
        if (!b) try {
            a = new ActiveXObject("ShockwaveFlash.ShockwaveFlash"), b = a.GetVariable("$version")
        } catch (l) {}
        b &&
            (a = b[m](/[\d]+/g)) && 3 <= a[y] && (b = a[0] + "." + a[1] + " r" + a[2]);
        return b || void 0
    };
    var gc = function(a, b) {
            var c = n.min(R(a, dc), 100);
            if (!(La(P(a, Q)) % 100 >= c) && (c = {}, Ec(c) || Fc(c))) {
                var d = c[Eb];
                void 0 == d || Infinity == d || isNaN(d) || (0 < d ? (Y(c, Gb), Y(c, Jb), Y(c, Ib), Y(c, Fb), Y(c, Hb), Y(c, Kb), Y(c, Lb), b(c)) : L(O, "load", function() {
                    gc(a, b)
                }, !1))
            }
        },
        Ec = function(a) {
            var b = O.performance || O.webkitPerformance,
                b = b && b.timing;
            if (!b) return !1;
            var c = b.navigationStart;
            if (0 == c) return !1;
            a[Eb] = b.loadEventStart - c;
            a[Gb] = b.domainLookupEnd - b.domainLookupStart;
            a[Jb] = b.connectEnd - b.connectStart;
            a[Ib] = b.responseStart - b.requestStart;
            a[Fb] = b.responseEnd - b.responseStart;
            a[Hb] = b.fetchStart - c;
            a[Kb] = b.domInteractive - c;
            a[Lb] = b.domContentLoadedEventStart - c;
            return !0
        },
        Fc = function(a) {
            if (O.top != O) return !1;
            var b = O.external,
                c = b && b.onloadT;
            b && !b.isValidLoadTime && (c = void 0);
            2147483648 < c && (c = void 0);
            0 < c && b.setPageReadyTime();
            if (void 0 == c) return !1;
            a[Eb] = c;
            return !0
        },
        Y = function(a, b) {
            var c = a[b];
            if (isNaN(c) || Infinity == c || 0 > c) a[b] = void 0
        },
        Fd = function(a) {
            return function(b) {
                "pageview" != b.get(Va) || a.I || (a.I = !0, gc(b, function(b) {
                    a[xc]("timing", b)
                }))
            }
        };
    var hc = !1,
        mc = function(a) {
            if ("cookie" == P(a, ac)) {
                var b = P(a, U),
                    c = nd(a),
                    d = kc(P(a, Yb)),
                    e = lc(P(a, W)),
                    g = 1E3 * R(a, Zb),
                    ca = P(a, Na);
                if ("auto" != e) zc(b, c, d, e, ca, g) && (hc = !0);
                else {
                    J(32);
                    var l;
                    t: {
                        c = [];
                        e = xa()[A](".");
                        if (4 == e[y] && (l = e[e[y] - 1], parseInt(l, 10) == l)) {
                            l = ["none"];
                            break t
                        }
                        for (l = e[y] - 2; 0 <= l; l--) c[p](e[ha](l)[H]("."));
                        c[p]("none");
                        l = c
                    }
                    for (var k = 0; k < l[y]; k++)
                        if (e = l[k], a[q].set(W, e), c = nd(a), zc(b, c, d, e, ca, g)) {
                            hc = !0;
                            return
                        }
                    a[q].set(W, "auto")
                }
            }
        },
        nc = function(a) {
            if ("cookie" == P(a, ac) && !hc && (mc(a), !hc)) throw "abort";
        },
        Yc = function(a) {
            if (a.get(Wc)) {
                var b = P(a, W),
                    c = P(a, $b) || xa(),
                    d = Xc("__utma", c, b);
                d && (J(19), a.set(Tc, (new Date)[da](), !0), a.set(Rc, d.R), (b = Xc("__utmz", c, b)) && d[h] == b[h] && a.set(Sc, b.R))
            }
        },
        nd = function(a) {
            var b = Cc(P(a, Q)),
                c = ic(P(a, W));
            a = jc(P(a, Yb));
            1 < a && (c += "-" + a);
            return ["GA1", c, b][H](".")
        },
        Gc = function(a, b, c) {
            for (var d = [], e = [], g, ca = 0; ca < a[y]; ca++) {
                var l = a[ca];
                if (l.r[c] == b) d[p](l);
                else void 0 == g || l.r[c] < g ? (e = [l], g = l.r[c]) : l.r[c] == g && e[p](l)
            }
            return 0 < d[y] ? d : e
        },
        lc = function(a) {
            return 0 == a[t](".") ? a.substr(1) :
                a
        },
        ic = function(a) {
            return lc(a)[A](".")[y]
        },
        kc = function(a) {
            if (!a) return "/";
            1 < a[y] && a.lastIndexOf("/") == a[y] - 1 && (a = a.substr(0, a[y] - 1));
            0 != a[t]("/") && (a = "/" + a);
            return a
        },
        jc = function(a) {
            a = kc(a);
            return "/" == a ? 1 : a[A]("/")[y]
        };

    function Xc(a, b, c) {
        "none" == b && (b = "");
        var d = [],
            e = Ca(a);
        a = "__utma" == a ? 6 : 2;
        for (var g = 0; g < e[y]; g++) {
            var ca = ("" + e[g])[A](".");
            ca[y] >= a && d[p]({
                hash: ca[0],
                R: e[g],
                O: ca
            })
        }
        return 0 == d[y] ? void 0 : 1 == d[y] ? d[0] : Zc(b, d) || Zc(c, d) || Zc(null, d) || d[0]
    }

    function Zc(a, b) {
        var c, d;
        null == a ? c = d = 1 : (c = La(a), d = La(D(a, ".") ? a[F](1) : "." + a));
        for (var e = 0; e < b[y]; e++)
            if (b[e][h] == c || b[e][h] == d) return b[e]
    };
    var od = new RegExp(/^https?:\/\/([^\/:]+)/),
        pd = /(.*)([?&#])(?:_ga=[^&#]*)(?:&?)(.*)/;

    function Bc(a) {
        a = a.get(Q);
        var b = Ic(a, 0);
        return "_ga=1." + K(b + "." + a)
    }

    function Ic(a, b) {
        for (var c = new Date, d = O[oa], e = d.plugins || [], c = [a, d.userAgent, c.getTimezoneOffset(), c.getYear(), c.getDate(), c.getHours(), c.getMinutes() + b], d = 0; d < e[y]; ++d) c[p](e[d].description);
        return La(c[H]("."))
    }
    var Dc = function(a) {
        J(48);
        this.target = a;
        this.T = !1
    };
    Dc[z].Q = function(a, b) {
        if (a.tagName) {
            if ("a" == a.tagName[I]()) {
                a[Ab] && Pc(a, qd(this, a[Ab], b));
                return
            }
            if ("form" == a.tagName[I]()) return rd(this, a)
        }
        if ("string" == typeof a) return qd(this, a, b)
    };
    var qd = function(a, b, c) {
            var d = pd.exec(b);
            d && 3 <= d[y] && (b = d[1] + (d[3] ? d[2] + d[3] : ""));
            a = a[jd].get("linkerParam");
            var e = b[t]("?"),
                d = b[t]("#");
            c ? b += (-1 == d ? "#" : "&") + a : (c = -1 == e ? "?" : "&", b = -1 == d ? b + (c + a) : b[F](0, d) + c + a + b[F](d));
            return b
        },
        rd = function(a, b) {
            if (b && b[kd]) {
                var c = a[jd].get("linkerParam")[A]("=")[1];
                if ("get" == b.method[I]()) {
                    for (var d = b.childNodes || [], e = 0; e < d[y]; e++)
                        if ("_ga" == d[e][v]) {
                            d[e][id]("value", c);
                            return
                        }
                    d = M[u]("input");
                    d[id]("type", "hidden");
                    d[id]("name", "_ga");
                    d[id]("value", c);
                    b.appendChild(d)
                } else "post" ==
                    b.method[I]() && (b.action = qd(a, b[kd]))
            }
        };
    Dc[z].S = function(a, b, c) {
        function d(c) {
            try {
                c = c || O.event;
                var d;
                t: {
                    var g = c[jd] || c.srcElement;
                    for (c = 100; g && 0 < c;) {
                        if (g[Ab] && g.nodeName[m](/^a(?:rea)?$/i)) {
                            d = g;
                            break t
                        }
                        g = g.parentNode;
                        c--
                    }
                    d = {}
                }("http:" == d[E] || "https:" == d[E]) && sd(a, d[ma] || "") && d[Ab] && Pc(d, qd(e, d[Ab], b))
            } catch (w) {
                J(26)
            }
        }
        var e = this;
        this.T || (this.T = !0, L(M, "mousedown", d, !1), L(M, "touchstart", d, !1), L(M, "keyup", d, !1));
        if (c) {
            c = function(b) {
                b = b || O.event;
                if ((b = b[jd] || b.srcElement) && b[kd]) {
                    var c = b[kd][m](od);
                    c && sd(a, c[1]) && rd(e, b)
                }
            };
            for (var g = 0; g < M.forms[y]; g++) L(M.forms[g],
                "submit", c)
        }
    };

    function sd(a, b) {
        if (b == M[B][ma]) return !1;
        for (var c = 0; c < a[y]; c++)
            if (a[c] instanceof RegExp) {
                if (a[c][pa](b)) return !0
            } else if (0 <= b[t](a[c])) return !0;
        return !1
    };
    var Jd = function(a, b, c, d) {
            this.U = b;
            this.aa = c;
            (b = d) || (b = (b = P(a, V)) && "t0" != b ? Wd[pa](b) ? "_gat_" + Cc(P(a, Na)) : "_gat_" + Cc(b) : "_gat");
            this.Y = b
        },
        Rd = function(a, b) {
            var c = b.get(Wb);
            b.set(Wb, function(b) {
                Pd(a, b);
                var d = c(b);
                Qd(a, b);
                return d
            });
            var d = b.get(Xb);
            b.set(Xb, function(b) {
                var c = d(b);
                Id(a, b);
                return c
            })
        },
        Pd = function(a, b) {
            b.get(a.U) || ("1" == Ca(a.Y)[0] ? b.set(a.U, "", !0) : b.set(a.U, "" + fe(), !0))
        },
        Qd = function(a, b) {
            b.get(a.U) && zc(a.Y, "1", b.get(Yb), b.get(W), b.get(Na), 6E5)
        },
        Id = function(a, b) {
            if (b.get(a.U)) {
                var c = new ee,
                    d = function(a) {
                        c.set($a(a).p, b.get(a))
                    };
                d(hb);
                d(ib);
                d(Na);
                d(Q);
                d(a.U);
                c.set($a(ld).p, Td(b));
                var e = a.aa;
                c.map(function(a, b) {
                    e += K(a) + "=";
                    e += K("" + b) + "&"
                });
                e += "z=" + fe();
                ta(e);
                b.set(a.U, "", !0)
            }
        },
        Wd = /^gtm\d+$/;
    var fd = function(a, b) {
        var c = a.b;
        if (!c.get("dcLoaded")) {
            Nd(c, 29);
            b = b || {};
            var d;
            b[U] && (d = Cc(b[U]));
            d = new Jd(c, ed, "https://stats.g.doubleclick.net/collect?t=dc&aip=1&", d);
            Rd(d, c);
            c.set("dcLoaded", !0)
        }
    };
    var Sd = function(a) {
        var b;
        b = a.get("dcLoaded") ? !1 : "cookie" != a.get(ac) ? !1 : !0;
        b && (Nd(a, 51), b = new Jd(a, ed), Pd(b, a), Qd(b, a), a.get(b.U) && (a.set(Md, 1, !0), a.set(gd, oc() + "/r/collect", !0)))
    };
    var Kd = function(a, b) {
        var c = a.b;
        if (!c.get("_rlsaLoaded")) {
            Nd(c, 38);
            b = b || {};
            if (b[U]) var d = Cc(b[U]);
            d = new Jd(c, Hd, "https://www.google.com/ads/ga-audiences?t=sr&aip=1&", d);
            Rd(d, c);
            c.set("_rlsaLoaded", !0);
            tc("displayfeatures", a, b)
        }
    };
    var Lc = function() {
        var a = O.gaGlobal = O.gaGlobal || {};
        return a.hid = a.hid || fe()
    };
    var ad, bd = function(a, b, c) {
        if (!ad) {
            var d;
            d = M[B][h];
            var e = O[v],
                g = /^#?gaso=([^&]*)/;
            if (e = (d = (d = d && d[m](g) || e && e[m](g)) ? d[1] : Ca("GASO")[0] || "") && d[m](/^(?:!([-0-9a-z.]{1,40})!)?([-.\w]{10,1200})$/i)) zc("GASO", "" + d, c, b, a, 0), f._udo || (f._udo = b), f._utcp || (f._utcp = c), a = e[1], wa("https://www.google.com/analytics/web/inpage/pub/inpage.js?" + (a ? "prefix=" + a + "&" : "") + fe(), "_gasojs");
            ad = !0
        }
    };
    var wb = /^(UA|YT|MO|GP)-(\d+)-(\d+)$/,
        pc = function(a) {
            function b(a, b) {
                d.b[q].set(a, b)
            }

            function c(a, c) {
                b(a, c);
                d.filters.add(a)
            }
            var d = this;
            this.b = new Ya;
            this.filters = new Ha;
            b(V, a[V]);
            b(Na, sa(a[Na]));
            b(U, a[U]);
            b(W, a[W] || xa());
            b(Yb, a[Yb]);
            b(Zb, a[Zb]);
            b($b, a[$b]);
            b(Wc, a[Wc]);
            b(bc, a[bc]);
            b(cc, a[cc]);
            b(Ka, a[Ka]);
            b(dc, a[dc]);
            b(ec, a[ec]);
            b(ac, a[ac]);
            b(Ad, a[Ad]);
            b(hb, 1);
            b(ib, "j33");
            c(Qb, Ma);
            c(dd, cd);
            c(Rb, Oa);
            c(md, vb);
            c(Sb, nc);
            c(Uc, Yc);
            c(Tb, Ja);
            c(Vb, Ta);
            c(Vc, Hc);
            c(zd, yd);
            c(Ld, Sd);
            c(Wb, Pa);
            c(Xb, Sa);
            c(Cd, Fd(this));
            Jc(this.b, a[Q]);
            Kc(this.b);
            this.b.set(jb, Lc());
            bd(this.b.get(Na), this.b.get(W), this.b.get(Yb))
        },
        Jc = function(a, b) {
            if ("cookie" == P(a, ac)) {
                hc = !1;
                var c;
                i: {
                    var d = Ca(P(a, U));
                    if (d && !(1 > d[y])) {
                        c = [];
                        for (var e = 0; e < d[y]; e++) {
                            var g;
                            g = d[e][A](".");
                            var ca = g.shift();
                            ("GA1" == ca || "1" == ca) && 1 < g[y] ? (ca = g.shift()[A]("-"), 1 == ca[y] && (ca[1] = "1"), ca[0] *= 1, ca[1] *= 1, g = {
                                r: ca,
                                s: g[H](".")
                            }) : g = void 0;
                            g && c[p](g)
                        }
                        if (1 == c[y]) {
                            J(13);
                            c = c[0].s;
                            break i
                        }
                        if (0 == c[y]) J(12);
                        else {
                            J(14);
                            d = ic(P(a, W));
                            c = Gc(c, d, 0);
                            if (1 == c[y]) {
                                c = c[0].s;
                                break i
                            }
                            d =
                                jc(P(a, Yb));
                            c = Gc(c, d, 1);
                            c = c[0] && c[0].s;
                            break i
                        }
                    }
                    c = void 0
                }
                c || (c = P(a, W), d = P(a, $b) || xa(), c = Xc("__utma", d, c), void 0 != c ? (J(10), c = c.O[1] + "." + c.O[2]) : c = void 0);
                c && (a[q].set(Q, c), hc = !0)
            }
            c = a.get(cc);
            if (e = (c = M[B][c ? "href" : "search"][m]("(?:&|#|\\?)" + K("_ga")[Qc](/([.*+?^=!:${}()|\[\]\/\\])/g, "\\$1") + "=([^&#]*)")) && 2 == c[y] ? c[1] : "") a.get(bc) ? (c = e[t]("."), -1 == c ? J(22) : (d = e[F](c + 1), "1" != e[F](0, c) ? J(22) : (c = d[t]("."), -1 == c ? J(22) : (e = d[F](0, c), c = d[F](c + 1), e != Ic(c, 0) && e != Ic(c, -1) && e != Ic(c, -2) ? J(23) : (J(11), a[q].set(Q,
                c)))))) : J(21);
            b && (J(9), a[q].set(Q, K(b)));
            a.get(Q) || ((c = (c = O.gaGlobal && O.gaGlobal.vid) && -1 != c[ga](/^(?:utma\.)?\d+\.\d+$/) ? c : void 0) ? (J(17), a[q].set(Q, c)) : (J(8), a[q].set(Q, [fe() ^ Mc() & 2147483647, n.round((new Date)[da]() / 1E3)][H]("."))));
            mc(a)
        },
        Kc = function(a) {
            var b = O[oa],
                c = O.screen,
                d = M[B];
            a.set(lb, ya(a.get(ec)));
            if (d) {
                var e = d.pathname || "";
                "/" != e.charAt(0) && (J(31), e = "/" + e);
                a.set(kb, d[E] + "//" + d[ma] + e + d[ga])
            }
            c && a.set(qb, c.width + "x" + c.height);
            c && a.set(pb, c.colorDepth + "-bit");
            var c = M.documentElement,
                g = (e =
                    M.body) && e[la] && e[na],
                ca = [];
            c && c[la] && c[na] && ("CSS1Compat" === M.compatMode || !g) ? ca = [c[la], c[na]] : g && (ca = [e[la], e[na]]);
            c = 0 >= ca[0] || 0 >= ca[1] ? "" : ca[H]("x");
            a.set(rb, c);
            a.set(tb, fc());
            a.set(ob, M.characterSet || M.charset);
            a.set(sb, b && "function" === typeof b.javaEnabled && b.javaEnabled() || !1);
            a.set(nb, (b && (b.language || b.browserLanguage) || "")[I]());
            if (d && a.get(cc) && (b = M[B][h])) {
                b = b[A](/[?&#]+/);
                d = [];
                for (c = 0; c < b[y]; ++c)(D(b[c], "utm_id") || D(b[c], "utm_campaign") || D(b[c], "utm_source") || D(b[c], "utm_medium") || D(b[c],
                    "utm_term") || D(b[c], "utm_content") || D(b[c], "gclid") || D(b[c], "dclid") || D(b[c], "gclsrc")) && d[p](b[c]);
                0 < d[y] && (b = "#" + d[H]("&"), a.set(kb, a.get(kb) + b))
            }
        };
    pc[z].get = function(a) {
        return this.b.get(a)
    };
    pc[z].set = function(a, b) {
        this.b.set(a, b)
    };
    var qc = {
        pageview: [mb],
        event: [ub, xb, yb, zb],
        social: [Bb, Cb, Db],
        timing: [Mb, Nb, Pb, Ob]
    };
    pc[z].send = function(a) {
        if (!(1 > arguments[y])) {
            var b, c;
            "string" === typeof arguments[0] ? (b = arguments[0], c = [][ha][C](arguments, 1)) : (b = arguments[0] && arguments[0][Va], c = arguments);
            b && (c = za(qc[b] || [], c), c[Va] = b, this.b.set(c, void 0, !0), this.filters.D(this.b), this.b[q].m = {}, je(this.b))
        }
    };
    var rc = function(a) {
        if ("prerender" == M.visibilityState) return !1;
        a();
        return !0
    };
    var td = /^(?:(\w+)\.)?(?:(\w+):)?(\w+)$/,
        sc = function(a) {
            if (ea(a[0])) this.u = a[0];
            else {
                var b = td.exec(a[0]);
                null != b && 4 == b[y] && (this.c = b[1] || "t0", this.e = b[2] || "", this.d = b[3], this.a = [][ha][C](a, 1), this.e || (this.A = "create" == this.d, this.i = "require" == this.d, this.g = "provide" == this.d, this.ba = "remove" == this.d), this.i && (3 <= this.a[y] ? (this.X = this.a[1], this.W = this.a[2]) : this.a[1] && (qa(this.a[1]) ? this.X = this.a[1] : this.W = this.a[1])));
                b = a[1];
                a = a[2];
                if (!this.d) throw "abort";
                if (this.i && (!qa(b) || "" == b)) throw "abort";
                if (this.g &&
                    (!qa(b) || "" == b || !ea(a))) throw "abort";
                if (ud(this.c) || ud(this.e)) throw "abort";
                if (this.g && "t0" != this.c) throw "abort";
            }
        };

    function ud(a) {
        return 0 <= a[t](".") || 0 <= a[t](":")
    };
    var Yd, Zd, $d;
    Yd = new ee;
    $d = new ee;
    Zd = {
        ec: 45,
        ecommerce: 46,
        linkid: 47
    };
    var tc = function(a, b, c) {
            b == N || b.get(V);
            var d = Yd.get(a);
            if (!ea(d)) return !1;
            b.plugins_ = b.plugins_ || new ee;
            if (b.plugins_.get(a)) return !0;
            b.plugins_.set(a, new d(b, c || {}));
            return !0
        },
        ae = function(a) {
            function b(a) {
                var b = (a[ma] || "")[A](":")[0][I](),
                    c = (a[E] || "")[I](),
                    c = 1 * a[ja] || ("http:" == c ? 80 : "https:" == c ? 443 : "");
                a = a.pathname || "";
                D(a, "/") || (a = "/" + a);
                return [b, "" + c, a]
            }
            var c = M[u]("a");
            Pc(c, M[B][Ab]);
            var d = (c[E] || "")[I](),
                e = b(c),
                g = c[ga] || "",
                ca = d + "//" + e[0] + (e[1] ? ":" + e[1] : "");
            D(a, "//") ? a = d + a : D(a, "/") ? a = ca + a : !a || D(a,
                "?") ? a = ca + e[2] + (a || g) : 0 > a[A]("/")[0][t](":") && (a = ca + e[2][F](0, e[2].lastIndexOf("/")) + "/" + a);
            Pc(c, a);
            d = b(c);
            return {
                protocol: (c[E] || "")[I](),
                host: d[0],
                port: d[1],
                path: d[2],
                G: c[ga] || "",
                url: a || ""
            }
        };
    var Z = {
        ga: function() {
            Z.f = []
        }
    };
    Z.ga();
    Z.D = function(a) {
        var b = Z.J[G](Z, arguments),
            b = Z.f.concat(b);
        for (Z.f = []; 0 < b[y] && !Z.v(b[0]) && !(b.shift(), 0 < Z.f[y]););
        Z.f = Z.f.concat(b)
    };
    Z.J = function(a) {
        for (var b = [], c = 0; c < arguments[y]; c++) try {
            var d = new sc(arguments[c]);
            if (d.g) Yd.set(d.a[0], d.a[1]);
            else {
                if (d.i) {
                    var e = d,
                        g = e.a[0];
                    if (!ea(Yd.get(g)) && !$d.get(g)) {
                        Zd[ra](g) && J(Zd[g]);
                        var ca = e.X;
                        !ca && Zd[ra](g) ? (J(39), ca = g + ".js") : J(43);
                        if (ca) {
                            ca && 0 <= ca[t]("/") || (ca = (Ba || Ud() ? "https:" : "http:") + "//www.google-analytics.com/plugins/ua/" + ca);
                            var l = ae(ca),
                                e = void 0;
                            var k = l[E],
                                w = M[B][E],
                                e = "https:" == k || k == w ? !0 : "http:" != k ? !1 : "http:" == w;
                            var Xd;
                            if (Xd = e) {
                                var e = l,
                                    be = ae(M[B][Ab]);
                                if (e.G || 0 <= e.url[t]("?") ||
                                    0 <= e.path[t]("://")) Xd = !1;
                                else if (e.host == be.host && e[ja] == be[ja]) Xd = !0;
                                else {
                                    var ce = "http:" == e[E] ? 80 : 443;
                                    Xd = "www.google-analytics.com" == e.host && (e[ja] || ce) == ce && D(e.path, "/plugins/") ? !0 : !1
                                }
                            }
                            Xd && (wa(l.url), $d.set(g, !0))
                        }
                    }
                }
                b[p](d)
            }
        } catch (de) {}
        return b
    };
    Z.v = function(a) {
        try {
            if (a.u) a.u[C](O, N.j("t0"));
            else {
                var b = a.c == gb ? N : N.j(a.c);
                if (a.A) "t0" == a.c && N.create[G](N, a.a);
                else if (a.ba) N.remove(a.c);
                else if (b)
                    if (a.i) {
                        if (!tc(a.a[0], b, a.W)) return !0
                    } else if (a.e) {
                    var c = a.d,
                        d = a.a,
                        e = b.plugins_.get(a.e);
                    e[c][G](e, d)
                } else b[a.d][G](b, a.a)
            }
        } catch (g) {}
    };
    var N = function(a) {
        J(1);
        Z.D[G](Z, [arguments])
    };
    N.h = {};
    N.P = [];
    N.L = 0;
    N.answer = 42;
    var uc = [Na, W, V];
    N.create = function(a) {
        var b = za(uc, [][ha][C](arguments));
        b[V] || (b[V] = "t0");
        var c = "" + b[V];
        if (N.h[c]) return N.h[c];
        b = new pc(b);
        N.h[c] = b;
        N.P[p](b);
        return b
    };
    N.remove = function(a) {
        for (var b = 0; b < N.P[y]; b++)
            if (N.P[b].get(V) == a) {
                N.P.splice(b, 1);
                N.h[a] = null;
                break
            }
    };
    N.j = function(a) {
        return N.h[a]
    };
    N.K = function() {
        return N.P[ha](0)
    };
    N.N = function() {
        "ga" != gb && J(49);
        var a = O[gb];
        if (!a || 42 != a.answer) {
            N.L = a && a.l;
            N.loaded = !0;
            var b = O[gb] = N;
            X("create", b, b.create);
            X("remove", b, b.remove);
            X("getByName", b, b.j, 5);
            X("getAll", b, b.K, 6);
            b = pc[z];
            X("get", b, b.get, 7);
            X("set", b, b.set, 4);
            X("send", b, b[xc]);
            b = Ya[z];
            X("get", b, b.get);
            X("set", b, b.set);
            if (!Ud() && !Ba) {
                t: {
                    for (var b = M.getElementsByTagName("script"), c = 0; c < b[y] && 100 > c; c++) {
                        var d = b[c].src;
                        if (d && 0 == d[t]("https://www.google-analytics.com/analytics")) {
                            J(33);
                            b = !0;
                            break t
                        }
                    }
                    b = !1
                }
                b && (Ba = !0)
            }
            Ud() || Ba ||
                !Ed(new Od) || (J(36), Ba = !0);
            (O.gaplugins = O.gaplugins || {}).Linker = Dc;
            b = Dc[z];
            Yd.set("linker", Dc);
            X("decorate", b, b.Q, 20);
            X("autoLink", b, b.S, 25);
            Yd.set("displayfeatures", fd);
            Yd.set("adfeatures", Kd);
            a = a && a.q;
            ka(a) ? Z.D[G](N, a) : J(50)
        }
    };
    N.k = function() {
        for (var a = N.K(), b = 0; b < a[y]; b++) a[b].get(V)
    };
    (function() {
        var a = N.N;
        if (!rc(a)) {
            J(16);
            var b = !1,
                c = function() {
                    if (!b && rc(a)) {
                        b = !0;
                        var d = c,
                            e = M;
                        e.removeEventListener ? e.removeEventListener("visibilitychange", d, !1) : e.detachEvent && e.detachEvent("onvisibilitychange", d)
                    }
                };
            L(M, "visibilitychange", c)
        }
    })();

    function La(a) {
        var b = 1,
            c = 0,
            d;
        if (a)
            for (b = 0, d = a[y] - 1; 0 <= d; d--) c = a.charCodeAt(d), b = (b << 6 & 268435455) + c + (c << 14), c = b & 266338304, b = 0 != c ? b ^ c >> 21 : b;
        return b
    };
})(window);

Edit: I suspect there was some kind of minification used on it, sorry.

itman · Nov 6, 2015

I use the Stop Google Tracking add-on in IE and it blocks that javascript:

Gullible Jones · Nov 6, 2015

@itman

Probably a minified copy of some Google tracking stuff then.

The real malice appears to be in the embedded JS.

Log in or Sign up

Code: PORNDROID9007QD1 (insufficient privileges to post in Browser Hijacks forum)

Valder Registered Member

roger_m Registered Member

Valder Registered Member

roger_m Registered Member

Gullible Jones Registered Member

Gullible Jones Registered Member

Gullible Jones Registered Member

Gullible Jones Registered Member

Gullible Jones Registered Member

Gullible Jones Registered Member

itman Registered Member

Gullible Jones Registered Member

Log in or Sign up

Code: PORNDROID9007QD1 (insufficient privileges to post in Browser Hijacks forum)

Valder Registered Member

roger_m Registered Member

Valder Registered Member

roger_m Registered Member

Gullible Jones Registered Member

Gullible Jones Registered Member

Gullible Jones Registered Member

Gullible Jones Registered Member

Gullible Jones Registered Member

Gullible Jones Registered Member

itman Registered Member

Gullible Jones Registered Member

Useful Searches