前面访问 baidu.com 被劫持到
http://9v.c1o1.com/bb/
还有
http://9v.c1o1.com/bbd/
页面内容是通过一段Javascript代码,带上推广代码,然后跳转到baidu.com
代码如下,居然还带有对不同UA的处理。
<script language="javascript">
//window.open("","_top").opener = null;
//document.location = "http://www.baidu.com/s?word=&tn=93278052_hao_pg&ie=utf-8";
(function () {
function __goto(u) {
if (!u)return;
if (window.bnavigate && typeof(window.bnavigate) == "function") bnavigate(u);
var ua = navigator.userAgent.toLowerCase();
if (ua.indexOf('applewebkit') > 0) {
var h = document.createElement('a');
h.rel = 'noreferrer';
h.target = '_self';
h.href = u;
/*document.body.appendChild(h);*/
var evt = document.createEvent('MouseEvents');
evt.initEvent('click', true, true);
h.dispatchEvent(evt);
} else {
var objMeta = document.createElement('META');
objMeta.setAttribute('http-equiv', 'refresh');
objMeta.setAttribute('content', "0; url='" + u + "'");
document.getElementsByTagName("head")[0].appendChild(objMeta);
document.writeln('<meta http-equiv="Refresh" Content="0; Url=' + u + '" >');
}
}
__goto("http://www.baidu.com/s?word=&tn=96162016_hao_pg&ie=utf-8");
})()
</script>