2017年5月25日木曜日

New EITest's Cloaking

First

(In the case of JST) EITest has been observed again since last night, but many researchers say that they can not observe it. In conclusion, It seems that EITest this time is targeting only some Asian countries including Japan.

Experiment

I accessed EITest 's Compromised site using IP from various countries, and the results are as follows.

Japan



HongKong



UK



America



Netherlands



Singapore



Finally

I found out that there were three types of EITest inject codes. They are switched with Geo. I don't know the details, but UK and America seem to be redirected to a different place from RigEK. It seems that only some Asian countries, such as Japan and Hong Kong, are redirecting to RigEK.

0 件のコメント:

コメントを投稿