ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Firewall Blocking Dodgy Garbage - but what is it?

    IT Discussion
    firewall spam fortigate log management hacking tracking
    3
    4
    3.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • MattSpellerM
      MattSpeller
      last edited by

      I see tons of dodgy looking URL's get blocked by our fortigate - are they embedded tracking crap on shady websites? What is this stuff? Examples below.

      service=HTTP hostname="rtb02-c.us.dataxu.net" profile="default" action=blocked reqtype=referral url="/x/bcs0?btid=OWYwYjE5M2VmMmE3MTFlNGIyZDkxMGE2ZWY1MWY0NmR8U0ZUOWtaZ2NSaXwxNDMwNzc2MjQ3MDU1fDF8MEZjU0hqdTgze" sentbyte=729 rcvdbyte=315 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high

      service=HTTP hostname="ads.creative-serving.com" profile="default" action=blocked reqtype=referral url="/bsw_sync?bidswitch_ssp_id=spotx" sentbyte=567 rcvdbyte=513 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high

      service=HTTP hostname="m.goadservices.com" profile="default" action=blocked reqtype=referral url="/match/switch" sentbyte=465 rcvdbyte=229 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high

      service=HTTP hostname="g2.symcb.com" profile="default" action=blocked reqtype=direct url="/" sentbyte=286 rcvdbyte=0 direction=outgoing msg="URL belongs to a category with warnings enabled" method=domain cat=75 catdesc="Internet Radio and TV" crscore=30 crlevel=high

      service=HTTP hostname="cm.adgrx.com" profile="default" action=blocked reqtype=referral url="/bridge?AG_PID=appnexus" sentbyte=507 rcvdbyte=440 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        Even "trusted" websites like news and social media have some pretty sketchy ad services and trackers embedded.

        MattSpellerM 1 Reply Last reply Reply Quote 1
        • MattSpellerM
          MattSpeller @A Former User
          last edited by

          @thecreativeone91 said:

          Even "trusted" websites like news and social media have some pretty sketchy ad services and trackers embedded.

          That's what I figured, I'm just shocked it's so prolific. I can't even estimate how much of this is caught in the logs every day.

          1 Reply Last reply Reply Quote 0
          • nadnerBN
            nadnerB
            last edited by

            If you are uncertain, http://urlquery.net can be helpful.

            It will report on what happens when you go to a particular URL.
            It can even give you a preview (sometimes) of the page.

            1 Reply Last reply Reply Quote 2
            • 1 / 1
            • First post
              Last post