瑞星卡卡安全论坛

首页 » 技术交流区 » 恶意网站交流 » 可疑URL 2
09kaka - 2009-6-3 13:35:00
http://nstarbilimteknoloji.blogcu.com

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; CIBA; .NET CLR 2.0.50727)
networkedition - 2009-6-3 13:46:00
Log is generated by FreShow.
[wide]http://nstarbilimteknoloji.blogcu.com
    [script]http://www.blogcu.com/include/urchin.js
    [frame]http://www.blogcu.com/blogbar.php?loc=index&wc_id=6&theme_no=1&email=
        [frame]http://www.blogcu.com/virgul.php?theme_name=blue
            [script]http://rek.nokta.com/rksun/adx.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://pagead2.googlesyndication.com/pagead/show_ads.js
    [script]http://www.onlineziyaretci.com/sayac.php?userid=17023
    [script]http://www.trlinklist.com/sayac.php?site=284&ikon=2
        [frame]http://www.trlinklist.com/?site=284&ikon=2&fp=kXHnDH0xDZIfzlzX%2BE1dqsQFX97DIRRXHlTjhuUMrEP5tnA9BuAMxDx1XGnld%2BbSWyxirWtWrRNTn%2FXwzoj5hwbARPQE3TbqaOatnbK8JV2F0fQehbWEB23zXUEWOnKkBU1S&foiffs=in100fweg
            [script]http://js.ztomy.com/templates.php
    [script]http://www.toplist99.com/log.php?id=5406&bid=22
    [script]http://www.blogcu.com/kaynak/js/statik/virgulBar.js
    [script]http://vrs.virgul.com/js/blogcheck.php
    [script]http://www.trlist.gen.tr/log.php?id=17746&bid=2
    [script]http://logo.webservis.gen.tr/w.js
    [script]http://www.tr100.net/banner4.js
    [script]http://www.blogcu.com/kaynak/js/statik/virgulBar.js
    [script]http://vrs.virgul.com/js/blogcheck.php
09kaka - 2009-6-3 13:59:00
哎呀 结论是没毒吧 看不太懂=_=|||
networkedition - 2009-6-3 14:03:00
未被挂马:kaka11:
09kaka - 2009-6-3 16:29:00
http://ita.awardspace.com/promotores/

http://health.china228.com/china228_Manage_health/vote/votedy.asp?id=12&tablenum=1
networkedition - 2009-6-3 16:50:00
Log is generated by FreShow.
[wide]http://health.china228.com/china228_Manage_health/vote/votedy.asp?id=12&tablenum=1
    [script]http://cn.daxia123.cn/cn.js
    [script]http://cn.daxia123.cn/cn.js
    [script]http://3b3.org/c.js
        [frame]http://hh445f.8866.org/a/a100.htm
            [frame]http://hh445f.8866.org/a/163.htm
                [frame]http://hh445f.8866.org/a/ggqm.htm
                    [object]http://al2mckdf520.cn/atievx.exe
                [script]http://hh445f.8866.org/a/js.js
                    [frame]http://hh445f.8866.org/a/gg14.htm
                        [script]http://hh445f.8866.org/a/14.js
                            [object]http://woaini23456.com/web/xp.exe
                        [script]http://hh445f.8866.org/a/15.js
                        [script]http://hh445f.8866.org/a/16.js
                    [frame]http://hh445f.8866.org/a/ggfl.htm
                    [frame]http://hh445f.8866.org/a/ggff.htm
                    [frame]http://hh445f.8866.org/a/z.htm
                    [frame]http://hh445f.8866.org/a/ggvod.htm
                    [frame]http://hh445f.8866.org/a/ytxxz.htm
                    [frame]http://hh445f.8866.org/a/gglb.htm
                    [frame]http://hh445f.8866.org/a/ggr.htm
            [script]http://hh445f.8866.org/a/\"http:\/\/js.tongji.cn.yahoo.com\/1083501\/ystat.js\"
            [script]http://s31.cnzz.com/stat.php?id=1408284&web_id=1408284
        [frame]http://hh445f.8866.org/a/a100.htm
        [script]http://3b3.org/\"http:\/\/js.tongji.cn.yahoo.com\/908507\/ystat.js\"
        [script]http://3b3.org/\"http:\/\/js.tongji.linezing.com\/1136402\/tongji.js\"
    [script]http://cn.daxia123.cn/cn.js
    [script]http://3b3.org/c.js
    [script]http://cn.daxia123.cn/cn.js
    [script]http://3b3.org/c.js
    [script]http://cn.daxia123.cn/cn.js
    [script]http://3b3.org/c.js
    [script]http://cn.daxia123.cn/cn.js
    [script]http://3b3.org/c.js
竹本无ベ - 2009-6-3 16:53:00
关于:hxxp://ita.awardspace.com/promotores/解密的日志(全体输出 -  2):

Level  0>http://ita.awardspace.com/promotores/
Level  1>http://traff-sale.cn/tds/in.cgi?default?+math.round

网页分析:cchao21(打点的均为真实木马地址)

关于:hxxp://health.china228.com/china228_Manage_health/vote/votedy.asp?id=12&tablenum=1解密的日志(全体输出 -  22):

Level  0>http://health.china228.com/china228_Manage_health/vote/votedy.asp?id=12&tablenum=1
Level  1>http://3b3.org/c.js
Level  2>http://js.tongji.linezing.com/1136402/tongji.js
Level  2>http://hh445f.8866.org/a/a100.htm
Level  3>http://s31.cnzz.com/stat.php?id=1408284&web_id=1408284
Level  3>http://hh445f.8866.org/a/163.htm
Level  4>http://hh445f.8866.org/a/js.js
Level  5>http://hh445f.8866.org/a/ggr.htm
Level  6>http://hh445f.8866.org/a/real1.js
Level  6>http://hh445f.8866.org/a/real.js
Level  6>http://hh445f.8866.org/a/turl.js
Level  7>http://woaini23456.com/web/xp.exe  ●
Level  5>http://hh445f.8866.org/a/gglb.htm
Level  5>http://hh445f.8866.org/a/ytxxz.htm
Level  5>http://hh445f.8866.org/a/ggvod.htm
Level  5>http://hh445f.8866.org/a/z.htm
Level  5>http://hh445f.8866.org/a/ggff.htm
Level  5>http://hh445f.8866.org/a/ggfl.htm
Level  5>http://hh445f.8866.org/a/gg14.htm
Level  4>http://hh445f.8866.org/a/ggqm.htm
Level  5>http://al2mckdf520.cn/atievx.exe  ●
Level  1>http://cn.daxia123.cn/cn.js

网页分析:cchao21(打点的均为真实木马地址)
清水_无忧 - 2009-6-3 17:47:00
http://nstarbilimteknoloji.blogcu.com:kaka2: 网页行为较为奇怪
health.china228.com/china228_Manage_health/vote/votedy.asp?id=12&tablenum=1这个页面中包含了瑞星可以拦截的恶意页面
AUTO>http://cn.daxia123.cn/cn.js
AUTO>http://3b3.org/c.js
AUTO>http://hh445f.8866.org/a/a100.htm
AUTO>http://hh445f.8866.org/a/163.htm
AUTO>http://hh445f.8866.org/a/ggqm.htm
AUTO>http://hh445f.8866.org/a/js.js
AUTO>http://hh445f.8866.org/a/gg14.htm
AUTO>http://hh445f.8866.org/a/ggfl.htm
AUTO>http://hh445f.8866.org/a/ggff.htm
AUTO>http://hh445f.8866.org/a/z.htm
AUTO>http://hh445f.8866.org/a/ggvod.htm
AUTO>http://hh445f.8866.org/a/ytxxz.htm
AUTO>http://hh445f.8866.org/a/gglb.htm
AUTO>http://hh445f.8866.org/a/ggr.htm
AUTO>http://hh445f.8866.org/a/14.js
AUTO>http://woaini23456.com/web/xp.exe:kaka7:
AUTO>http://hh445f.8866.org/a/15.js
AUTO>http://hh445f.8866.org/a/16.js
AUTO>http://hh445f.8866.org/a/1111111111.swf
AUTO>http://hh445f.8866.org/a/ff.js
AUTO>http://hh445f.8866.org/a/do.css
AUTO>http://hh445f.8866.org/a/z.css
AUTO>http://hh445f.8866.org/a/ggvod.js
AUTO>http://hh445f.8866.org/a/e.css
AUTO>http://hh445f.8866.org/a/turl.js
AUTO>http://hh445f.8866.org/a/real.js
AUTO>http://hh445f.8866.org/a/real1.js
1
查看完整版本: 可疑URL 2
© 2000 - 2024 Rising Corp. Ltd.