Firewall Blocking Dodgy Garbage - but what is it?
-
I see tons of dodgy looking URL's get blocked by our fortigate - are they embedded tracking crap on shady websites? What is this stuff? Examples below.
service=HTTP hostname="rtb02-c.us.dataxu.net" profile="default" action=blocked reqtype=referral url="/x/bcs0?btid=OWYwYjE5M2VmMmE3MTFlNGIyZDkxMGE2ZWY1MWY0NmR8U0ZUOWtaZ2NSaXwxNDMwNzc2MjQ3MDU1fDF8MEZjU0hqdTgze" sentbyte=729 rcvdbyte=315 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high
service=HTTP hostname="ads.creative-serving.com" profile="default" action=blocked reqtype=referral url="/bsw_sync?bidswitch_ssp_id=spotx" sentbyte=567 rcvdbyte=513 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high
service=HTTP hostname="m.goadservices.com" profile="default" action=blocked reqtype=referral url="/match/switch" sentbyte=465 rcvdbyte=229 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high
service=HTTP hostname="g2.symcb.com" profile="default" action=blocked reqtype=direct url="/" sentbyte=286 rcvdbyte=0 direction=outgoing msg="URL belongs to a category with warnings enabled" method=domain cat=75 catdesc="Internet Radio and TV" crscore=30 crlevel=high
service=HTTP hostname="cm.adgrx.com" profile="default" action=blocked reqtype=referral url="/bridge?AG_PID=appnexus" sentbyte=507 rcvdbyte=440 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high
-
Even "trusted" websites like news and social media have some pretty sketchy ad services and trackers embedded.
-
@thecreativeone91 said:
Even "trusted" websites like news and social media have some pretty sketchy ad services and trackers embedded.
That's what I figured, I'm just shocked it's so prolific. I can't even estimate how much of this is caught in the logs every day.
-
If you are uncertain, http://urlquery.net can be helpful.
It will report on what happens when you go to a particular URL.
It can even give you a preview (sometimes) of the page.