国内这劫持简直掉炸天 5 毫秒直达美国 cf ip

金钱蒙蔽了双眼

@holinhot 被拿来当内网设备的 IP 了，本来这就是 APNIC Debogon Project 的一部分，以前这些 IP 是不能宣告出来的

APNIC Debogon Project 中 Debogon 的 Prefix
1.255.0.0/16
1.50.0.0/22
1.2.3.0/24
1.1.1.0/24

@CernetBoom 104.27.191.245 这个是内网 ip 你逗我，打开直接跳转到棋牌网站

@CernetBoom 只是 tcp 被劫持了，icmp 和 udp 还是直接到美国

@holinhot 看错了，以为你说的是 1.1.1.1，104.27.191.245 肯定是有问题，黑产在内部搞鬼吧

江苏电信还劫持 1.1.1.1 呢

这个估计不是移动就是杂牌宽带，电信联通现在也就是放个广告什么的

@hlz0812 1.1.1.1 本来就有内网设备在用，也是 Debogon Project 的一部分

这是另外一回事，TCP 请求都给直接劫持到菠菜网站去了

@hlz0812 江苏电信也被劫了

@hlz0812 这就是电信和联通会出现的

受影响的域名有 400 多个，都是小网站，影响应该不大
3pf5mg.fun.cdn.cloudflare.net
4advancedhvac.com
8pr7onews.cf
80vs90.com
175pershing.com
186bv.space
206abc.com
350.pl
720hdkino.online
857dd.space
1004flower.biz
3344sl.com
74758sg9658ot7m.com
46671816.cn.cdn.cloudflare.net
a0wu.com.cdn.cloudflare.net
absolute-academy.com
academypdfb.cf
adrd.club
adrian.tombu.eu
aeotu.com
agentless.eu
aipa520.com
alivemanual.ga
alladulttricycle.com
amelicompte.fr
ancloudeabin.ml
anfuh-finance.us
anolfbellunotreviso.it
asians-movies.gq
autodiscover.directgiver.org
automaticus.info
a-design.bg
a-ka.de
babakexchange.com
backnettama.ml
bahiskeyfi.net
bankiology.com
beaufide.gq
beautyheaven.co.za
beoffroadcarsuvsok.live
biconpozt.ga
bj12.ooo
bludlilete.gq
boutiqueoriginals.co
bradbenischek.com
budownku.tk
buildingburger.cf
businessinterestingideas.com
businessugtdkorg.ga
c2m2a.com
canadagoosesalesuss.com
carwaypizza.com
certificationinternational.ph
cespares.gq
childchavende.gq
chogasuccessteam.altervista.org.cdn.cloudflare.net
cja1966.com
clixsatoshi.com
cloudninefitpro.com
commwtrk.gq
concdrumkuyters.gq
corgielitedogs.com
corpsecafe.com
cpanel.bankiology.com
cpanel.directgiver.org
cpanel.onelinergk.com
crisis-poorer.ga
cryptocurrencyexchangescriptopensource.com
curryfeed.info
cz.ionic-white.com
darkroom.leicestertigers.com
davanebg.ga
deporteoutdoor.com
devoirdememoire.eu
dggworks.com
dimurmeme.tk
diplomesdetat.ga
directgiver.org
distftigvercent.tk
diveingear.com
dmgyp.com
dronial.com
dustybooks.ml
eastofwestern.science
ecoace.ca
ecovermagician.com
emm.a-ka.de
equipco.us
ergonomikosasociacija.lt
es.rbusgoggles.biz
eship.website
es.ionic-white.com
etraffichub.com
evesplace.org
evkasxebu.tk
exerciseb.co.uk
e-pdfoioad.ml
fashiondelightful.top
fastmoneyhamilton.co.nz
fearreview.com
ffql.net
fijtrade.top
filmblogorg.ga
finservices.online
fitida.com
flickturestudio.com
fneevjxivl.ga
foodsrestaurants.ga
forum.leicestertigers.com
forumhomecare.tk
fredricaonlinestore.xyz
freeebooksbbpcrtd.ml
freelinkadd.com
fulpayvi.cf
fvkkk.cf
galaxyglobaleducation.com
gamedayonrockytop.com
gc.gy
gigimodels.com
gionulatga.gq
gizlikonular.com
glendoncamping.com.au
goadentalimplantsfeed.live
gocheckingaccountsget.live
goldenoldiescarclub.com
grupootus.com.br
gr.ionic-white.com
guelentpo.cf
guibomersting.cf
gurkhagrill-westdidsbury.co.uk
happydatings.gq
hasldolsq.tk
heiworkscambil.tk
hidtmansq.tk
hi-serving.top
homologatech.tk
hr.ionic-white.com
hurizaroll.com
hu.ionic-white.com
iclick4.org
idealscomfort.top
idola999.com
iftc.ml
inipath.ga
injapthuweb.tk
innoveravecpepite.com
inomilun.cf
instahealth-oficial.ru
invertirp.ml
invidi.ga
ionic-white.com
ipynamij.gq
it.ionic-white.com
jarum.info
jaruwitt.com
jiedasoft.com
jwhatfilmsnow.gq
kamr.ru
kctc.icu
kebioskop21.online
killertraders.com
kiotidiless.tk
kituno-ajanlat.com
kmckenziewigginsaairoarrillo.tk
konolpev-seed777.info
kovscomi.cf
kwanstable-melbourne.com.au
landing.miragemt2.com
landtade.gq
larlosszing.ga
lastoriadiintel.altervista.org.cdn.cloudflare.net
laurenrauffer.com
lbeads.com
legraset.tk
leicestertigers.com
leicredrya.tk
limanme.tk
limousinelocation.ga
linaandmayur.com
littlezebrachocolates.com
littlezebrachocolates.com.au
liverpoolfilmoffice.tv
logistico.pl
lohsbedownmoor.ml
lopo.ml
lunatums.gq
macocow.cf
mahdishop.xyz
mail.bankiology.com
mail.directgiver.org
mail.eship.website
mail.miragemt2.com
mail.muntahid.pro
mail.onelinergk.com
mail.ionic-white.com
marquestore.tk
masihbisa.gq
materialiedili.altervista.org.cdn.cloudflare.net
mcameraagora.club
medievalgames.com
miragemt2.com
mismeyma.gq
monalia.com
moolrittfighlighnovulla.tk
mortconsnes.gq
moviezonlinehd.ml
muntahid.pro
mylinqc.com
neumengeto.cf
nextoffer.ru
nifbk.tw.cdn.cloudflare.net
nikolettafoldessy.tk
nnewvideosforever.ga
nol-24.com
northcarolinafashion.tk
nthorom.ga
obbajivar.tk
ocaxilaf.ml
olahyhoyoqika.tk
omegaflooring.ca
onelinergk.com
ootz.party
orangesexvideow.tk
oricfunro.ga
ororwanbirth.tk
ortakporto.com
orthoarts.com
otyvogiyitog.tk
ouahibelhanchi.me
ovluzavcold.gq
paginadevendas.com
pbjmgt.com
pershianhubx.ga
pherturege.ml
plattecountytowtruck.com
pl.ionic-white.com
portfoliobuilderinvest.com
posawoldass.tk
potdhub.com
poznal.com
prewastoback.gq
proprentbati.ga
pt.ionic-white.com
puffracheckper.cf
qnoohinthemovie8.gq
qsavereview-p.cf
q-host.pro
rafaelmuller.ooo
rbusgoggles.biz
realidades.news
realsideal.top
receitascaseiras.blog.br
reisandirvys.com
remeditation.com
renosreviews.gq
reubendouglas.ooo
rhinaridho.ga
robertpolanco.ga
romsthromdenbca.cf
routwessq.ga
ro.ionic-white.com
rugsdecor.ml
runwayidle.party
rupdeulogi.ga
ruthbrennanarchitects.co.uk
rx-pill24.com
saautogas.com.au
saen.info
saglikkurleri.site
samedaypaydayloansonline.bid
samogon-apparaty-engels.ru
sbhapirasq.cf
schutzmartialarts.com
scutlifirsalt.cf
seat-abreramotor.ru
sedie.tk
selphaekaespur.ml
setpaleachan.gq
sexgirls.xyz
shear7.com.au
shesheshe.aipa520.com
si.ionic-white.com
skorkolay.com
sk.ionic-white.com
slaperstig.ga
snowpants.fun
spas.co.ua
springfieldpeds.com
starspremiums.top
stpeterparishlaporte.org
streaming.kebioskop21.online
superketo.fr
sustainedsv.gq
swaradhaara.com
swigitqi.cf
synapsedocs.com
tanrempgandia.tk
teamseoofestherleee.cf
terry-ogata.com
theperdiaspin.ga
thread.life
ticormugesch.ga
tisimrawsmi.gq
toenemai.com.br
topluxuryairfares.sale
toseniorparttimefed.live
toukuike.info
treadbro-g.cf
tretman.com
trilemde.cf
ttdcd.live
tuaconquistapro.com
tyczpollira.tk
unnotu.ga
usecreator.com
usefame.com
usm3chary.space
usofuhof.tk
vegahotels.me
vergdinligod.gq
vesasa.ml
vgthrksq.tk
vianannini.ml
vieharpa.gq
vitxo.tk
vn.ionic-white.com
vplo.altervista.org.cdn.cloudflare.net
vplwz.com
vurjk.live
wattreview-p.gq
wawea.cn.cdn.cloudflare.net
webdisk.bankiology.com
webdisk.directgiver.org
webdisk.onelinergk.com
webhook.a-ka.de
webmail.bankiology.com
webmail.directgiver.org
webmail.onelinergk.com
wellnesstm.com
widget.com.hk
wjymavqcold.gq
world-travelers.online
www.a0wu.com.cdn.cloudflare.net
www.aipa520.com
www.alladulttricycle.com
www.amelicompte.fr
www.anolfbellunotreviso.it
www.aquarium365.com.cdn.cloudflare.net
www.babakexchange.com
www.bahiskeyfi.net
www.bankiology.com
www.beautyheaven.co.za
www.beautystoremilano.it.cdn.cloudflare.net
www.bradbenischek.com
www.c2m2a.com
www.clixsatoshi.com
www.curryfeed.info
www.directgiver.org
www.dmgyp.com
www.dustybooks.ml
www.ecovermagician.com
www.eship.website
www.evesplace.org
www.exerciseb.co.uk
www.fastmoneyhamilton.co.nz
www.fearreview.com
www.flickturestudio.com
www.forumhomecare.tk
www.franchisefinders.ca
www.glendoncamping.com.au
www.goldenoldiescarclub.com
www.grupootus.com.br
www.haicq.tw.cdn.cloudflare.net
www.hassard.net
www.hjszn.tw.cdn.cloudflare.net
www.idola999.com
www.indiefmnm.com.cdn.cloudflare.net
www.jarum.info
www.jiedasoft.com
www.kebioskop21.online
www.killertraders.com
www.leicestertigers.com
www.liverpoolfilmoffice.tv
www.lopo.ml
www.monalia.com
www.muntahid.pro
www.nifbk.tw.cdn.cloudflare.net
www.northcarolinafashion.tk
www.ocaxilaf.ml
www.onelinergk.com
www.orthoarts.com
www.ouahibelhanchi.me
www.paginadevendas.com
www.pbjmgt.com
www.plattecountytowtruck.com
www.popjazzonline.com.cdn.cloudflare.net
www.potdhub.com
www.receitascaseiras.blog.br
www.reisandirvys.com
www.rmarinejacksons.com.au.cdn.cloudflare.net
www.saen.info
www.saglikkurleri.site
www.springfieldpeds.com
www.stextil.com
www.superketo.fr
www.theconunity.com.cdn.cloudflare.net
www.toenemai.com.br
www.toukuike.info
www.vplwz.com
www.wawea.cn.cdn.cloudflare.net
www.zzaapps.com
www.3pf5mg.fun.cdn.cloudflare.net
www.4advancedhvac.com
www.80vs90.com
www.206abc.com
www.350.pl
www.absolute-academy.com
www.anfuh-finance.us
www.a-design.bg
www.a-ka.de
www.emm.a-ka.de
www.ionic-white.com
www.kituno-ajanlat.com
www.q-host.pro
www.rx-pill24.com
www.seat-abreramotor.ru
www.terry-ogata.com
www.world-travelers.online
wyddcelpo.gq
xn--e1akagcdgnw.xn--p1ai
xn----8sbaabxb2dg8ah4gxb.xn--p1ai
xpjw3.com
xprojex-net.cf
yazljiki.cf
yourmove.ml
yzspiranti.ml
zhxgsjd.com
zzaapps.com

@CernetBoom 劫持到菠菜网站在电信联通还是第一次听说，感觉是员工私人行为，官方劫持 dns 放几个广告就算了，劫持到菠菜网站是不要命了

@hlz0812 有内鬼和黑产勾搭在一块？

@hlz0812 #4 苏州电信实测 1.1.1.1 没有被劫持到国内哦。

@CernetBoom 看了下电信和联通都是劫持到上海的服务器了，并且服务器直接接在上海城域网汇聚层上，能这么操作的人权限不小。南方有些省挺乱的，以前还见过有人举报电信某领导私自把江苏电信的 ip 走专线拉到其他省用，不知在搞什么

@mason961125 我上一次测 1.1.1.1 还是劫持到同城，不管什么协议都是，无锡电信。下一次回江苏的时候我再看看，我还记得我那里 2.2.2.1 也好像是劫持的

@mason961125 1.1.1.1 看起来"被劫持"多半只是因为内网里有设备占了这个 IP

@CernetBoom 测了下 TCP 全国三网都劫持了，连鹏博士都没放过

河南联通没有劫持 延迟 228ms

楼上怕不是个智障吧，这是 cf 的节点，几万个网站解析到这里吧
isp 劫持 tcp 包没的说，因为直接访问裸 ip，截止到上海阿里云

isp 内鬼行为，这个站后台是真的墙