hxxp://www.esnai.com [未挂马] [by aarwwefdds]

dw1fox

http://www.esnai.com/

Found noting
by aarwwefdds

1. 关于:hxxp://www.esnai.com/解密的日志(全体输出-  48):
   
2. 
   
3. Level 0>http://www.esnai.com/
   
4. Level 1>http://www.esnai.net/stat/stat.js
   
5. Level 1>http://biz.esnai.com/asp/banner/gsbanner.asp?userid=333&groupid=94&sizeid=100&bw=780&bh=95&bf=10
   
6. Level 1>http://chat8.live800.com/live800/chatclient/monitor.js?jid=4633907571&companyid=72474&configid=91580&codetype=custom
   
7. Level 2>http://chat8.live800.com/live800/chatclient/a
   
8. Level 2>http://chat8.live800.com/live800/chatclient/live800/draw_inner_page.js
   
9. Level 3>http://chat8.live800.com/live800/chatclient/live800/a
   
10. Level 4>http://chat8.live800.com/live800/chatclient/live800/live800/draw_inner_page.js
    
11. Level 5>http://chat8.live800.com/live800/chatclient/live800/live800/a
    
12. Level 5>http://chat8.live800.com/live800/chatclient/live800/live800/live800/draw_inner_page.js
    
13. Level 5>http://chat8.live800.com/live800/chatclient/live800/live800/live800/menu_url.js
    
14. Level 4>http://chat8.live800.com/live800/chatclient/live800/live800/menu_url.js
    
15. Level 2>http://chat8.live800.com/live800/chatclient/live800/menu_url.js
    
16. Level 1>http://chat8.live800.com/live800/chatclient/staticbutton.js?jid=4633907571&companyid=72474&configid=92750&codetype=steady2
    
17. Level 1>http://weather.265.com/weather.htm
    
18. Level 2>http://weather.265.com/lookupcity
    
19. Level 3>http://weather.265.com/time.htm
    
20. Level 3>http://weather.265.com/livenews/news.htm
    
21. Level 3>http://weather.265.com/images/logo_google_0708.gif
    
22. Level 3>http://weather.265.com/js/265_c26af4.js
    
23. Level 4>http://weather.265.com/js/time.htm
    
24. Level 5>http://weather.265.com/js/livenews/news.htm
    
25. Level 6>http://weather.265.com/js/livenews/time.htm
    
26. Level 6>http://weather.265.com/js/livenews/livenews/news.htm
    
27. Level 6>http://weather.265.com/js/livenews/images/dslogo.gif/
    
28. Level 6>http://weather.265.com/js/livenews/js/265_c26af4.js
    
29. Level 5>http://weather.265.com/js/images/dslogo.gif/
    
30. Level 5>http://weather.265.com/js/js/265_c26af4.js
    
31. Level 2>http://weather.265.com/js/jslib_0503.js
    
32. Level 1>http://biz.esnai.com/asp/banner/gsbanner.asp?userid=333&groupid=141&sizeid=100&bw=130&bh=181&bf=1
    
33. Level 1>http://biz.esnai.com/asp/banner/txtlinktemplate.asp?tempid=34&userid=333&groupid=213
    
34. Level 1>http://biz.esnai.com/asp/banner/txtlinktemplate.asp?tempid=32&userid=333&groupid=211
    
35. Level 1>http://biz.esnai.com/asp/banner/txtlinktemplate.asp?tempid=33&userid=333&groupid=212
    
36. Level 1>http://static.googleadsserving.cn/pagead/imgad?id=ckv66bok49jhchctarhqmghs_8pubgfxzw
    
37. Level 1>http://static.googleadsserving.cn/pagead/imgad?id=cotg_es9yrjjchctarhqmgg4xx3uehyiza
    
38. Level 1>http://static.googleadsserving.cn/pagead/imgad?id=clb3gt6yk8tbpgeqrqeyudiilougrytol78
    
39. Level 1>http://static.googleadsserving.cn/pagead/imgad?id=cio6q57xxpefxbctarhqmgheouesboulkw
    
40. Level 1>http://static.googleadsserving.cn/pagead/imgad?id=coeaq87j-p_ynxctarhqmghzgqn8ez3xnw
    
41. Level 1>http://www.esnai.com/passport/func.js
    
42. Level 1>http://club.esnai.com/biz/mid_2007.htm
    
43. Level 2>http://biz.esnai.com/asp/banner/txtlinktemplate.asp?tempid=13&userid=333&groupid=143
    
44. Level 2>http://biz.esnai.com/asp/banner/txtlinktemplate.asp?tempid=29&userid=333&groupid=191
    
45. Level 2>http://partner.googleadservices.com/gampad/google_service.js
    
46. Level 3>http://partner.googleadservices.com/gampad/google_ads.js
    
47. Level 3>http://partner.googleadservices.com/gampad/+j+
    
48. Level 1>http://club.esnai.com/js/overdesclib.js
    
49. Level 1>http://www.esnai.com/headlogincookie.asp?loginfrom=
    
50. Level 1>http://www.esnai.com/images/finance
    

复制代码

层数太多，不继续往下解了，如果挂马不会挂那么深..
并且在分析时发现IFRAME width="0" height="0"代码
这会引起小红伞误报
因此结论为未挂马
如果发现不对请联系我

[ 本帖最后由 jimmyleo 于 2008-12-19 12:35 编辑 ]

cs_virus

好象没有检测到任何东西.

KOI9009

红伞 启发HEUR/HTML.Malware [heuristic]

250662772

可能误报，我直接进去，没反应

雨宫优子

IFRAME width="0" height="0"
典型的引起误报的东西
Found noting
关于:hxxp://www.esnai.com/解密的日志(全体输出-  48):

Level 0>http://www.esnai.com/
Level 1>http://www.esnai.net/stat/stat.js
Level 1>http://biz.esnai.com/asp/banner/gsbanner.asp?userid=333&groupid=94&sizeid=100&bw=780&bh=95&bf=10
Level 1>http://chat8.live800.com/live800/chatclient/monitor.js?jid=4633907571&companyid=72474&configid=91580&codetype=custom
Level 2>http://chat8.live800.com/live800/chatclient/a
Level 2>http://chat8.live800.com/live800/chatclient/live800/draw_inner_page.js
Level 3>http://chat8.live800.com/live800/chatclient/live800/a
Level 4>http://chat8.live800.com/live800/chatclient/live800/live800/draw_inner_page.js
Level 5>http://chat8.live800.com/live800/chatclient/live800/live800/a
Level 5>http://chat8.live800.com/live800/chatclient/live800/live800/live800/draw_inner_page.js
Level 5>http://chat8.live800.com/live800/chatclient/live800/live800/live800/menu_url.js
Level 4>http://chat8.live800.com/live800/chatclient/live800/live800/menu_url.js
Level 2>http://chat8.live800.com/live800/chatclient/live800/menu_url.js
Level 1>http://chat8.live800.com/live800/chatclient/staticbutton.js?jid=4633907571&companyid=72474&configid=92750&codetype=steady2
Level 1>http://weather.265.com/weather.htm
Level 2>http://weather.265.com/lookupcity
Level 3>http://weather.265.com/time.htm
Level 3>http://weather.265.com/livenews/news.htm
Level 3>http://weather.265.com/images/logo_google_0708.gif
Level 3>http://weather.265.com/js/265_c26af4.js
Level 4>http://weather.265.com/js/time.htm
Level 5>http://weather.265.com/js/livenews/news.htm
Level 6>http://weather.265.com/js/livenews/time.htm
Level 6>http://weather.265.com/js/livenews/livenews/news.htm
Level 6>http://weather.265.com/js/livenews/images/dslogo.gif/
Level 6>http://weather.265.com/js/livenews/js/265_c26af4.js
Level 5>http://weather.265.com/js/images/dslogo.gif/
Level 5>http://weather.265.com/js/js/265_c26af4.js
Level 2>http://weather.265.com/js/jslib_0503.js
Level 1>http://biz.esnai.com/asp/banner/gsbanner.asp?userid=333&groupid=141&sizeid=100&bw=130&bh=181&bf=1
Level 1>http://biz.esnai.com/asp/banner/txtlinktemplate.asp?tempid=34&userid=333&groupid=213
Level 1>http://biz.esnai.com/asp/banner/txtlinktemplate.asp?tempid=32&userid=333&groupid=211
Level 1>http://biz.esnai.com/asp/banner/txtlinktemplate.asp?tempid=33&userid=333&groupid=212
Level 1>http://static.googleadsserving.cn/pagead/imgad?id=ckv66bok49jhchctarhqmghs_8pubgfxzw
Level 1>http://static.googleadsserving.cn/pagead/imgad?id=cotg_es9yrjjchctarhqmgg4xx3uehyiza
Level 1>http://static.googleadsserving.cn/pagead/imgad?id=clb3gt6yk8tbpgeqrqeyudiilougrytol78
Level 1>http://static.googleadsserving.cn/pagead/imgad?id=cio6q57xxpefxbctarhqmgheouesboulkw
Level 1>http://static.googleadsserving.cn/pagead/imgad?id=coeaq87j-p_ynxctarhqmghzgqn8ez3xnw
Level 1>http://www.esnai.com/passport/func.js
Level 1>http://club.esnai.com/biz/mid_2007.htm
Level 2>http://biz.esnai.com/asp/banner/txtlinktemplate.asp?tempid=13&userid=333&groupid=143
Level 2>http://biz.esnai.com/asp/banner/txtlinktemplate.asp?tempid=29&userid=333&groupid=191
Level 2>http://partner.googleadservices.com/gampad/google_service.js
Level 3>http://partner.googleadservices.com/gampad/google_ads.js
Level 3>http://partner.googleadservices.com/gampad/+j+
Level 1>http://club.esnai.com/js/overdesclib.js
Level 1>http://www.esnai.com/headlogincookie.asp?loginfrom=
Level 1>http://www.esnai.com/images/finance
层数太多，不继续往下解了，如果挂马不会挂那么深..