jasu8.com Redirect - Reverse string #188
ShadowWhisperer
started this conversation in
General
Replies: 4 comments 3 replies
-
|
First it seems like there is a domain redirect at server level, rather than on the script level... Do this looks like the html you get?? 1. attempts
<!DOCTYPE html>
<html lang="en">
<head>
<script type="module" src="https://j15a.hasls.com/pc/assets/polyfills-modern.4e183e10.js"></script>
<meta charset="UTF-8" />
<link rel="icon" href="https://j15a.hasls.com/pc/favicon1.ico" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="referrer" content="no-referrer" />
<link rel="stylesheet" href="https://j15a.hasls.com/pc/ckplayer/css/ckplayer.css" />
<!-- <link rel="manifest" href="/desktop/manifest.webmanifest"> -->
<title>含羞草</title>
<style>
body,
html {
width: 100%;
height: 100%;
margin: 0;
padding: 0;
background: var(--el-bg-color);
color: #fff;
min-width: 980px;
}
</style>
<style>
html[data-theme='dark'] .app-loading {
background-color: #2c344a;
}
html[data-theme='dark'] .app-loading .app-loading-title {
color: rgba(255, 255, 255, 0.85);
}
.app-loading {
display: flex;
width: 100%;
height: 100%;
justify-content: center;
align-items: center;
flex-direction: column;
background-color: #f4f7f9;
}
.app-loading .app-loading-wrap {
position: absolute;
top: 50%;
left: 50%;
display: flex;
transform: translate3d(-50%, -50%, 0);
justify-content: center;
align-items: center;
flex-direction: column;
}
.app-loading .dots {
display: flex;
padding: 98px;
justify-content: center;
align-items: center;
}
.app-loading .app-loading-title {
display: flex;
margin-top: 30px;
font-size: 30px;
color: rgba(0, 0, 0, 0.85);
justify-content: center;
align-items: center;
}
.app-loading .app-loading-logo {
display: block;
width: 90px;
margin: 0 auto;
margin-bottom: 20px;
}
.dot {
position: relative;
display: inline-block;
width: 48px;
height: 48px;
margin-top: 30px;
font-size: 32px;
transform: rotate(45deg);
box-sizing: border-box;
animation: antRotate 1.2s infinite linear;
}
.dot i {
position: absolute;
display: block;
width: 20px;
height: 20px;
background-color: #0065cc;
border-radius: 100%;
opacity: 0.3;
transform: scale(0.75);
animation: antSpinMove 1s infinite linear alternate;
transform-origin: 50% 50%;
}
.dot i:nth-child(1) {
top: 0;
left: 0;
}
.dot i:nth-child(2) {
top: 0;
right: 0;
animation-delay: 0.4s;
}
.dot i:nth-child(3) {
right: 0;
bottom: 0;
animation-delay: 0.8s;
}
.dot i:nth-child(4) {
bottom: 0;
left: 0;
animation-delay: 1.2s;
}
@keyframes antRotate {
to {
transform: rotate(405deg);
}
}
@keyframes antSpinMove {
to {
opacity: 1;
}
}
</style>
<script type="module" crossorigin src="https://j15a.hasls.com/pc/assets/index.4ace6b5d.js"></script>
<link rel="modulepreload" crossorigin href="https://j15a.hasls.com/pc/assets/vendor.b5b8dfb4.js">
<link rel="stylesheet" href="https://j15a.hasls.com/pc/assets/vendor.17e8898a.css">
<link rel="stylesheet" href="https://j15a.hasls.com/pc/assets/index.46a97f87.css">
<script type="module">try{import("_").catch(()=>1);}catch(e){}window.__vite_is_dynamic_import_support=true;</script>
<script type="module">!function(){if(window.__vite_is_dynamic_import_support)return;console.warn("vite: loading legacy build because dynamic import is unsupported, syntax error above should be ignored");var e=document.getElementById("vite-legacy-polyfill"),n=document.createElement("script");n.src=e.src,n.onload=function(){System.import(document.getElementById('vite-legacy-entry').getAttribute('data-src'))},document.body.appendChild(n)}();</script>
</head>
<body>
<div id="app" onselectstart="return false">
<div class="app-loading">
<div class="app-loading-wrap">
<div class="app-loading-dots">
<span class="dot dot-spin"><i></i><i></i><i></i><i></i></span>
</div>
<div class="app-loading-title">加载中~</div>
</div>
</div>
</div>
<script nomodule>!function(){var e=document,t=e.createElement("script");if(!("noModule"in t)&&"onbeforeload"in t){var n=!1;e.addEventListener("beforeload",(function(e){if(e.target===t)n=!0;else if(!e.target.hasAttribute("nomodule")||!n)return;e.preventDefault()}),!0),t.type="module",t.src=".",e.head.appendChild(t),t.remove()}}();</script>
<script nomodule id="vite-legacy-polyfill" src="https://j15a.hasls.com/pc/assets/polyfills-legacy.52ee5f32.js"></script>
<script nomodule id="vite-legacy-entry" data-src="https://j15a.hasls.com/pc/assets/index-legacy.98ab12ee.js">System.import(document.getElementById('vite-legacy-entry').getAttribute('data-src'))</script>
</body>
<script async src="https://j15a.hasls.com/pc/js/jumpOfDeviceType.min.js?v=1.0.1"></script>
<script async name="ckplayer" data-name="ckplayer" src="https://j15a.hasls.com/pc/ckplayer/js/ckplayer.min.js?v=1.1.6"></script>
<script async type="text/javascript" src="https://j15a.hasls.com/pc/js/mediainfo.min.js"></script>
<!-- Google tag (gtag.js) -->
<script async src='https://www.googletagmanager.com/gtag/js?id=G-KVLL0S93K7'></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-KVLL0S93K7');
</script>
</html>2. attempt
<!DOCTYPE html>
<html lang="en">
<head>
<script type="module" src="https://j15a.hasls.com/pc/assets/polyfills-modern.4e183e10.js"></script>
<meta charset="UTF-8" />
<link rel="icon" href="https://j15a.hasls.com/pc/favicon1.ico" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="referrer" content="no-referrer" />
<link rel="stylesheet" href="https://j15a.hasls.com/pc/ckplayer/css/ckplayer.css" />
<!-- <link rel="manifest" href="/desktop/manifest.webmanifest"> -->
<title>含羞草</title>
<style>
body,
html {
width: 100%;
height: 100%;
margin: 0;
padding: 0;
background: var(--el-bg-color);
color: #fff;
min-width: 980px;
}
</style>
<style>
html[data-theme='dark'] .app-loading {
background-color: #2c344a;
}
html[data-theme='dark'] .app-loading .app-loading-title {
color: rgba(255, 255, 255, 0.85);
}
.app-loading {
display: flex;
width: 100%;
height: 100%;
justify-content: center;
align-items: center;
flex-direction: column;
background-color: #f4f7f9;
}
.app-loading .app-loading-wrap {
position: absolute;
top: 50%;
left: 50%;
display: flex;
transform: translate3d(-50%, -50%, 0);
justify-content: center;
align-items: center;
flex-direction: column;
}
.app-loading .dots {
display: flex;
padding: 98px;
justify-content: center;
align-items: center;
}
.app-loading .app-loading-title {
display: flex;
margin-top: 30px;
font-size: 30px;
color: rgba(0, 0, 0, 0.85);
justify-content: center;
align-items: center;
}
.app-loading .app-loading-logo {
display: block;
width: 90px;
margin: 0 auto;
margin-bottom: 20px;
}
.dot {
position: relative;
display: inline-block;
width: 48px;
height: 48px;
margin-top: 30px;
font-size: 32px;
transform: rotate(45deg);
box-sizing: border-box;
animation: antRotate 1.2s infinite linear;
}
.dot i {
position: absolute;
display: block;
width: 20px;
height: 20px;
background-color: #0065cc;
border-radius: 100%;
opacity: 0.3;
transform: scale(0.75);
animation: antSpinMove 1s infinite linear alternate;
transform-origin: 50% 50%;
}
.dot i:nth-child(1) {
top: 0;
left: 0;
}
.dot i:nth-child(2) {
top: 0;
right: 0;
animation-delay: 0.4s;
}
.dot i:nth-child(3) {
right: 0;
bottom: 0;
animation-delay: 0.8s;
}
.dot i:nth-child(4) {
bottom: 0;
left: 0;
animation-delay: 1.2s;
}
@keyframes antRotate {
to {
transform: rotate(405deg);
}
}
@keyframes antSpinMove {
to {
opacity: 1;
}
}
</style>
<script type="module" crossorigin src="https://j15a.hasls.com/pc/assets/index.4ace6b5d.js"></script>
<link rel="modulepreload" crossorigin href="https://j15a.hasls.com/pc/assets/vendor.b5b8dfb4.js">
<link rel="stylesheet" href="https://j15a.hasls.com/pc/assets/vendor.17e8898a.css">
<link rel="stylesheet" href="https://j15a.hasls.com/pc/assets/index.46a97f87.css">
<script type="module">try{import("_").catch(()=>1);}catch(e){}window.__vite_is_dynamic_import_support=true;</script>
<script type="module">!function(){if(window.__vite_is_dynamic_import_support)return;console.warn("vite: loading legacy build because dynamic import is unsupported, syntax error above should be ignored");var e=document.getElementById("vite-legacy-polyfill"),n=document.createElement("script");n.src=e.src,n.onload=function(){System.import(document.getElementById('vite-legacy-entry').getAttribute('data-src'))},document.body.appendChild(n)}();</script>
</head>
<body>
<div id="app" onselectstart="return false">
<div class="app-loading">
<div class="app-loading-wrap">
<div class="app-loading-dots">
<span class="dot dot-spin"><i></i><i></i><i></i><i></i></span>
</div>
<div class="app-loading-title">加载中~</div>
</div>
</div>
</div>
<script nomodule>!function(){var e=document,t=e.createElement("script");if(!("noModule"in t)&&"onbeforeload"in t){var n=!1;e.addEventListener("beforeload",(function(e){if(e.target===t)n=!0;else if(!e.target.hasAttribute("nomodule")||!n)return;e.preventDefault()}),!0),t.type="module",t.src=".",e.head.appendChild(t),t.remove()}}();</script>
<script nomodule id="vite-legacy-polyfill" src="https://j15a.hasls.com/pc/assets/polyfills-legacy.52ee5f32.js"></script>
<script nomodule id="vite-legacy-entry" data-src="https://j15a.hasls.com/pc/assets/index-legacy.98ab12ee.js">System.import(document.getElementById('vite-legacy-entry').getAttribute('data-src'))</script>
</body>
<script async src="https://j15a.hasls.com/pc/js/jumpOfDeviceType.min.js?v=1.0.1"></script>
<script async name="ckplayer" data-name="ckplayer" src="https://j15a.hasls.com/pc/ckplayer/js/ckplayer.min.js?v=1.1.6"></script>
<script async type="text/javascript" src="https://j15a.hasls.com/pc/js/mediainfo.min.js"></script>
<!-- Google tag (gtag.js) -->
<script async src='https://www.googletagmanager.com/gtag/js?id=G-KVLL0S93K7'></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-KVLL0S93K7');
</script>
</html>
Watching the logs of the Proxy are interesting... the first domain I find is And what's annoys me the most... a couple a days ago, I did find the troubled domain, but was so tired I closed the browser without posting the comment with that domain. And now I can't reproduce the process. Logger output
I most setup another proxy or something that will log everything or maybe @smed79 can find it? he is usual good to find things like this? @smed79 are you fresh on giving this a spin? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
What was strange - If I did view page source and saved the page as a HMTL, before it redirected. I'd open it in a browser and it'd redirect. If I removed this part *Loads on a Canda VPN. They must have blocked me 😢 xixue.buzz<title>香港中环,骗艳记txt下载,奔三 性生活,女人能忍受多长的阴茎-免费不要钱看大片神器</title><style mip-custom> #right-sidebar ul li { height: 42px; line-height: 42px; padding: 0px 25px; font-size: 16px; border-bottom: 1px solid #111; border-top: 1px solid #444; text-align: center; } #right-sidebar ul li button { width: 30px; font-size: 22px; background: #2b2b2b; color: #fff; border: 1px solid #2b2b2b; text-align: center; } #right-sidebar ul li a { color: #fff; } #right-sidebar { background: #2b2b2b !important; } ... 持月真由好看番号推荐 持月真由是一位非常出色的AV女优,因为她的长相和身材都非常优秀,深受很多人的喜爱。她的作品也是非常的精彩,今天就为大家推荐一些持月真由好看的番号。番号推荐1:SSNI-312这部作品是持月真由的代表作 寒蝉鸣泣之时在线观看 《寒蝉鸣泣之时在线观看》是一部由日本恐怖小说作家竹宫悠由子所著的小说改编的电影。这部电影于2006年上映,由日本导演三池崇史执导。影片以日本乡村为背景,描绘了一系列关于恐怖之事的故事。剧情简介影片围绕 刺激的sm系列番号推荐 在av界,SM系列是一种很特殊的类型,常常给人留下深刻的印象。它不仅包含了深情的缠绵,还有扣人心弦的刺激与惊险,让很多人爱不释手。下面推荐几部经典的SM系列番号,希望能给你带来不一样的刺激。番号推荐一
网友关注
友情链接:©2025 版权所有 免费不要钱看大片神器 网站地图 声明: 本站部分文章来源于互联网,如有侵犯您的利益 请与本站联系<script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script><script>LA.init({id:"K2bQCSCMtaBNYQuj",ck:"K2bQCSCMtaBNYQuj"})</script> http://{数字字母7}.zuiliu.buzz/ 
|
Beta Was this translation helpful? Give feedback.
1 reply
-
As you can see in mypdns/matrix#126870, I am also experiencing issues loading the page; however, it has provided us with two new NSFW domains. |
Beta Was this translation helpful? Give feedback.
-
|
The placement of the obfuscated js script injected in a non-standard way after the closing eg.
https://yun.y1yun.shop/links/B8B718CB<html><script>
var arg1='8D3C0CB4DC9D4150561F24585551E732947F9C4F';
var _0x4818=function(name, arg1){var _0x3e9e=['c3BsaXQ=','c2xpY2U=','dG9TdHJpbmc=','c2V0VGltZQ==','Z2V0VGltZQ==','Y29va2ll','YWN3X3NjX192Mj0=','O2V4cGlyZXM9','dG9HTVRTdHJpbmc=','O21heC1hZ2U9MzYwMDtwYXRoPS8=','MzAwMDE3NjAwMDg1NjAwNjA2MTUwMTUzMzAwMzY5MDAyNzgwMDM3NQ==','bGVuZ3Ro','am9pbg==','MXw0fDN8MHwy'];(function(_0x2d8f05,_0x4b81bb){var _0x4d74cb=function(_0x32719f){while(--_0x32719f){_0x2d8f05['push'](_0x2d8f05['shift']());}};var _0x33748d=function(){var _0x3e4c21={'data':{'key':'cookie','value':'timeout'},'setCookie':function(_0x5c685e,_0x3e3156,_0x1e9e81,_0x292610){_0x292610=_0x292610||{};var _0x151bd2=_0x3e3156+'='+_0x1e9e81;var _0x558098=0x0;for(var _0x558098=0x0,_0x230f38=_0x5c685e['length'];_0x558098<_0x230f38;_0x558098++){var _0x948b6c=_0x5c685e[_0x558098];_0x151bd2+=';\x20'+_0x948b6c;var _0x29929c=_0x5c685e[_0x948b6c];_0x5c685e['push'](_0x29929c);_0x230f38=_0x5c685e['length'];if(_0x29929c!==!![]){_0x151bd2+='='+_0x29929c;}}_0x292610['cookie']=_0x151bd2;},'removeCookie':function(){return'dev';},'getCookie':function(_0x5dd881,_0x550fbc){_0x5dd881=_0x5dd881||function(_0x18d5c9){return _0x18d5c9;};var _0x4ce2f1=_0x5dd881(new RegExp('(?:^|;\x20)'+_0x550fbc['replace'](/([.$?*|{}()[]\/+^])/g,'$1')+'=([^;]*)'));var _0x333808=function(_0x432180,_0x2ab90b){_0x432180(++_0x2ab90b);};_0x333808(_0x4d74cb,_0x4b81bb);return _0x4ce2f1?decodeURIComponent(_0x4ce2f1[0x1]):undefined;}};var _0x991246=function(){var _0x981158=new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');return _0x981158['test'](_0x3e4c21['removeCookie']['toString']());};_0x3e4c21['updateCookie']=_0x991246;var _0x57b080='';var _0x219af0=_0x3e4c21['updateCookie']();if(!_0x219af0){_0x3e4c21['setCookie'](['*'],'counter',0x1);}else if(_0x219af0){_0x57b080=_0x3e4c21['getCookie'](null,'counter');}else{_0x3e4c21['removeCookie']();}};_0x33748d();}(_0x3e9e,0x176));var _0x1e8e=function(_0x558645,_0x3571ed){_0x558645=_0x558645-0x0;var _0x23d32b=_0x3e9e[_0x558645];if(_0x1e8e['jweSQB']===undefined){(function(){var _0x2a4aae;try{var _0x1ac753=Function('return\x20(function()\x20'+'{}.constructor(\x22return\x20this\x22)(\x20)'+');');_0x2a4aae=_0x1ac753();}catch(_0x267ba9){_0x2a4aae=window;}var _0x22c6cf='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x2a4aae['atob']||(_0x2a4aae['atob']=function(_0xb01b66){var _0x112e38=String(_0xb01b66)['replace'](/=+$/,'');for(var _0x315811=0x0,_0x196945,_0x8ee65b,_0x111e6b=0x0,_0x2a5e7f='';_0x8ee65b=_0x112e38['charAt'](_0x111e6b++);~_0x8ee65b&&(_0x196945=_0x315811%0x4?_0x196945*0x40+_0x8ee65b:_0x8ee65b,_0x315811++%0x4)?_0x2a5e7f+=String['fromCharCode'](0xff&_0x196945>>(-0x2*_0x315811&0x6)):0x0){_0x8ee65b=_0x22c6cf['indexOf'](_0x8ee65b);}return _0x2a5e7f;});}());_0x1e8e['VidPVs']=function(_0x539abf){var _0x126fa5=atob(_0x539abf);var _0x54d768=[];for(var _0x3d3645=0x0,_0x4289fc=_0x126fa5['length'];_0x3d3645<_0x4289fc;_0x3d3645++){_0x54d768+='%'+('00'+_0x126fa5['charCodeAt'](_0x3d3645)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0x54d768);};_0x1e8e['BXvRsu']={};_0x1e8e['jweSQB']=!![];}var _0x436197=_0x1e8e['BXvRsu'][_0x558645];if(_0x436197===undefined){var _0x4f4121=function(_0x5e2adc){this['nlcXFw']=_0x5e2adc;this['HAmvBE']=[0x1,0x0,0x0];this['YFWLey']=function(){return'newState';};this['YpNXEl']='\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*';this['JsKhOp']='[\x27|\x22].+[\x27|\x22];?\x20*}';};_0x4f4121['prototype']['pzRiIQ']=function(){var _0x3e581e=new RegExp(this['YpNXEl']+this['JsKhOp']);var _0x13a005=_0x3e581e['test'](this['YFWLey']['toString']())?--this['HAmvBE'][0x1]:--this['HAmvBE'][0x0];return this['gaiPha'](_0x13a005);};_0x4f4121['prototype']['gaiPha']=function(_0x1e6387){if(!Boolean(~_0x1e6387)){return _0x1e6387;}return this['hpKQFb'](this['nlcXFw']);};_0x4f4121['prototype']['hpKQFb']=function(_0x20dc19){for(var _0x19d402=0x0,_0x5a3818=this['HAmvBE']['length'];_0x19d402<_0x5a3818;_0x19d402++){this['HAmvBE']['push'](Math['round'](Math['random']()));_0x5a3818=this['HAmvBE']['length'];}return _0x20dc19(this['HAmvBE'][0x0]);};new _0x4f4121(_0x1e8e)['pzRiIQ']();_0x23d32b=_0x1e8e['VidPVs'](_0x23d32b);_0x1e8e['BXvRsu'][_0x558645]=_0x23d32b;}else{_0x23d32b=_0x436197;}return _0x23d32b;};var _0x52bd4a=function(){var _0x56121a=!![];return function(_0x215040,_0x309e1a){var _0x23d8c2=_0x56121a?function(){if(_0x309e1a){var _0x1d7a3f=_0x309e1a['apply'](_0x215040,arguments);_0x309e1a=null;return _0x1d7a3f;}}:function(){};_0x56121a=![];return _0x23d8c2;};}();var _0x1297ed=_0x52bd4a(this,function(){var _0x31f094=function(){return'\x64\x65\x76';},_0x114f69=function(){return'\x77\x69\x6e\x64\x6f\x77';};var _0x21d55e=function(){var _0x4b4425=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return!_0x4b4425['\x74\x65\x73\x74'](_0x31f094['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};var _0x2328d0=function(){var _0x56d0ca=new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');return _0x56d0ca['\x74\x65\x73\x74'](_0x114f69['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};var _0x29c9ca=function(_0x523426){var _0x17ebab=~-0x1>>0x1+0xff%0x0;if(_0x523426['\x69\x6e\x64\x65\x78\x4f\x66']('\x69'===_0x17ebab)){_0x442ac7(_0x523426);}};var _0x442ac7=function(_0x10471a){var _0x4d91ed=~-0x4>>0x1+0xff%0x0;if(_0x10471a['\x69\x6e\x64\x65\x78\x4f\x66']((!![]+'')[0x3])!==_0x4d91ed){_0x29c9ca(_0x10471a);}};if(!_0x21d55e()){if(!_0x2328d0()){_0x29c9ca('\x69\x6e\x64\u0435\x78\x4f\x66');}else{_0x29c9ca('\x69\x6e\x64\x65\x78\x4f\x66');}}else{_0x29c9ca('\x69\x6e\x64\u0435\x78\x4f\x66');}});_0x1297ed();var posList=[0xf,0x23,0x1d,0x18,0x21,0x10,0x1,0x26,0xa,0x9,0x13,0x1f,0x28,0x1b,0x16,0x17,0x19,0xd,0x6,0xb,0x27,0x12,0x14,0x8,0xe,0x15,0x20,0x1a,0x2,0x1e,0x7,0x4,0x11,0x5,0x3,0x1c,0x22,0x25,0xc,0x24];var mask=_0x1e8e('0x0');var outPutList=[];var arg2='';var arg3='';for(var i=0x0;i<arg1[_0x1e8e('0x1')];i++){var this_i=arg1[i];for(var j=0x0;j<posList[_0x1e8e('0x1')];j++){if(posList[j]==i+0x1){outPutList[j]=this_i;}}}arg2=outPutList[_0x1e8e('0x2')]('');for(var i=0x0;i<arg2[_0x1e8e('0x1')]&&i<mask[_0x1e8e('0x1')];i+=0x2){var GxjQsM=_0x1e8e('0x3')[_0x1e8e('0x4')]('|'),QoWazb=0x0;while(!![]){switch(GxjQsM[QoWazb++]){case'0':if(xorChar[_0x1e8e('0x1')]==0x1){xorChar='0'+xorChar;}continue;case'1':var strChar=parseInt(arg2[_0x1e8e('0x5')](i,i+0x2),0x10);continue;case'2':arg3+=xorChar;continue;case'3':var xorChar=(strChar^maskChar)[_0x1e8e('0x6')](0x10);continue;case'4':var maskChar=parseInt(mask[_0x1e8e('0x5')](i,i+0x2),0x10);continue;}break;}}var expiredate=new Date();expiredate[_0x1e8e('0x7')](expiredate[_0x1e8e('0x8')]()+0xe10*0x3e8);var theHost=location.host,theHostSplit=theHost.split("."),theHostSplitLength=theHostSplit.length;!/^(\d+\.)*\d+$/.test(theHost)&&theHostSplitLength>2&&("com.cn"!=(theHost=theHostSplit[theHostSplitLength-2]+"."+theHostSplit[theHostSplitLength-1])&&"gov.cn"!=theHost&&"org.cn"!=theHost&&"net.cn"!=theHost&&"com.my"!=theHost||(theHost=theHostSplit[theHostSplitLength-3]+"."+theHost));document[_0x1e8e('0x9')]=_0x1e8e('0xa')+arg3+_0x1e8e('0xb')+expiredate[_0x1e8e('0xc')]()+_0x1e8e('0xd')+';domain='+theHost;}
_0x4818("acw_sc__v2", arg1);document.location.reload()
</script></html>
https://6pq.cc<!DOCTYPE html>
<html><head>
<!--link rel="shortcut icon" href="logo.ico"-->
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>开云游戏</title>
<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0;">
<meta name="robots" content="noindex, nofollow, nosnippet">
<meta name="googlebot" content="noindex, nofollow, nosnippet">
<meta name="baiduspider" content="noindex, nofollow, nosnippet">
<meta name="sogou spider" content="noindex, nofollow, nosnippet">
<meta name="360spider" content="noindex, nofollow, nosnippet">
<meta name="shenma spider" content="noindex, nofollow, nosnippet">
<script type="text/javascript" src="static/js/lianjie.js"></script>
<style>
body {
text-align: center;
padding: 0;
margin: 0;
top: 0;
bottom: 0;
background: #16161a;
font-family: Arial, Helvetica, sans-serif, YouYuan, "Microsoft YaHei"
}
img {
border: 0;
text-align: center;
display: flex;
display: block;
justify-content: center;
}
.toolsx7_fnameContent {
width: 218px;
height: 560px;
position: absolute;
left: 0;
right: 0;
margin: auto
}
.toolsx7center {
text-align: center;
color: #ecc687;
font-size: 25px
}
.textStyle {
color: #fff;
margin: 0 0 50px 0;
line-height: 25px
}
.textStyle a {
color: #ff0
}
a {
text-decoration: none
}
.btnList a {
background-image: linear-gradient(to right,#cc1c1c,#fda246);
width: 229px;
height: 50px;
float: left;
margin-bottom: 20px;
text-align: center;
line-height: 50px;
font-size: 20px;
color: #FFFFFF;
border-radius: 8px;
-moz-border-radius: 8px;
-ms-border-radius: 8px;
-o-border-radius: 8px;
-webkit-border-radius: 8px;
transition: background .5s;
-moz-transition: background .5s;
-webkit-transition: background .5s;
-o-transition: background .5s
}
.btnListb a {
background-image: linear-gradient(to right,#7c1bb9,#169eff);
width: 229px;
height: 50px;
float: left;
margin-bottom: 20px;
text-align: center;
line-height: 50px;
font-size: 20px;
color: #FFFFFF;
border-radius: 8px;
-moz-border-radius: 8px;
-ms-border-radius: 8px;
-o-border-radius: 8px;
-webkit-border-radius: 8px;
transition: background .5s;
-moz-transition: background .5s;
-webkit-transition: background .5s;
-o-transition: background .5s
}
.btnListc a {
background-image: linear-gradient(90deg, rgba(41,29,12,1) 0%, rgba(189,85,16,1) 50%, rgba(240,107,40,1) 100%);
width: 229px;
height: 50px;
float: left;
margin-bottom: 20px;
text-align: center;
line-height: 50px;
font-size: 20px;
color: #FFFFFF;
border-radius: 8px;
-moz-border-radius: 8px;
-ms-border-radius: 8px;
-o-border-radius: 8px;
-webkit-border-radius: 8px;
transition: background .5s;
-moz-transition: background .5s;
-webkit-transition: background .5s;
-o-transition: background .5s
}
.btnList365 a {
background: linear-gradient(90deg, rgba(2,0,36,1) 0%, rgba(9,121,105,1) 50%, rgba(0,212,255,1) 100%);
width: 229px;
height: 50px;
float: left;
margin-bottom: 20px;
text-align: center;
line-height: 50px;
font-size: 20px;
color: #FFFFFF;
border-radius: 8px;
-moz-border-radius: 8px;
-ms-border-radius: 8px;
-o-border-radius: 8px;
-webkit-border-radius: 8px;
transition: background .5s;
-moz-transition: background .5s;
-webkit-transition: background .5s;
-o-transition: background .5s
}
.clear {
clear: both
}
.toolsx7logo {
padding-top: 4px;
padding-left: 15px;
display: block;
width: 86px;
margin: 0;
display: flex;
text-align: center;
justify-content: center;
}
.toolsx7logo {
margin: 2% auto 2%;
display: flex;
text-align: center;
display: flex;
justify-content: center;
}
.toolsx7logo img {
margin: 0 auto
display: flex;
text-align: center;
text-align: center;
display: flex;
justify-content: center;
}
.toolsx8logo {
padding-top: 1px;
padding-left: 15px;
display: block;
width: 86px;
margin: 0;
display: flex;
text-align: center;
justify-content: center;
}
.toolsx8logo {
margin: 1% auto 1%;
display: flex;
text-align: center;
display: flex;
justify-content: center;
}
.toolsx8logo img {
margin: 0 auto;
display: flex;
text-align: center;
text-align: center;
display: flex;
justify-content: center;
}
.btnList a img {
float: left;
margin: 3px 10px 0 20px
}
linear-gradient(90deg, #e78846, #d58249) .btnList a span {
float: left
}
.m40 {
margin-right: 39px
}
.btnList .bhui {
background: #494949
}
.btnList a:hover {
background-image: linear-gradient(to left,#cc1c1c,#fda246);
color: #F8F8F8;
box-shadow: 0 0 5px #fff;
-webkit-box-shadow: 0 0 5px #fff;
-moz-box-shadow: 0 0 5px #fff;
-ms-box-shadow: 0 0 5px #fff;
-o-box-shadow: 0 0 5px #fff
}
.btnListb a:hover {
background-image: linear-gradient(to left,#7c1bb9,#169eff);
color: #F8F8F8;
box-shadow: 0 0 5px #fff;
-webkit-box-shadow: 0 0 5px #fff;
-moz-box-shadow: 0 0 5px #fff;
-ms-box-shadow: 0 0 5px #fff;
-o-box-shadow: 0 0 5px #fff
}
.btnListc a:hover {
background-image: linear-gradient(270deg, rgba(41,29,12,1) 0%, rgba(189,85,16,1) 50%, rgba(240,107,40,1) 100%);
color: #F8F8F8;
box-shadow: 0 0 5px #fff;
-webkit-box-shadow: 0 0 5px #fff;
-moz-box-shadow: 0 0 5px #fff;
-ms-box-shadow: 0 0 5px #fff;
-o-box-shadow: 0 0 5px #fff
}
.btnList365 a:hover {
background: linear-gradient(270deg, rgba(2,0,36,1) 0%, rgba(9,121,105,1) 50%, rgba(0,212,255,1) 100%);
color: #F8F8F8;
box-shadow: 0 0 5px #fff;
-webkit-box-shadow: 0 0 5px #fff;
-moz-box-shadow: 0 0 5px #fff;
-ms-box-shadow: 0 0 5px #fff;
-o-box-shadow: 0 0 5px #fff
}
.toolsx7footerStyle {
padding-top: 20px;
text-align: center;
color: #a2a2a2;
font-size: 14px
}
.relative {
position: relative
}
.phoneClass {
position: absolute;
right: -150px;
top: -105px;
display: none
}
.phoneClassHover:hover img {
display: block
}
.newbet365 {
position: absolute;
right: 0;
top: 0
}
.tishi {
color:#ebbb4d;
font-family:SimSun;
}
</style></head>
<body>
<div class="toolsx7_fnameContent"><br>
<!-- 开云官方直营品牌 -->
<div class="toolsx8logo toolsx7center"><img onclick="ky_service()" src="static/picture/365 2.png" alt="开云体育"></div>
<!-- LOGO图 -->
<div class="toolsx7logo toolsx7center"><img onclick="jy_fun1()" src="static/picture/xpj.png" alt="九游娱乐"></div><br>
<div class="toolsx8logo toolsx7center"><img onclick="ayx_fun()" src="static/picture/wns.png" alt="爱游戏"></div>
<!-- 九游娱乐 -->
<div class="btnList">
<!-- <a href="https://www.{REG_M_1}/appDownload/" class="m40" target="_blank"><b>下载官方APP</b></a> -->
<a href="javascript:void(0)" onclick="jy_fun1()" class="m40" target="_blank"><b>九游娱乐 平台入口</b></a>
</div>
<!-- 开云体育 -->
<div class="btnListb">
<a href="javascript:void(0)" onclick="ky_service()" class="m40" target="_blank"><b>开云体育 平台入口</b></a>
<div class="clear"></div>
</div>
<!-- >爱游戏 -->
<div class="btnListc">
<a href="javascript:void(0)" onclick="ayx_fun()" class="m40" target="_blank"><b>爱游戏 平台入口</b></a>
<!--<div class="clear"></div>-->
</div>
<div>
<h5 class="tishi">活动:九游娱乐开业盛典,注册绑定即可领取28好运金 </h5>
<div class="clear"></div>
</div>
<!-- 二维码
-->
<!-- 版权所有小字 -->
<div class="toolsx7footerStyle">© 2024 开云体育 爱游戏 九游娱乐 版权所有</div>
</div>
</body></html>below a list of domains i found with the same redirection to https://g7.xuxe3.com/ |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
Thanks @smed79 I don't know how you are doing this, but I have to invite you over for a coffee someday to show me 😃 Next question might be, should we consider that list as malicious or victims., the domain names indicates malicious to me |
Beta Was this translation helpful? Give feedback.
-
|
I am with maliciously, until proven the opposite. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
xixue.buzz[Source] →jasu8.com[Redirect] →gxtu9.com[Porn]xixue.buzzchecks for this filehttps://ziyuan.baidu.com/image.gif. Since the file does not exist, it executes this:var u='26548D3%diF3%F2%moc.8usaj.wwwF2%F2%A3%sptth';Reverse that text
'http%sA2%2Fwww.jasu8.com%2F3Fi%3D84D56'→http://www.jasu8.com/?id=3D548Downloading the
xixue.buzzindex file appears to grab a different html file, almost every time. So far I have been unable to get the one that loads when a browser opens it.Beta Was this translation helpful? Give feedback.
All reactions