zoukankan      html  css  js  c++  java

  • g00 网站说明

    最近在做dns tunnel检测,发现了一堆类似这样的域名:c-6rtwjumjzx7877x24uwjkjwjshjx78x2eywzx78yjx2ehtr.g00.medicinenet.com

    都是以g00为子域名,前面一堆随机字符!专门查了下:

    从 https://www.reddit.com/r/pihole/comments/6s2zjw/can_i_block_anything_that_comes_from_g00websitecom/ 可以看到:

    the problem is this: those g00 pages are ad-tech from a company called Instart Logic. the general idea is that it sees that you have an adblocker and re-writes the page/ads to be served from the domain you are at.

    My company uses it and i mesed with my adblocker to block all g00 sites, but it actually messes with the UX of the whole website.

    you could accomplish the same thing by disabling javascript also

    也就是说,他专门用类似域名来防止广告拦截。我专门查了下 instart logic这个公司:

    Instart Logic随后将把这样的分析应用于上述产品,从而使网站或移动应用的访问速度更快,优化搜索引擎排名,帮助发行商规避广告拦截工具

    该公司表示,其电商客户通常会看到营收增长5%到8%,而由广告支撑的发行商会看到营收增长3%到15%。该公司的客户包括Neiman Marcus、Kate Spade、亚洲航空、大西洋传媒、Ziff Davis、Telstra(也是该公司投资方)和纳斯达克。

     

    chrome里安装ublock,访问medicinenet.com,可以看到其block的记录:

    https://c-5uwzmx78pmca09x24quiomax2eumlqkqvmvmbx2ekwu.g00.medicinenet.com/g00/3_c-5eee.umlqkqvmvmb.kwu_/c-5UWZMXPMCA09x24pbbx78ax3ax2fx2fquioma.umlqkqvmvmb.kwux2fquiomax2fatqlmapwex2fbpcuj-atqlmapwex2fbpcuj-x78awzqiaqa-umvc.rx78ox3fq98k.uizsx3dquiom_$/$/$/$/$   =》是一张图片

    https://c-5uwzmx78pmca09x24ix78qax2eowwotmx2ekwu.g00.medicinenet.com/g00/3_c-5eee.umlqkqvmvmb.kwu_/c-5UWZMXPMCA09x24pbbx78ax3ax2fx2fix78qa.owwotm.kwux2frax2fx78tcawvm.rax3fq98k.uizsx3dakzqx78b_$/$/$  =》是js脚本

     

    https://c-5uwzmx78pmca09x24quiomax2eumlqkqvmvmbx2ekwu.g00.medicinenet.com/g00/3_c-5eee.umlqkqvmvmb.kwu_/c-5UWZMXPMCA09x24pbbx78ax3ax2fx2fquioma.umlqkqvmvmb.kwux2fkaax2fumlqkqvmvmbx2fzmlmaqovx2fdmvlwzx2fidozcvl.kaax3fq98k.uizsx3dtqvs_$/$/$/$/$/$?i10c.ua=1 =》 css

     

     

    从 https://community.webroot.com/t5/Webroot-SecureAnywhere-Internet/g00-adware-insertion/td-p/279885 也可以看到:

    this nasty g00 adware insertion in popular newspaper sites..

    https://github.com/uBlockOrigin/uAssets/issues/227

    when i go to newspaper site,it just head to g00 adware referrer and consumes lot of bandwidth....

    can webroot foil this attempt by prebenting g00 crap....potentially a malicious code is inserted by instart logic code....

    you can see no of cookies set by this g00 crap

    following is list of sites affected

    'baltimoresun.com',
    'boston.com',
    'capitalgazette.com',
    'carrollcountytimes.com',
    'celebuzz.com',
    'chicagotribune.com',
    'courant.com',
    'dailypress.com',
    'deathandtaxesmag.com',
    'gamerevolution.com',
    'gofugyourself.com',
    'hearthhead.com',
    'infinitiev.com',
    'mcall.com',
    'nasdaq.com',
    'orlandosentinel.com',
    'ranker.com',
    'sandiegouniontribune.com',
    'saveur.com',
    'sherdog.com',
    'spin.com',
    'sporcle.com',
    'stereogum.com',
    'sun-sentinel.com',
    'thefrisky.com',
    'thesuperficial.com',
    'timeanddate.com',
    'tmn.today',
    'vancouversun.com',
    'vibe.com',
    'weather.com',
    'wowhead.com',
    'calgaryherald.com',
    'edmontonjournal.com',
    'edmunds.com',
    'financialpost.com',
    'leaderpost.com',
    'montrealgazette.com',
    'nationalpost.com',
    'ottawacitizen.com',
    'theprovince.com',
    'thestarphoenix.com',
    'windsorstar.com',

     
     

    here is whats the truth bout instart logic code..
    `Instart Logic's technology used to disguise third-party network requests as first-party network requests, including the writing/reading of third-party cookies as first-party cookies. I consider this to be extremely hostile to users, even those not using a content blocker, as it allows third-party servers to read/write cookies even if a user chose to block 3rd-party cookies through your browser setting.`

    also this instart logic is making dns tweaks to news content before it passes to its end users,it might result in future malicious payload........
    ublock origin uses static filter lists,if it has no filter lists against those ,it will no work...
    privacy badger not working....see here.....https://github.com/EFForg/privacybadger/issues/1044
    webroot should prevent(dns change) this g00 adware insertion at earlier time...
    now this affects more no of popular news websites,,,

    https://github.com/uBlockOrigin/uAssets/issues/227 也可以看到

    g00 adware insertion on newspaper websites #227

     

    URL(s) where the issue occurs

    orlandosentinel.com
    sandiegouniontribune.com
    sun-sentinel.com
    mcall.com
    boston.com

    Those are the ones I have seen so far, there may be more.

    Describe the issue

    Forcibly inserts g00 adware content and abuses window.location API if blocked by a filter like /g00^$important until it turns into a bad request.

    Screenshot(s)

    https://i.gyazo.com/86ab54811f6aaa1785b3d308566d6af6.png

    Versions

    • Browser/version: [here] Chromium 57
    • uBlock Origin version: [here] 1.10.0
     
     
  • 相关阅读:
    Python 模拟SQL对文件进行增删改查
    Python用户登陆
    计算程序的内存和占比
    列出top中的pid
    编写类du命令Python脚本
    生成器版本的文件MD5校验
    利用os、hash模块生成目录下所有文件的md5
    文件Copy和文件夹Copy
    Access数据库连接方式
    js常用方法收集
  • 原文地址:https://www.cnblogs.com/bonelee/p/8716573.html
Copyright © 2011-2022 走看看