关于:hxxp://www.xunqu.com/home/data/adtpl/file/com.js解密的日志(全体输出 - 8):
Level 0>hxxp://www.xunqu.com/home/data/adtpl/file/com.js
Level 1>hxxp://skyll2010.3322.org/360/33/index.html
Level 2>hxxp://skyll2010.3322.org/360/33/f.css
Level 2>hxxp://skyll2010.3322.org/360/33/e.jpg
Level 2>hxxp://skyll2010.3322.org/360/33/d.css
Level 2>hxxp://skyll2010.3322.org/360/33/c.jpg
Level 2>hxxp://skyll2010.3322.org/360/33/a.jpg
Level 3>hxxp://cocoexe.8gcc.com/Down/my/33.exe
日志由 Redoce2.0第86次修正版于 2010-1-2 21:41:14 生成。
Blast's Security
Blast's Security Lab
2010-1-2 21:48:54
- 相关文章:
gov.cn……再次的 (2009-12-18 23:14:49)
Giframe无效 (2009-10-4 18:17:40)
当动态域名成为庇护伞 (2009-8-7 10:34:52)
Adobe 漏洞利用文件: "Cao Chang-Ching The CPP made eight mistang U*****i incident_mm.pdf" (2009-7-30 22:13:24)
1.Steven- http://it-mate.co.uk
- Just an FYI, this one's got a new MITM (same filenames, just a different domain/path). The new domain and path is;
xnfcgx.16824.com.cn:173/360/33/
Domain resides at 204.188.206.11 (AS46844 204.188.192.0/18
SharkTECH Internet Services)blast 于 2010-1-10 11:03:02 回复Seems like its owner has regestered many domains, I found another two in the link you've posted :)
my.xingan5.cn:8886/360/33
cocoexe.8gcc.com:8886/360/33
BTW, by searching their site statistics(count.51yes.com/index.aspx?id=507829494) through bing.com, I found that they are likely to spread very early from March 09 but somehow they slowed down their work these days may be the leak of new exploits - 2010-1-10 9:16:05 回复该留言