Home Sign Up Sign In
Mianmiss

各位大佬帮看下,这是被当地运营商 DNS 污染了吗

  •   
  •   Mianmiss · Jul 3, 2025 · 2554 views
    This topic created in 343 days ago, the information mentioned may be changed or developed.

    我司有一个域名频繁被湖北(襄阳、武汉)两地的 IP,携带不同的 host,请求下载不存在 exe 、apk 、手机升级固件等文件。虽然都被拦截了,但一天几千条 属实有点烦。

    下面是一些攻击示例。

    host ,stgw_orgreq 
183-95-220-129-te3a720f.ksyungslb.com ,GET /f2.g.mi.com/download/AppStore/0857a80ebebfa4413883311b438d9608af5d95d96/com.ky.game.fkcms.mi.apk?ksy_gslb_referer=http%3A%2F%2Ff2.g.mi.com%2Fdownload%2FAppStore%2F0857a80ebebfa4413883311b438d9608af5d95d96%2Fcom.ky.game.fkcms.mi.apk

file.updrv.com,GET /soft/DriveTheLife/8_16_28_78/DriveTheLife_2095_netcard_8_16_28_78.exe?t=1720492708&sign=8947eda46682e0c76f2ab61253be8416 HTTP/1.1

lf3-ug-sign.feishucdn.com,GET /ee-appcenter/537aa319/Feishu-win32_ia32-7.20.6-signed.exe?lk3s=fb957577&x-expires=1720061871&x-signature=SZd6FXw1p6v1vNnalKI1gc%2BXLlE%3D HTTP/1.1

file-x-updrv-x-com.img.addlink.cn,GET /soft/DriveTheLife/8_16_28_78/DriveTheLife_2095_netcard_8_16_28_78.exe HTTP/1.1
  • DNS污染
  • 恶意请求
  • 拦截
    4 replies    2025-07-08 08:41:33 +08:00
    lovejoy
        1
    lovejoy  
       Jul 3, 2025
    你们域名的 ip 是被复用的,然后 pcdn 回源错了? 乱猜的。
    Mianmiss
        2
    Mianmiss  
    OP
       Jul 3, 2025
    @lovejoy 对 腾讯的 7 层 CLB 上面绑了几十个网站
    slowmist
        3
    slowmist  
       Jul 7, 2025
    @lovejoy 把 apk exe 换成远控就知道怎么回事了🥹
    Mianmiss
        4
    Mianmiss  
    OP
       Jul 8, 2025
    @slowmist 不太懂,老哥 能详细说下吗
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   5095 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 127ms · UTC 03:54 · PVG 11:54 · LAX 20:54 · JFK 23:54
    ♥ Do have faith in what you're doing.