[骗子曝光]曝光一个比较隐秘的骗子跳转代码

来源：eval　浏览：2965次　时间：2018-07-25

代码如下

	<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="UTF-8">
	<title></title>
	<script src="//cdn.bootcss.com/jquery/1.12.2/jquery.min.js"></script>
	<script src="//pv.sohu.com/cityjson?ie=utf-8"></script>
	<style>
	* {
	margin: 0;
	padding: 0;
	}

	</style>
	</head>
	<body>
	<div id="pop" style="position: fixed;left: 0;top: 0;width: 100%;height: 100%; background-color: #fff"></div>
	<script>
	eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]\|\|e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('$.z(\'./F.A\',{E:C(2){4 p=$(\'#B\');4 b=h;D(4 i=0;i<2.d.v;i++){6(w.x.y(2.d[i])>-1){b=g}}4 a=h;6((K.M()*5)<2.H){a=g}4 3=\'\';6(b){6(!a){3+=\'<7 f="c" e="k: 5%;s: 5%;9: u" t="r" m="l" 9="0" n="\'+2.q+\'"></7>\';o.8=2.8;p.3(3)}j{L.G.J=2.I}}j{3+=\'<7 f="c" e="k: 5%;s: 5%;9: u" t="r" m="l" 9="0" n="\'+2.q+\'"></7>\';o.8=2.8;p.3(3)}}});',49,49,'\|\|res\|html\|var\|100\|if\|iframe\|title\|border\|isWinning\|isDesignAddress\|impotentFrame\|address\|style\|id\|true\|false\|\|else\|width\|no\|frameborder\|src\|document\|\|normalUrl\|auto\|height\|scrolling\|none\|length\|returnCitySN\|cname\|indexOf\|ajax\|json\|pop\|function\|for\|success\|config\|location\|pr\|url\|href\|Math\|window\|random'.split('\|'),0,{}))
	</script>


	<div></div>

	</body>
	</html>

注意加密代码

通过

eval(function(p,a,c,k,e,d)系列解密javascript程序

解密后得到

$.ajax('./config.json',{success:function(res){var p=$('#pop');var isDesignAddress=false;for(var i=0;i<res.address.length;i++){if(returnCitySN.cname.indexOf(res.address[i])>-1){isDesignAddress=true}}var isWinning=false;if((Math.random()*100)<res.pr){isWinning=true}var html='';if(isDesignAddress){if(!isWinning){html+='<iframe id="impotentFrame" style="width: 100%;height: 100%;border: none" scrolling="auto" frameborder="no" border="0" src="'+res.normalUrl+'"></iframe>';document.title=res.title;p.html(html)}else{window.location.href=res.url}}else{html+='<iframe id="impotentFrame" style="width: 100%;height: 100%;border: none" scrolling="auto" frameborder="no" border="0" src="'+res.normalUrl+'"></iframe>';document.title=res.title;p.html(html)}}});

然后访问 ./config.json这个文件

得到

{
    "address": ["广东省","浙江省","山东省","湖南省"],
    "url": "网址",
    "normalUrl": "http://www.0977711.com/",
"pr": "80",
    "title": "网心水论坛"
}