首頁 繪圖設計 工作閒聊 比賽活動 美術討論 標籤 圖片
Mavoo.net: An Adware or Trojane? (2014)
Mavoo.net: An Adware or Trojane? (2014)
Mavoo.net: An Adware or Trojane? (2014)


Type(Type) 2014/9/13 14:07

Mavoo.net: An Adware or Trojane? (2014)




1. First seen: 2014 June ~ July

2. A middle-man rewrite: Modify the HTML in Chrome, with path "/go/" + digest,

3. Then do a 302 rewrite to collect data.

4. Not 100% reproducible, only found in Chrome; might triggered by Google Chrome extension? ( not sure )

5. Wuxi Yilian ... hmm


代碼:

http://mavoo.net/?q=alexa
http://mavoo.net/?q=bestbuy

-------------------
$ curl -v http://mavoo.net/go/k5nKY3VRAcJ7v5-yafpvVDnjH4AUfqYT68spu8E2_fLHPKLeEI7CacYIIJGLTdcLU8TDTXSYMt48kxmjoB3QcD3CIeijb-rvh6udbdIfc7TAqILKAVAQq2nya1ZuGmRCnPrEvzL89amle2n57M2lluqxtQJd0T57-4e0gBEbMv3Iq6fHVVHkwqHzs-y7E7tz7Ouk0YkzCVCA_xOuv5fD4Tx6hOK6pB62iEkiLp8ApNRAZd3SxTPktKvS2ctq3Tw5/LMGzbACb3Q81v7OruwTA041p83OSO0I7Ox-EPYx3Pao,
* About to connect() to mavoo.net port 80 (#0)
*   Trying 213.211.147.115... connected
> GET /go/k5nKY3VRAcJ7v5-yafpvVDnjH4AUfqYT68spu8E2_fLHPKLeEI7CacYIIJGLTdcLU8TDTXSYMt48kxmjoB3QcD3CIeijb-rvh6udbdIfc7TAqILKAVAQq2nya1ZuGmRCnPrEvzL89amle2n57M2lluqxtQJd0T57-4e0gBEbMv3Iq6fHVVHkwqHzs-y7E7tz7Ouk0YkzCVCA_xOuv5fD4Tx6hOK6pB62iEkiLp8ApNRAZd3SxTPktKvS2ctq3Tw5/LMGzbACb3Q81v7OruwTA041p83OSO0I7Ox-EPYx3Pao, HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: mavoo.net
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx
< Date: Sat, 13 Sep 2014 05:37:11 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/5.4.13
< Location: http://mavoo.net/?q=alexa
<
* Connection #0 to host mavoo.net left intact
* Closing connection #0
$ curl -v http://mavoo.net/go/51aG0GkraJJ3Doa4t_3KeIzpixbHdO-DUfGHqC2sgmNyQpnBIwZ7DMfCVLMsksskt0DojOlkWwULfH9HpvTPY9wQG3PIznQO-2IAeYVU2YTEB1117CK7WRGEPRKqjBGfP_aYvHgEHcLJnZnr8t9AIQ0UTe0RNzIc0ifCQoPzRX1AvVIsF4m5ASZPQP-4FZTm12-70mNJR25z_Qw6c8G1bCs5a9ns6dPlOvNzRvrzGLLf7t4Q19IsgETknXoi3PMMdN8IZpjEdotGv3gud_nd7CtnC9lJPlp2R8z9baHvJArSevFh2EygMsumGflvHEHPZ7FkaHAWYCKFa8DdOcQUwJRnGqyIx1d-TSeH-426coMXHV4_jfebObDHCoTL3j-L/K4F8RO9ZHuBaYQQY6zc2oll0svmOb_0z6Chp0AcfkSw,
* About to connect() to mavoo.net port 80 (#0)
*   Trying 213.211.147.115... connected
> GET /go/51aG0GkraJJ3Doa4t_3KeIzpixbHdO-DUfGHqC2sgmNyQpnBIwZ7DMfCVLMsksskt0DojOlkWwULfH9HpvTPY9wQG3PIznQO-2IAeYVU2YTEB1117CK7WRGEPRKqjBGfP_aYvHgEHcLJnZnr8t9AIQ0UTe0RNzIc0ifCQoPzRX1AvVIsF4m5ASZPQP-4FZTm12-70mNJR25z_Qw6c8G1bCs5a9ns6dPlOvNzRvrzGLLf7t4Q19IsgETknXoi3PMMdN8IZpjEdotGv3gud_nd7CtnC9lJPlp2R8z9baHvJArSevFh2EygMsumGflvHEHPZ7FkaHAWYCKFa8DdOcQUwJRnGqyIx1d-TSeH-426coMXHV4_jfebObDHCoTL3j-L/K4F8RO9ZHuBaYQQY6zc2oll0svmOb_0z6Chp0AcfkSw, HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: mavoo.net
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx
< Date: Sat, 13 Sep 2014 05:40:27 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/5.4.13
< Location: http://mavoo.net/?q=bestbuy
<
* Connection #0 to host mavoo.net left intact
* Closing connection #0




Mavoo.net: An Adware or Trojane? (2014)



代碼:

$ ping mavoo.net
PING mavoo.net (213.211.147.115) 56(84) bytes of data.
64 bytes from 213.211.147.115: icmp_req=1 ttl=56 time=175 ms
64 bytes from 213.211.147.115: icmp_req=2 ttl=56 time=175 ms


Registrar WHOIS Server: whois.bizcn.com
Registrar URL: http://www.bizcn.com
Updated Date: 2014-08-19T08:51:18Z
Creation Date: 2013-12-27T15:18:59Z
Registrar Registration Expiration Date: 2015-12-27T15:18:59Z
Registrar: Bizcn.com,Inc.
Registrar IANA ID: 471
Registrar Abuse Contact Email: abuse@bizcn.com
Registrar Abuse Contact Phone: +86.5922577888
Reseller: Cnobin Technology HK Limited
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Wuxi Yilian LLC
Registrant Organization: Wuxi Yilian LLC
Registrant Street: No.1001 Anling Road
Registrant City: Xiamen
Registrant State/Province: Fujian
Registrant Postal Code: 361008
Registrant Country: cn
Registrant Phone: +86.5922577888
Registrant Phone Ext:
Registrant Fax: +86.5922179606
Registrant Fax Ext:
Registrant Email: whoisprivacyprotect@whoisservices.cn
Registry Admin ID:
Admin Name: Wuxi Yilian LLC
Admin Organization: Wuxi Yilian LLC
Admin Street: No.1001 Anling Road
Admin City: Xiamen
Admin State/Province: Fujian
Admin Postal Code: 361008
Admin Country: cn
Admin Phone: +86.5922577888
Admin Phone Ext:
Admin Fax: +86.5922179606
Admin Fax Ext:
Admin Email: whoisprivacyprotect@whoisservices.cn
Registry Tech ID:
Tech Name: Wuxi Yilian LLC
Tech Organization: Wuxi Yilian LLC
Tech Street: No.1001 Anling Road
Tech City: Xiamen
Tech State/Province: Fujian
Tech Postal Code: 361008
Tech Country: cn
Tech Phone: +86.5922577888
Tech Phone Ext:
Tech Fax: +86.5922179606
Tech Fax Ext:
Tech Email: whoisprivacyprotect@whoisservices.cn
Name Server: ns3.cnmsn.com
Name Server: ns4.cnmsn.com
DNSSEC: NotsignedDelegation
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.n


(3,708 views)
[更多討論] 討論區 Windows, Linux, Perl, PHP, C/C++, Driver, Web 理論、應用、硬體、軟體

"Mavoo.net: An Adware or Trojane? (2014)" 傳統頁面(電腦版)

首頁 繪圖設計 工作閒聊 比賽活動 美術討論 標籤 圖片
傳統桌面版 [ 登入/註冊 ]
© Vovo2000.com Mobile Version 小哈手機版 2024