腾讯你.........
vmware 虚拟16张网卡9次拨号负载均衡
相关信息可以Google 关键字:ADWAY恶意广告,www.izptec.com
相关链接
http://bbs.rockbeer.org/redirect.php?tid=1241669484&goto=lastpost
http://www.admin5.com/article/20100601/238050.shtml
http://dongxi.net/b02Mr
http://www.lidiansoft.com/blog/post/1133.html
http://bbs.drpc.cn/viewthread.php?tid=128&page=1
http://www.315ts.net/archive/tousu/2010/1008/888273.shtml
http://www.dongqifei.com/tag/%E6%B5%81%E6%B0%93%E5%B9%BF%E5%91%8A/
http://space.scmlife.com/home-space-uid-12-do-blog-id-1.html
http://bbs.chinaunix.net/viewthread.php?tid=1794483
最近浏览某游戏论坛发现右下角一直出现一个flash广告,刚开始并未太注意这个广告,以为是这个游戏论坛所加载的.后来我在这个游戏论坛询问是否有加载类似广告时,相关人员给予了否定.因为也没什么大碍,就没去关注了..
直到今天偶尔从另外一个站点跳转到这个游戏论坛时发现又弹出了这个flash广告.如图
使用相关工具查看后发现如下代码
如图所示
<html debug="true">
<head>
<body>
<iframe id="fulliframe" lang="utf-8" name="fulliframe" src="" width="100%" height="100%" marginheight="0" marginwidth="0" frameborder="0"/>
<script language="JavaScript" type="text/javascript">
<script src="http://124.232.136.147/pagead/ads.js?umask=26&interval=600&vask=3364566430&uid=1800260239&pid=72057923437190054&o_url=bbs.duowan.com/forum-7-1.html&aname=00007703&ic=00007488&vh=00007494,512|00007411,319|00007488,270|00007484,229|00007414,116|00007417,93|00008502,90|00007470,87&ipc_type=CTN&ipc_nid=0" language="javascript" type="text/javascript"/>
<script src="http://59.51.96.35/10092002/images/asd.js" type="text/javascript" defer=""/>
<div id="pzi_container" style="position: absolute; z-index: 100; bottom: 0px; right: 16px; display: block; width: 300px; height: 290px; background-color: transparent; ">
<iframe width="1" height="1" style="background-color: transparent; " allowtransparency="true" frameborder="0" scrolling="no" src="http://59.51.96.35/10092002//impression.html?http://bbs.duowan.com/forum-7-1.html&random=0.4169298824854195"/>
</body>
</html>
我们看到这样几句代码
<script src="http://124.232.136.147/pagead/ads.js?umask=26&interval=600&vask=3364566430&uid=1800260239&pid=72057923437190054&o_url=bbs.duowan.com/forum-7-1.html&aname=00007703&ic=00007488&vh=00007494,512|00007411,319|00007488,270|00007484,229|00007414,116|00007417,93|00008502,90|00007470,87&ipc_type=CTN&ipc_nid=0" language="javascript" type="text/javascript"/>
<script src="http://59.51.96.35/10092002/images/asd.js" type="text/javascript" defer=""/>
<iframe width="1" height="1" style="background-color: transparent; " allowtransparency="true" frameborder="0" scrolling="no" src="http://59.51.96.35/10092002//impression.html?http://bbs.duowan.com/forum-7-1.html&random=0.4169298824854195"/>
经过测试
http://59.51.96.35/10092002/
这个链接打开后右下角便会弹出flash广告,看来某些人士就是iframe了这个页面.
查看http://59.51.96.35/10092002//impression.html 这个页面代码后
发现如下代码
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title></title>
</head>
<body >
<span style="display:none">
<script src='http://w.cnzz.com/c.php?id=30037064&l=3' language='JavaScript' charset='gb2312'></script>
<img src=http://t.dkgtv6.com/count/count.com.php?website=1100571&image=countlogo1.gif alt="站内统计" style="border:0"/>
<script src="http://s17.cnzz.com/stat.php?id=2454504&web_id=2454504" language="JavaScript"></script>
<script type="text/javascript" language="javascript">
var search = window.location.search;
var idx = search.indexOf("&random=");
document.write("<img src='http://124.232.136.147/pagead/ads?umask=1&ad_url=http://59.51.96.35/10092002/images/asd.js&website=4ca42a39' />");
</script>
</span>
<script type="text/javascript">
/*
(function(){
var PZI = window.PZI = window.PZI || {};
var doubleclick = "http://www.izptec.com";
window.setTimeout("PZI.popWindow()",10);
var poped = false;
function addListener(element, e, fn)
{
element.addEventListener ? element.addEventListener(e, fn, false) : element.attachEvent("on" + e, fn)
}
function removeListener(element, e, fn)
{
element.removeEventListener ? element.removeEventListener(e, fn, false) : element.detachEvent("on" + e, fn)
}
function pop()
{
var adw = window.open('about:blank');
//adw.blur();
//adw.opener.focus();
adw.location = doubleclick;
var win = top.frames[0];
if(win.document.body)
{
removeListener(win.document.body, "click", arguments.callee);
poped = true;
}
return adw;
}
PZI.popWindow = function()
{
try
{
pop();
}
catch(ex)
{
var win = top.frames[0];
if(win.document.body)
{
addListener(win.document.body, "click", pop);
}
};
};
})();
*/
</script>
</body>
</html>
其中
原来有个 Philips促销上海 这么个玩意在捣鬼..
好,我点击那个广告看看
飞利浦剃须刀的..嗯嗯
立即跳转到这个地址
http://59.51.96.35/10092002//click.html
如下代码
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title></title>
<script type="text/javascript" language="javascript">
function loadCallBack()
{
window.location = "http://ad-emea.doubleclick.net/clk;228658714;54655887;e?http://adtpl.360buy.com/uploads/promotion/promotion-tpl/2010/09/2010092500004.html?origin=1_cn_zh_3dshaver_adsl_p1360shanghai_300x250";
}
</script>
</head>
<body onload="loadCallBack()">
<span style="display:none">
<!-- phpstat.net -->
<script language="JavaScript" type="text/javascript">
var _PCSWebSite="1100571";
var _PCSImage="countlogo1.gif";
</script>
<script language="JavaScript" type="text/javascript" src="http://t.dkgtv6.com//count/count.js" ></script>
<!-- /phpstat.net -->
<script src='http://w.cnzz.com/c.php?id=30037066&l=3' language='JavaScript' charset='gb2312'></script>
<script src="http://s17.cnzz.com/stat.php?id=2454520&web_id=2454520" language="JavaScript"></script>
<script type="text/javascript" language="javascript">
var search = window.location.search;
var idx = search.indexOf("&random=");
document.write("<img src='http://124.232.136.147/pagead/ads?umask=0&ad_url=http://59.51.96.35/10092002/images/asd.js&website=4ca42a39' />");
</script>
</span>
</body>
</html>
嗯嗯跳转到 http://adtpl.360buy.com/uploads/promotion/promotion-tpl/2010/09/2010092500004.html?origin=1_cn_zh_3dshaver_adsl_p1360shanghai_300x250,并且有3个流量统计...看来是靠流量吃饭的主.
回到前面http://59.51.96.35/10092002//impression.html这个链接,看代码
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title></title>
</head>
<body>
<span style="display:none">
<script src='http://w.cnzz.com/c.php?id=30037064&l=3' language='JavaScript' charset='gb2312'></script>
<img src=http://t.dkgtv6.com/count/count.com.php?website=1100571&image=countlogo1.gif alt="站内统计" style="border:0"/>
<script src="http://s17.cnzz.com/stat.php?id=2454504&web_id=2454504" language="JavaScript"></script>
<script type="text/javascript" language="javascript">
var search = window.location.search;
var idx = search.indexOf("&random=");
document.write("<img src='http://124.232.136.147/pagead/ads?umask=1&ad_url=http://59.51.96.35/10092002/images/asd.js&website=4ca42a39' />");
</script>
</span>
<script type="text/javascript">
/*
(function(){
var PZI = window.PZI = window.PZI || {};
var doubleclick = "http://www.izptec.com";
window.setTimeout("PZI.popWindow()",10);
var poped = false;
function addListener(element, e, fn)
{
element.addEventListener ? element.addEventListener(e, fn, false) : element.attachEvent("on" + e, fn)
}
function removeListener(element, e, fn)
{
element.removeEventListener ? element.removeEventListener(e, fn, false) : element.detachEvent("on" + e, fn)
}
function pop()
{
var adw = window.open('about:blank');
//adw.blur();
//adw.opener.focus();
adw.location = doubleclick;
var win = top.frames[0];
if(win.document.body)
{
removeListener(win.document.body, "click", arguments.callee);
poped = true;
}
return adw;
}
PZI.popWindow = function()
{
try
{
pop();
}
catch(ex)
{
var win = top.frames[0];
if(win.document.body)
{
addListener(win.document.body, "click", pop);
}
};
};
})();
*/
</script>
</body>
</html>
好的! 被我看到 这个.http://www.izptec.com
这个是什么网站呢?
电信的狗啊...速度换DNS..看来是DNS劫持无疑了...
最后编辑: chen 编辑于2010/10/10 21:53
相关链接
http://bbs.rockbeer.org/redirect.php?tid=1241669484&goto=lastpost
http://www.admin5.com/article/20100601/238050.shtml
http://dongxi.net/b02Mr
http://www.lidiansoft.com/blog/post/1133.html
http://bbs.drpc.cn/viewthread.php?tid=128&page=1
http://www.315ts.net/archive/tousu/2010/1008/888273.shtml
http://www.dongqifei.com/tag/%E6%B5%81%E6%B0%93%E5%B9%BF%E5%91%8A/
http://space.scmlife.com/home-space-uid-12-do-blog-id-1.html
http://bbs.chinaunix.net/viewthread.php?tid=1794483
最近浏览某游戏论坛发现右下角一直出现一个flash广告,刚开始并未太注意这个广告,以为是这个游戏论坛所加载的.后来我在这个游戏论坛询问是否有加载类似广告时,相关人员给予了否定.因为也没什么大碍,就没去关注了..
直到今天偶尔从另外一个站点跳转到这个游戏论坛时发现又弹出了这个flash广告.如图
使用相关工具查看后发现如下代码
如图所示
<html debug="true">
<head>
<body>
<iframe id="fulliframe" lang="utf-8" name="fulliframe" src="" width="100%" height="100%" marginheight="0" marginwidth="0" frameborder="0"/>
<script language="JavaScript" type="text/javascript">
<script src="http://124.232.136.147/pagead/ads.js?umask=26&interval=600&vask=3364566430&uid=1800260239&pid=72057923437190054&o_url=bbs.duowan.com/forum-7-1.html&aname=00007703&ic=00007488&vh=00007494,512|00007411,319|00007488,270|00007484,229|00007414,116|00007417,93|00008502,90|00007470,87&ipc_type=CTN&ipc_nid=0" language="javascript" type="text/javascript"/>
<script src="http://59.51.96.35/10092002/images/asd.js" type="text/javascript" defer=""/>
<div id="pzi_container" style="position: absolute; z-index: 100; bottom: 0px; right: 16px; display: block; width: 300px; height: 290px; background-color: transparent; ">
<iframe width="1" height="1" style="background-color: transparent; " allowtransparency="true" frameborder="0" scrolling="no" src="http://59.51.96.35/10092002//impression.html?http://bbs.duowan.com/forum-7-1.html&random=0.4169298824854195"/>
</body>
</html>
我们看到这样几句代码
<script src="http://124.232.136.147/pagead/ads.js?umask=26&interval=600&vask=3364566430&uid=1800260239&pid=72057923437190054&o_url=bbs.duowan.com/forum-7-1.html&aname=00007703&ic=00007488&vh=00007494,512|00007411,319|00007488,270|00007484,229|00007414,116|00007417,93|00008502,90|00007470,87&ipc_type=CTN&ipc_nid=0" language="javascript" type="text/javascript"/>
<script src="http://59.51.96.35/10092002/images/asd.js" type="text/javascript" defer=""/>
<iframe width="1" height="1" style="background-color: transparent; " allowtransparency="true" frameborder="0" scrolling="no" src="http://59.51.96.35/10092002//impression.html?http://bbs.duowan.com/forum-7-1.html&random=0.4169298824854195"/>
经过测试
http://59.51.96.35/10092002/
这个链接打开后右下角便会弹出flash广告,看来某些人士就是iframe了这个页面.
查看http://59.51.96.35/10092002//impression.html 这个页面代码后
发现如下代码
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title></title>
</head>
<body >
<span style="display:none">
<script src='http://w.cnzz.com/c.php?id=30037064&l=3' language='JavaScript' charset='gb2312'></script>
<img src=http://t.dkgtv6.com/count/count.com.php?website=1100571&image=countlogo1.gif alt="站内统计" style="border:0"/>
<script src="http://s17.cnzz.com/stat.php?id=2454504&web_id=2454504" language="JavaScript"></script>
<script type="text/javascript" language="javascript">
var search = window.location.search;
var idx = search.indexOf("&random=");
document.write("<img src='http://124.232.136.147/pagead/ads?umask=1&ad_url=http://59.51.96.35/10092002/images/asd.js&website=4ca42a39' />");
</script>
</span>
<script type="text/javascript">
/*
(function(){
var PZI = window.PZI = window.PZI || {};
var doubleclick = "http://www.izptec.com";
window.setTimeout("PZI.popWindow()",10);
var poped = false;
function addListener(element, e, fn)
{
element.addEventListener ? element.addEventListener(e, fn, false) : element.attachEvent("on" + e, fn)
}
function removeListener(element, e, fn)
{
element.removeEventListener ? element.removeEventListener(e, fn, false) : element.detachEvent("on" + e, fn)
}
function pop()
{
var adw = window.open('about:blank');
//adw.blur();
//adw.opener.focus();
adw.location = doubleclick;
var win = top.frames[0];
if(win.document.body)
{
removeListener(win.document.body, "click", arguments.callee);
poped = true;
}
return adw;
}
PZI.popWindow = function()
{
try
{
pop();
}
catch(ex)
{
var win = top.frames[0];
if(win.document.body)
{
addListener(win.document.body, "click", pop);
}
};
};
})();
*/
</script>
</body>
</html>
其中
<span style="display:none">
表示隐藏这个页面,看来某些人并不想让人知道一些东西.原来有个 Philips促销上海 这么个玩意在捣鬼..
好,我点击那个广告看看
飞利浦剃须刀的..嗯嗯
立即跳转到这个地址
http://59.51.96.35/10092002//click.html
如下代码
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title></title>
<script type="text/javascript" language="javascript">
function loadCallBack()
{
window.location = "http://ad-emea.doubleclick.net/clk;228658714;54655887;e?http://adtpl.360buy.com/uploads/promotion/promotion-tpl/2010/09/2010092500004.html?origin=1_cn_zh_3dshaver_adsl_p1360shanghai_300x250";
}
</script>
</head>
<body onload="loadCallBack()">
<span style="display:none">
<!-- phpstat.net -->
<script language="JavaScript" type="text/javascript">
var _PCSWebSite="1100571";
var _PCSImage="countlogo1.gif";
</script>
<script language="JavaScript" type="text/javascript" src="http://t.dkgtv6.com//count/count.js" ></script>
<!-- /phpstat.net -->
<script src='http://w.cnzz.com/c.php?id=30037066&l=3' language='JavaScript' charset='gb2312'></script>
<script src="http://s17.cnzz.com/stat.php?id=2454520&web_id=2454520" language="JavaScript"></script>
<script type="text/javascript" language="javascript">
var search = window.location.search;
var idx = search.indexOf("&random=");
document.write("<img src='http://124.232.136.147/pagead/ads?umask=0&ad_url=http://59.51.96.35/10092002/images/asd.js&website=4ca42a39' />");
</script>
</span>
</body>
</html>
嗯嗯跳转到 http://adtpl.360buy.com/uploads/promotion/promotion-tpl/2010/09/2010092500004.html?origin=1_cn_zh_3dshaver_adsl_p1360shanghai_300x250,并且有3个流量统计...看来是靠流量吃饭的主.
回到前面http://59.51.96.35/10092002//impression.html这个链接,看代码
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title></title>
</head>
<body>
<span style="display:none">
<script src='http://w.cnzz.com/c.php?id=30037064&l=3' language='JavaScript' charset='gb2312'></script>
<img src=http://t.dkgtv6.com/count/count.com.php?website=1100571&image=countlogo1.gif alt="站内统计" style="border:0"/>
<script src="http://s17.cnzz.com/stat.php?id=2454504&web_id=2454504" language="JavaScript"></script>
<script type="text/javascript" language="javascript">
var search = window.location.search;
var idx = search.indexOf("&random=");
document.write("<img src='http://124.232.136.147/pagead/ads?umask=1&ad_url=http://59.51.96.35/10092002/images/asd.js&website=4ca42a39' />");
</script>
</span>
<script type="text/javascript">
/*
(function(){
var PZI = window.PZI = window.PZI || {};
var doubleclick = "http://www.izptec.com";
window.setTimeout("PZI.popWindow()",10);
var poped = false;
function addListener(element, e, fn)
{
element.addEventListener ? element.addEventListener(e, fn, false) : element.attachEvent("on" + e, fn)
}
function removeListener(element, e, fn)
{
element.removeEventListener ? element.removeEventListener(e, fn, false) : element.detachEvent("on" + e, fn)
}
function pop()
{
var adw = window.open('about:blank');
//adw.blur();
//adw.opener.focus();
adw.location = doubleclick;
var win = top.frames[0];
if(win.document.body)
{
removeListener(win.document.body, "click", arguments.callee);
poped = true;
}
return adw;
}
PZI.popWindow = function()
{
try
{
pop();
}
catch(ex)
{
var win = top.frames[0];
if(win.document.body)
{
addListener(win.document.body, "click", pop);
}
};
};
})();
*/
</script>
</body>
</html>
好的! 被我看到 这个.http://www.izptec.com
这个是什么网站呢?
电信的狗啊...速度换DNS..看来是DNS劫持无疑了...
最后编辑: chen 编辑于2010/10/10 21:53
2011/02/28 09:43 #{louceng}来宾
报一下路由器是什么牌子的?是否和路由器有关
chen 回复于 2011/03/23 17:59
与路由器无关....纯属电信与这个公司的合作.
分页: 1/1 
1 
1
