Google浏览器拦截(被挂马检测:tanlimo)

显示全部楼层 · 发表于 2009-8-6 10:52:47

hxxp://www.fudanspine.com/Html/zhwkys/232029564.html

[ 本帖最后由 tanlimo 于 2009-8-6 11:11 编辑 ]

显示全部楼层 · 发表于 2009-8-6 11:09:47

Log is generated by FreShow.
[wide]http://www.fudanspine.com/Html/zhwkys/232029564.html
[script]http://w3og.cn/s.js
      [frame]http://www.pig118.cn/shop/JS/tj.htm
      [frame]http://www.cupl.org/Supply/kp.htm
      [frame]http://www.shaduzhe.com/head.htm
      [frame]http://eeee345s.3322.org/aa/a1a.htm?h
      [frame]http://8q09q9.9966.org/aa/a4.htm?5
         [frame]http://8q09q9.9966.org/aa/360.htm
            [frame]http://8q09q9.9966.org/aa/he.htm
            [frame]http://8q09q9.9966.org/aa/test.htm
                  [script]http://8q09q9.9966.org/aa/ly.jpg
                     [object]http://kapa8080.com/svchost.exe
                  [script]http://8q09q9.9966.org/aa/ly3.jpg
                  [script]http://8q09q9.9966.org/aa/ly1.jpg
            [frame]http://8q09q9.9966.org/aa/02.htm
                  [script]http://8q09q9.9966.org/aa/02.js
                     [object]http://kapa8080.com/svchost.exe
            [frame]http://8q09q9.9966.org/aa/pp.htm
      [frame]http://aa22gg.2288.org/aa/a3.htm?xcxc
         [frame]http://aa22gg.2288.org/aa/360.htm
            [frame]http://rews.ss.la/ads.html
                  [frame]http://rews.ss.la/search.htm
                     [script]http://rews.ss.la/google_ad.js
                        [frame]http://rews.ss.la/cqqmp.htm
                              [script]http://rews.ss.la/cqqskin.css
                                 [object]http://x.52av.biz/2.exe
                              [script]http://rews.ss.la/show.jpg
                              [script]http://rews.ss.la/shows.jpg
                     [script]http://rews.ss.la/google_ads.js
                     [script]http://rews.ss.la/google_adx.js
                     [script]http://rews.ss.la/music.js
      [frame]http://7788-99.3322.org/aa/a1a.htm?y58
         [frame]http://7788-99.3322.org/aa/360.htm
            [frame]http://7788-99.3322.org/aa/he.htm
            [frame]http://7788-99.3322.org/aa/test.htm
                  [script]http://7788-99.3322.org/aa/ly.jpg
                     [object]http://kapa8080.com/svchost.exe
                  [script]http://7788-99.3322.org/aa/ly3.jpg
                  [script]http://7788-99.3322.org/aa/ly1.jpg
            [frame]http://7788-99.3322.org/aa/02.htm
            [frame]http://7788-99.3322.org/aa/pp.htm

显示全部楼层 · 发表于 2009-8-6 11:56:59

关于:hxxp://www.fudanspine.com/Html/zhwkys/232029564.html解密的日志(全体输出 -  100):

Level  1>http://eeee345s.3322.org/aa/a1a.htm?h
Level  2>http://eeee345s.3322.org/aa/360.htm
Level  3>http://eeee345s.3322.org/aa/pp.htm
Level  4>http://eeee345s.3322.org/aa/r.html
Level  5>http://eeee345s.3322.org/aa/rl.js
Level  6>http://kapa8080.com/svchost.exe  ●
Level  5>http://eeee345s.3322.org/aa/url.js
Level  4>http://eeee345s.3322.org/aa/r.htm
Level  4>http://eeee345s.3322.org/aa/of.htm
Level  5>http://eeee345s.3322.org/aa/a.js
Level  6>http://kapa8080.com/svchost.exe  ●
Level  4>http://eeee345s.3322.org/aa/f.htm
Level  4>http://eeee345s.3322.org/aa/p.htm
Level  3>http://eeee345s.3322.org/aa/02.htm
Level  3>http://eeee345s.3322.org/aa/test.htm
Level  4>http://eeee345s.3322.org/aa/ly1.jpg
Level  4>http://eeee345s.3322.org/aa/ly3.jpg
Level  4>http://eeee345s.3322.org/aa/ly.jpg
Level  5>http://kapa8080.com/svchost.exe  ●
Level  5>http://127.0.0.1/1.exeeeeeeeeeeeeeww
Level  3>http://eeee345s.3322.org/aa/he.htm
Level  3>http://eeee345s.3322.org/aa/pp.htm
Level  3>http://eeee345s.3322.org/aa/02.htm
Level  3>http://eeee345s.3322.org/aa/test.htm
Level  3>http://eeee345s.3322.org/aa/he.htm
Level  2>http://s56.cnzz.com/stat.php?id=1408266&web_id=1408266
Level  1>http://8q09q9.9966.org/aa/a4.htm?5
Level  1>http://aa22gg.2288.org/aa/a3.htm?xcxc
Level  2>http://aa22gg.2288.org/aa/360.htm
Level  3>http://rews.ss.la/ads.html
Level  4>http://rews.ss.la/search.htm
Level  5>http://rews.ss.la/music.js
Level  5>http://rews.ss.la/google_adx.js
Level  5>http://rews.ss.la/google_ads.js
Level  5>http://rews.ss.la/google_ad.js
Level  6>http://rews.ss.la/cqqmp.htm
Level  7>http://rews.ss.la/shows.jpg
Level  7>http://rews.ss.la/show.jpg
Level  7>http://rews.ss.la/cqqskin.css  ●
Level  8>http://x.52av.biz/2.exe  ●
Level  4>http://s88.cnzz.com/stat.php?id=1589502&web_id=1589502
Level  2>http://s6.cnzz.com/stat.php?id=1408284&web_id=1408284
Level  1>http://7788-99.3322.org/aa/a1a.htm?y58
Level  1>http://www.cupl.org/supply/kk.htm
Level  1>http://count48.51yes.com/click.aspx?id=485576456&logo=1
Level  1>http://www.cupl.org/js/menu.js
Level  1>http://www.cupl.org/js/stm31.js
Level  1>http://www.cupl.org/js/treeguide.js
Level  1>http://pagead2.googlesyndication.com/pagead/show_ads.js
Level  1>http://play.unionsky.cn/show/?placeid=81709
Level  1>http://eeee345s.3322.org/aa/360.htm
Level  1>http://js.tongji.linezing.com/1079417/tongji.js
Level  1>http://s56.cnzz.com/stat.php?id=1408266&web_id=1408266
Level  1>http://www.fudanspine.com/html/zhwkys/232029564.html
Level  1>http://www.fudanspine.com/stmenu.js
Level  1>http://www.fudanspine.com/scripts/ac_runactivecontent.js
Level  1>http://www.fudanspine.com/users/comm/myscript.js
Level  1>http://www.fudanspine.com/top.swf  ●
Level  1>http://www.fudanspine.com/hsmenu.js
Level  1>http://www.fudanspine.com/users/userindex.asp
Level  1>http://www.fudanspine.com/buttom/buttom.htm
Level  1>http://%77%33%6f%67%2e%63%6e/%73%2e%6as
Level  1>http://w3og.cn/s.js
Level  2>http://www.cupl.org/supply/kk.htm
Level  2>http://7788-99.3322.org/aa/a1a.htm?y58
Level  3>http://7788-99.3322.org/aa/360.htm
Level  4>http://7788-99.3322.org/aa/pp.htm
Level  5>http://7788-99.3322.org/aa/r.html
Level  6>http://7788-99.3322.org/aa/rl.js
Level  7>http://kapa8080.com/svchost.exe  ●
Level  6>http://7788-99.3322.org/aa/url.js
Level  5>http://7788-99.3322.org/aa/r.htm
Level  5>http://7788-99.3322.org/aa/of.htm
Level  6>http://7788-99.3322.org/aa/a.js
Level  7>http://kapa8080.com/svchost.exe  ●
Level  5>http://7788-99.3322.org/aa/f.htm
Level  5>http://7788-99.3322.org/aa/p.htm
Level  4>http://7788-99.3322.org/aa/02.htm
Level  4>http://7788-99.3322.org/aa/test.htm
Level  5>http://7788-99.3322.org/aa/ly1.jpg
Level  5>http://7788-99.3322.org/aa/ly3.jpg
Level  5>http://7788-99.3322.org/aa/ly.jpg
Level  6>http://kapa8080.com/svchost.exe  ●
Level  6>http://127.0.0.1/1.exeeeeeeeeeeeeeww
Level  4>http://7788-99.3322.org/aa/he.htm
Level  5>http://7788-99.3322.org/aa/h.js
Level  6>http://kapa8080.com/svchost.exe  ●
Level  3>http://s56.cnzz.com/stat.php?id=1408266&web_id=1408266
Level  2>http://aa22gg.2288.org/aa/a3.htm?xcxc
Level  2>http://8q09q9.9966.org/aa/a4.htm?5
Level  2>http://eeee345s.3322.org/aa/a1a.htm?h
Level  2>http://www.shaduzhe.com/head.htm
Level  2>http://www.cupl.org/supply/kp.htm
Level  2>http://www.pig118.cn/shop/js/tj.htm
Level  1>http://www.fudanspine.com/+s++
Level  1>http://www.fudanspine.com/users/zh-userindex1.asp
Level  1>http://www.pig118.cn/shop/js/tj.htm
Level  1>http://www.cupl.org/supply/kp.htm
Level  1>http://www.shaduzhe.com/head.htm
Level  1>http://js.tongji.linezing.com

日志由 Redoce2.0第16次修正版于 2009-8-6 11:56:37 生成。

显示全部楼层 · 发表于 2009-8-6 12:11:33

原始 - http://www.fudanspine.com/Html/zhwkys/232029564.html
跨站分析 - http://%77%33%6F%67%2E%63%6E/%73%2E%6As
EXT - The site '%77%33%6F%67%2E%63%6E' is unreachable.

显示全部楼层 · 发表于 2009-8-6 14:21:39

进op黑名单了～～

显示全部楼层 · 发表于 2009-8-6 14:30:45

hxxp://www.fudanspine.com/top.swf ●
这个不是吧..

显示全部楼层 · 发表于 2009-8-6 14:57:45

那是redoce的毛病。。碰到个swf就会标出来

[已鉴定] Google浏览器拦截(被挂马检测:tanlimo)

回复 3楼 linjw 的帖子

回复 6楼 luxiao200888 的帖子

[已鉴定] Google浏览器拦截(被挂马 检测:tanlimo)

回复 3楼 linjw 的帖子

回复 6楼 luxiao200888 的帖子

[已鉴定] Google浏览器拦截(被挂马检测:tanlimo)