首頁 美術繪圖 | 美術設計 | 熱門標籤 | 首選 | 首頁宣傳 | 近期作品 論壇: 發表 | 美術工作 | 美術比賽 | 展覽活動 | 美術相關 | 一般討論 | 美術同好 CG 討論 :: Photoshop | Painter | 3D 行動 | AMP
【 立即註冊 】 : 更改個人資料 : : 登入
會員名稱: 登入密碼: 保持登入

Mavoo.net: An Adware or Trojane? (2014)

發表新主題 回覆主題 討論區 Windows, Linux, Perl, PHP, C/C++, Driver, Web 理論、應用、硬體、軟體
| 1頁, 共1
人氣點閱:7203 發表人
Mavoo.net: An Adware or Trojane? (2014) 2014-09-13 14:07
/ / /

Mavoo.net: An Adware or Trojane? (2014)




1. First seen: 2014 June ~ July

2. A middle-man rewrite: Modify the HTML in Chrome, with path "/go/" + digest,

3. Then do a 302 rewrite to collect data.

4. Not 100% reproducible, only found in Chrome; might triggered by Google Chrome extension? ( not sure )

5. Wuxi Yilian ... hmm


代碼:

http://mavoo.net/?q=alexa
http://mavoo.net/?q=bestbuy

-------------------
$ curl -v http://mavoo.net/go/k5nKY3VRAcJ7v5-yafpvVDnjH4AUfqYT68spu8E2_fLHPKLeEI7CacYIIJGLTdcLU8TDTXSYMt48kxmjoB3QcD3CIeijb-rvh6udbdIfc7TAqILKAVAQq2nya1ZuGmRCnPrEvzL89amle2n57M2lluqxtQJd0T57-4e0gBEbMv3Iq6fHVVHkwqHzs-y7E7tz7Ouk0YkzCVCA_xOuv5fD4Tx6hOK6pB62iEkiLp8ApNRAZd3SxTPktKvS2ctq3Tw5/LMGzbACb3Q81v7OruwTA041p83OSO0I7Ox-EPYx3Pao,
* About to connect() to mavoo.net port 80 (#0)
*   Trying 213.211.147.115... connected
> GET /go/k5nKY3VRAcJ7v5-yafpvVDnjH4AUfqYT68spu8E2_fLHPKLeEI7CacYIIJGLTdcLU8TDTXSYMt48kxmjoB3QcD3CIeijb-rvh6udbdIfc7TAqILKAVAQq2nya1ZuGmRCnPrEvzL89amle2n57M2lluqxtQJd0T57-4e0gBEbMv3Iq6fHVVHkwqHzs-y7E7tz7Ouk0YkzCVCA_xOuv5fD4Tx6hOK6pB62iEkiLp8ApNRAZd3SxTPktKvS2ctq3Tw5/LMGzbACb3Q81v7OruwTA041p83OSO0I7Ox-EPYx3Pao, HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: mavoo.net
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx
< Date: Sat, 13 Sep 2014 05:37:11 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/5.4.13
< Location: http://mavoo.net/?q=alexa
<
* Connection #0 to host mavoo.net left intact
* Closing connection #0
$ curl -v http://mavoo.net/go/51aG0GkraJJ3Doa4t_3KeIzpixbHdO-DUfGHqC2sgmNyQpnBIwZ7DMfCVLMsksskt0DojOlkWwULfH9HpvTPY9wQG3PIznQO-2IAeYVU2YTEB1117CK7WRGEPRKqjBGfP_aYvHgEHcLJnZnr8t9AIQ0UTe0RNzIc0ifCQoPzRX1AvVIsF4m5ASZPQP-4FZTm12-70mNJR25z_Qw6c8G1bCs5a9ns6dPlOvNzRvrzGLLf7t4Q19IsgETknXoi3PMMdN8IZpjEdotGv3gud_nd7CtnC9lJPlp2R8z9baHvJArSevFh2EygMsumGflvHEHPZ7FkaHAWYCKFa8DdOcQUwJRnGqyIx1d-TSeH-426coMXHV4_jfebObDHCoTL3j-L/K4F8RO9ZHuBaYQQY6zc2oll0svmOb_0z6Chp0AcfkSw,
* About to connect() to mavoo.net port 80 (#0)
*   Trying 213.211.147.115... connected
> GET /go/51aG0GkraJJ3Doa4t_3KeIzpixbHdO-DUfGHqC2sgmNyQpnBIwZ7DMfCVLMsksskt0DojOlkWwULfH9HpvTPY9wQG3PIznQO-2IAeYVU2YTEB1117CK7WRGEPRKqjBGfP_aYvHgEHcLJnZnr8t9AIQ0UTe0RNzIc0ifCQoPzRX1AvVIsF4m5ASZPQP-4FZTm12-70mNJR25z_Qw6c8G1bCs5a9ns6dPlOvNzRvrzGLLf7t4Q19IsgETknXoi3PMMdN8IZpjEdotGv3gud_nd7CtnC9lJPlp2R8z9baHvJArSevFh2EygMsumGflvHEHPZ7FkaHAWYCKFa8DdOcQUwJRnGqyIx1d-TSeH-426coMXHV4_jfebObDHCoTL3j-L/K4F8RO9ZHuBaYQQY6zc2oll0svmOb_0z6Chp0AcfkSw, HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: mavoo.net
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx
< Date: Sat, 13 Sep 2014 05:40:27 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/5.4.13
< Location: http://mavoo.net/?q=bestbuy
<
* Connection #0 to host mavoo.net left intact
* Closing connection #0




Mavoo.net: An Adware or Trojane? (2014)



代碼:

$ ping mavoo.net
PING mavoo.net (213.211.147.115) 56(84) bytes of data.
64 bytes from 213.211.147.115: icmp_req=1 ttl=56 time=175 ms
64 bytes from 213.211.147.115: icmp_req=2 ttl=56 time=175 ms


Registrar WHOIS Server: whois.bizcn.com
Registrar URL: http://www.bizcn.com
Updated Date: 2014-08-19T08:51:18Z
Creation Date: 2013-12-27T15:18:59Z
Registrar Registration Expiration Date: 2015-12-27T15:18:59Z
Registrar: Bizcn.com,Inc.
Registrar IANA ID: 471
Registrar Abuse Contact Email: abuse@bizcn.com
Registrar Abuse Contact Phone: +86.5922577888
Reseller: Cnobin Technology HK Limited
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Wuxi Yilian LLC
Registrant Organization: Wuxi Yilian LLC
Registrant Street: No.1001 Anling Road
Registrant City: Xiamen
Registrant State/Province: Fujian
Registrant Postal Code: 361008
Registrant Country: cn
Registrant Phone: +86.5922577888
Registrant Phone Ext:
Registrant Fax: +86.5922179606
Registrant Fax Ext:
Registrant Email: whoisprivacyprotect@whoisservices.cn
Registry Admin ID:
Admin Name: Wuxi Yilian LLC
Admin Organization: Wuxi Yilian LLC
Admin Street: No.1001 Anling Road
Admin City: Xiamen
Admin State/Province: Fujian
Admin Postal Code: 361008
Admin Country: cn
Admin Phone: +86.5922577888
Admin Phone Ext:
Admin Fax: +86.5922179606
Admin Fax Ext:
Admin Email: whoisprivacyprotect@whoisservices.cn
Registry Tech ID:
Tech Name: Wuxi Yilian LLC
Tech Organization: Wuxi Yilian LLC
Tech Street: No.1001 Anling Road
Tech City: Xiamen
Tech State/Province: Fujian
Tech Postal Code: 361008
Tech Country: cn
Tech Phone: +86.5922577888
Tech Phone Ext:
Tech Fax: +86.5922179606
Tech Fax Ext:
Tech Email: whoisprivacyprotect@whoisservices.cn
Name Server: ns3.cnmsn.com
Name Server: ns4.cnmsn.com
DNSSEC: NotsignedDelegation
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.n

mavoo.net.1.jpg
mavoo.net.1.jpg

mavoo.net.2.jpg
mavoo.net.2.jpg


________________

美術插畫設計案子報價系統 v0.1 Beta
爪哇禾雀
Type



繪圖畫廊設計藝廊
攝影相簿留言板
最愛收藏分類標籤
暱稱: Type
註冊: 2002-11-30
發表: 11171
來自: vovo2000.com
V幣: 901757
/ / /











資訊相關理論、技術、管理、應用、產品等
發表新主題 回覆主題