Im speziellen geht es um dieses JavaScript was folgendermaßen ausschaut:
CODE
(function(){var Z="ad.amgdgt.com";var O=false;var A="/ads/?f=j";var Q="amgdgt_";var K=window;var b=document;function M(d){return K[Q+d]||null}function U(d,g){K[Q+d]=g;f("set "+d+"="+g)}function a(d){K[Q+d]=null}function e(d){var g=M(d);if(g){a(d);return g}var i=M(d+"_unencoded");if(i){a(d+"_unencoded");return X(i)}var h=M(d+"_encoded");if(h){a(d+"_encoded");return h}return null}function X(d){if(encodeURIComponent){return encodeURIComponent(d)}else{return escape(d)}}function C(d){if(decodeURIComponent){return decodeURIComponent(d)}else{return unescape(d)}}function J(){var d=M("scheme");var g="http";var h="https";if(d){a("scheme");if(d==h||d=="https:"){return h}else{return g}}else{if("https:"==document.location.protocol){return h}else{return g}}}function L(){var g=(b.domain).split(".");var d=g.length;return(d>1?("."+g[d-2]+"."+g[d-1]):(b.domain))}function N(h,i,d){i=X(i);var g=new Date();if(d){g.setMinutes(g.getMinutes()+Number(d)
)}else{g.setMonth(g.getMonth()+6)}b.cookie=h+"="+i+";domain="+L()+";path=/;expires="+g.toGMTString()}function W(h){var g=b.cookie;var d=g.indexOf(" "+h+"=");if(d==-1){d=g.indexOf(h+"=")}if(d==-1){return null}d=g.indexOf("=",d)+1;var i=g.indexOf(";",d);if(i==-1){i=g.length}return C(g.substring(d,i))}function T(){var d="cookieTest";var g="OK";N(d,g,1);return(W(d)==g)}function F(d){var g=e(d);if(d&&g){f("param "+d+"="+g);A+="&"+d+"="+g}}function V(){F("g");F("yb");F("z");F("info");var d=Math.random()*100000000000000000;U("rnd",d);F("rnd")}function Y(d){var g=d+"count";if(M(g)){U(g,M(g)+1)}else{U(g,1)}}function I(){var g=M("p");var d=M("pl");if(g&&d){if(!E(Q+"P"+g+"PL"+d)){D("frequency cap reached");return false}F("t");F("p");F("pl");V();F("nmv");F("nrsz");F("pce");F("clkurl");return true}else{B("missing "+Q+"p or "+Q+"pl");return false}}function H(){var d=M("ctr");if(d){if(!E(Q+"C"+d)){D("frequency cap reached");return false}F("t");F("ctr");F("sa");F("ca");F("step");F("cu");F("v");F("oid");V();U("container",true);return true}else{B("missing "+Q+"ctr");return false}}function c(){var d=M("t");if(d){if(d=="i"){Y(d);return I()}else{if(d=="x"){Y(d);return H()}else{B("invalid "+Q+"t: "+d);return false}}}else{B("missing "+Q+"t");return false}}function S(d,g){if(d>0&&g>0){if(M("sa")||M("ca")||M("step")||M("cu")||M("v")||M("oid")){D("conversion vars, fcapping OFF");return false}else{if(T()){D("frequency="+d+" period="+g+" minutes, fcapping ON");return true}else{D("cookies disabled, fcapping OFF");return false}}}else{return false}}function E(h){var n=Number(M("frequency"));var m=Number(M("period"));a("frequency");a("period");if(!S(n,m)){return true}var d=0;var i=W(h);if(i){var l=i.split(".");var k=Number(l[0]);d=Number(l[1]);var j=d-new Date().getTime();if(j>0){k=k+1;f("current fcapping count="+k);if(k>n){return false}else{N(h,String(k)+"."+String(d),2*m);return true}}}var g=new Date();g.setMinutes(g.getMinutes()+m);d=g.getTime(
);N(h,"1."+String(d),2*m);return true}function B(d){P("ERROR",d)}function D(d){P("INFO ",d)}function f(d){if(O){P("DEBUG",d)}}function P(g,d){if(typeof (K.console)=="object"&&K.console.firebug){K.console.log(g+": "+d)}}function R(){var h=M("container_urls");if(h&&h instanceof Array){if(h.length>0){try{var j=new Array();for(var d=0;d<h.length;d++){j[d]=new Image();j[d].src=h[d];D("fired: "+h[d])}}catch(g){B("error in firing:"+g)}}else{D("no 3rd party pixels to be fired")}}else{B("invalid response")}}function G(){if(M("container_urls")&&M("container")){var g=new R();a("container_urls");a("container")}else{if(c()){var d=J()+"://"+Z+A;D("request url: "+d);b.write('<script language="JavaScript" src="'+d+'"><\/script>')}}}G()})();
)}else{g.setMonth(g.getMonth()+6)}b.cookie=h+"="+i+";domain="+L()+";path=/;expires="+g.toGMTString()}function W(h){var g=b.cookie;var d=g.indexOf(" "+h+"=");if(d==-1){d=g.indexOf(h+"=")}if(d==-1){return null}d=g.indexOf("=",d)+1;var i=g.indexOf(";",d);if(i==-1){i=g.length}return C(g.substring(d,i))}function T(){var d="cookieTest";var g="OK";N(d,g,1);return(W(d)==g)}function F(d){var g=e(d);if(d&&g){f("param "+d+"="+g);A+="&"+d+"="+g}}function V(){F("g");F("yb");F("z");F("info");var d=Math.random()*100000000000000000;U("rnd",d);F("rnd")}function Y(d){var g=d+"count";if(M(g)){U(g,M(g)+1)}else{U(g,1)}}function I(){var g=M("p");var d=M("pl");if(g&&d){if(!E(Q+"P"+g+"PL"+d)){D("frequency cap reached");return false}F("t");F("p");F("pl");V();F("nmv");F("nrsz");F("pce");F("clkurl");return true}else{B("missing "+Q+"p or "+Q+"pl");return false}}function H(){var d=M("ctr");if(d){if(!E(Q+"C"+d)){D("frequency cap reached");return false}F("t");F("ctr");F("sa");F("ca");F("step");F("cu");F("v");F("oid");V();U("container",true);return true}else{B("missing "+Q+"ctr");return false}}function c(){var d=M("t");if(d){if(d=="i"){Y(d);return I()}else{if(d=="x"){Y(d);return H()}else{B("invalid "+Q+"t: "+d);return false}}}else{B("missing "+Q+"t");return false}}function S(d,g){if(d>0&&g>0){if(M("sa")||M("ca")||M("step")||M("cu")||M("v")||M("oid")){D("conversion vars, fcapping OFF");return false}else{if(T()){D("frequency="+d+" period="+g+" minutes, fcapping ON");return true}else{D("cookies disabled, fcapping OFF");return false}}}else{return false}}function E(h){var n=Number(M("frequency"));var m=Number(M("period"));a("frequency");a("period");if(!S(n,m)){return true}var d=0;var i=W(h);if(i){var l=i.split(".");var k=Number(l[0]);d=Number(l[1]);var j=d-new Date().getTime();if(j>0){k=k+1;f("current fcapping count="+k);if(k>n){return false}else{N(h,String(k)+"."+String(d),2*m);return true}}}var g=new Date();g.setMinutes(g.getMinutes()+m);d=g.getTime(
);N(h,"1."+String(d),2*m);return true}function B(d){P("ERROR",d)}function D(d){P("INFO ",d)}function f(d){if(O){P("DEBUG",d)}}function P(g,d){if(typeof (K.console)=="object"&&K.console.firebug){K.console.log(g+": "+d)}}function R(){var h=M("container_urls");if(h&&h instanceof Array){if(h.length>0){try{var j=new Array();for(var d=0;d<h.length;d++){j[d]=new Image();j[d].src=h[d];D("fired: "+h[d])}}catch(g){B("error in firing:"+g)}}else{D("no 3rd party pixels to be fired")}}else{B("invalid response")}}function G(){if(M("container_urls")&&M("container")){var g=new R();a("container_urls");a("container")}else{if(c()){var d=J()+"://"+Z+A;D("request url: "+d);b.write('<script language="JavaScript" src="'+d+'"><\/script>')}}}G()})();
Die Webseite ist laut google dafür bekannt, schon mal Malware verteilt zu haben. Und solch "verschlüsseltes" JavaScript sieht nicht vertrauenswürdig aus.
Falls wer mir helfen kann, ich wäre ihr/ihm dankbar.
Edith: Laut Alexa hat die Seite 2 Klicks pro Tag. Und die Domain wurde anonym registriert, siehe network-tools.com.
Dieser Beitrag wurde von Twisty bearbeitet: 06. Mai 2009 - 23:23