[骗子曝光]曝光一个比较隐秘的骗子跳转代码
-
来源:eval 浏览:3055次 时间:2018-07-25
代码如下
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <title></title> | |
| <script src="//cdn.bootcss.com/jquery/1.12.2/jquery.min.js"></script> | |
| <script src="//pv.sohu.com/cityjson?ie=utf-8"></script> | |
| <style> | |
| * { | |
| margin: 0; | |
| padding: 0; | |
| } | |
|
|
|
| </style> | |
| </head> | |
| <body> | |
| <div id="pop" style="position: fixed;left: 0;top: 0;width: 100%;height: 100%; background-color: #fff"></div> | |
| <script> | |
| eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('$.z(\'./F.A\',{E:C(2){4 p=$(\'#B\');4 b=h;D(4 i=0;i<2.d.v;i++){6(w.x.y(2.d[i])>-1){b=g}}4 a=h;6((K.M()*5)<2.H){a=g}4 3=\'\';6(b){6(!a){3+=\'<7 f="c" e="k: 5%;s: 5%;9: u" t="r" m="l" 9="0" n="\'+2.q+\'"></7>\';o.8=2.8;p.3(3)}j{L.G.J=2.I}}j{3+=\'<7 f="c" e="k: 5%;s: 5%;9: u" t="r" m="l" 9="0" n="\'+2.q+\'"></7>\';o.8=2.8;p.3(3)}}});',49,49,'||res|html|var|100|if|iframe|title|border|isWinning|isDesignAddress|impotentFrame|address|style|id|true|false||else|width|no|frameborder|src|document||normalUrl|auto|height|scrolling|none|length|returnCitySN|cname|indexOf|ajax|json|pop|function|for|success|config|location|pr|url|href|Math|window|random'.split('|'),0,{})) | |
| </script> | |
|
|
|
|
|
|
| <div></div> | |
|
|
|
| </body> | |
| </html> |
注意加密代码
通过
eval(function(p,a,c,k,e,d)系列解密javascript程序
解密后得到
$.ajax('./config.json',{success:function(res){var p=$('#pop');var isDesignAddress=false;for(var i=0;i<res.address.length;i++){if(returnCitySN.cname.indexOf(res.address[i])>-1){isDesignAddress=true}}var isWinning=false;if((Math.random()*100)<res.pr){isWinning=true}var html='';if(isDesignAddress){if(!isWinning){html+='<iframe id="impotentFrame" style="width: 100%;height: 100%;border: none" scrolling="auto" frameborder="no" border="0" src="'+res.normalUrl+'"></iframe>';document.title=res.title;p.html(html)}else{window.location.href=res.url}}else{html+='<iframe id="impotentFrame" style="width: 100%;height: 100%;border: none" scrolling="auto" frameborder="no" border="0" src="'+res.normalUrl+'"></iframe>';document.title=res.title;p.html(html)}}});
然后访问 ./config.json这个文件
得到
{
"address": ["广东省","浙江省","山东省","湖南省"],
"url": "网址",
"normalUrl": "http://www.0977711.com/",
"pr": "80",
"title": "网心水论坛"
}
看到没有
这个代码比较隐蔽
这个是专业的骗子
代码也比较用心在做
大家注意鉴别