影视帝国被挂马？？

jiffy

进去江民狂报。

地址：
hxxp://bt2.cnxp.com/

[ 本帖最后由 jiffy 于 2008-9-16 23:24 编辑 ]

molicn

稍后。我来了。
发现ARP 挂马
Log is generated by FreShow.
[wide]http://bt2.cnxp.com/
    [frame]http://www.591caobi.cn/d2/zz2.htm?arp
    [script]http://bt2.cnxp.com/js/main.js
    [script]http://bt2.cnxp.com/js/output.js
    [frame]http://bt2.cnxp.com/gg/bt2tom.htm
    [script]http://bt2.cnxp.com/js/topNavigate.js
    [frame]http://bt2.cnxp.com/gg/bt2heng4.htm
    [frame]http://bt2.cnxp.com/\"http://bt2.cnxp.com/gg/bt2heng2.htm\"
    [frame]http://bt2.cnxp.com/gg/bt2heng3.htm
    [script]http://bt2.cnxp.com/admin/js/class.js
    [script]http://bt2.cnxp.com/admin/top.js
    [script]http://bt2.cnxp.com/js/key_word.js
    [script]http://bt2.cnxp.com/js/page.js
    [script]http://s17.cnzz.com/stat.php?id=3275&web_id=3275
    [script]http://w.cnzz.com/c.php?id=30003980&l=2
    [script]http://js.tongji.yahoo.com.cn/1/255/372/ystat.js
    [script]http://bt2.cnxp.com/gg/wFloat.js
    [frame]http://bt2.cnxp.com/\"http://bt2.cnxp.com/gg/bt2heng1.htm\"
        [frame]http://www.591caobi.cn/d2/zz2.htm?arp
    [frame]http://bt2.cnxp.com/\"http://bt2.cnxp.com/gg/bt2heng2.htm\"

稍等，详细分析

相关 www.591caobi.cn 信息

whois
Domain Name: 591caobi.cn
ROID: 20080911s10001s66843666-cn
Domain Status: clientTransferProhibited
Registrant Organization: 杨二爷
Registrant Name: 管理人
Sponsoring Registrar: 北京宏网神州科技发展有限公司
Name Server:ns.ourhost.com.cn
Name Server:ns1.ourhost.com.cn
Registration Date: 2008-09-11 12:08
Expiration Date: 2009-09-11 12:08

Email:  mailto:3592783@163.com
Querying whois.arin.net for 58.211.75.32...
OrgName:    Asia Pacific Network Information Centre
OrgID:      APNIC
Address:    PO Box 2131
City:       Milton
StateProv:  QLD
PostalCode: 4064
Country:    AU
ReferralServer: whois://whois.apnic.net
NetRange:   58.0.0.0 - 58.255.255.255
CIDR:       58.0.0.0/8
NetName:    APNIC-58
NetHandle:  NET-58-0-0-0-1
Parent:     
NetType:    Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.NET
NameServer: NS-SEC.RIPE.NET
Comment:    This IP address range is not registered in the ARIN database.
Comment:    For details, refer to the APNIC Whois Database via
Comment:    WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment:    ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment:    for the Asia Pacific region. APNIC does not operate networks
Comment:    using this IP address range and is not able to investigate
Comment:    spam or abuse reports relating to these addresses. For more
Comment:    help, refer to http://www.apnic.net/info/faq/abuse
RegDate:    2004-05-04
Updated:    2005-05-20
OrgTechHandle: AWC12-ARIN
OrgTechName:   APNIC Whois Contact
OrgTechPhone:  +61 7 3858 3188
OrgTechEmail:   mailto:search-apnic-not-arin@apnic.net
# ARIN WHOIS database, last updated 2008-09-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Querying whois.apnic.net for 58.211.75.32...
% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
inetnum:      58.208.0.0 - 58.223.255.255
netname:      CHINANET-JS
descr:        CHINANET jiangsu province network
descr:        China Telecom
descr:        A12,Xin-Jie-Kou-Wai Street
descr:        Beijing 100088
country:      CN
admin-c:      CH93-AP
tech-c:       CJ186-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CHINANET-JS
mnt-routes:   MAINT-CHINANET-JS
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      This object can only be updated by APNIC hostmasters.
remarks:      To update this object, please contact APNIC
remarks:      hostmasters and include your organisation's account
remarks:      name in the subject line.
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
status:       ALLOCATED PORTABLE
changed:       mailto:hm-changed@apnic.net 20050624
source:       APNIC
role:         CHINANET JIANGSU
address:      No.268,Hanzhong Road,Nanjing 210029
country:      CN
phone:        +86-25-6588783
fax-no:       +86-25-6588740
e-mail:        mailto:ip@jsinfo.net
trouble:      send anti-spam reports to  mailto:spam@jsinfo.net
trouble:      send abuse reports to  mailto:abuse@jsinfo.net
trouble:      times in GMT+8
admin-c:      CH360-AP
tech-c:       CS306-AP
tech-c:       CN142-AP
nic-hdl:      CJ186-AP
remarks:      www.jsinfo.net
notify:        mailto:ip@jsinfo.net
mnt-by:       MAINT-CHINANET-JS
changed:       mailto:dns@ptt.js.cn 20020530
changed:       mailto:ip@jsinfo.net 20021213
source:       APNIC
person:       Chinanet Hostmaster
nic-hdl:      CH93-AP
e-mail:        mailto:anti-spam@ns.chinanet.cn.net
address:      No.31 ,jingrong street,beijing
address:      100032
phone:        +86-10-58501724
fax-no:       +86-10-58501724
country:      CN
changed:       mailto:dingsy@cndata.com 20070416
mnt-by:       MAINT-CHINANET
source:       APNIC

[ 本帖最后由 molicn 于 2008-9-16 23:36 编辑 ]

jiffy

麻烦发个包啊！

浪滔天

好像没有了~~