Firewall Blocking Dodgy Garbage - but what is it?



  • I see tons of dodgy looking URL's get blocked by our fortigate - are they embedded tracking crap on shady websites? What is this stuff? Examples below.

    service=HTTP hostname="rtb02-c.us.dataxu.net" profile="default" action=blocked reqtype=referral url="/x/bcs0?btid=OWYwYjE5M2VmMmE3MTFlNGIyZDkxMGE2ZWY1MWY0NmR8U0ZUOWtaZ2NSaXwxNDMwNzc2MjQ3MDU1fDF8MEZjU0hqdTgze" sentbyte=729 rcvdbyte=315 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high

    service=HTTP hostname="ads.creative-serving.com" profile="default" action=blocked reqtype=referral url="/bsw_sync?bidswitch_ssp_id=spotx" sentbyte=567 rcvdbyte=513 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high

    service=HTTP hostname="m.goadservices.com" profile="default" action=blocked reqtype=referral url="/match/switch" sentbyte=465 rcvdbyte=229 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high

    service=HTTP hostname="g2.symcb.com" profile="default" action=blocked reqtype=direct url="/" sentbyte=286 rcvdbyte=0 direction=outgoing msg="URL belongs to a category with warnings enabled" method=domain cat=75 catdesc="Internet Radio and TV" crscore=30 crlevel=high

    service=HTTP hostname="cm.adgrx.com" profile="default" action=blocked reqtype=referral url="/bridge?AG_PID=appnexus" sentbyte=507 rcvdbyte=440 direction=outgoing msg="URL belongs to a denied category in policy" method=domain cat=26 catdesc="Malicious Websites" crscore=60 crlevel=high



  • Even "trusted" websites like news and social media have some pretty sketchy ad services and trackers embedded.



  • @thecreativeone91 said:

    Even "trusted" websites like news and social media have some pretty sketchy ad services and trackers embedded.

    That's what I figured, I'm just shocked it's so prolific. I can't even estimate how much of this is caught in the logs every day.



  • If you are uncertain, http://urlquery.net can be helpful.

    It will report on what happens when you go to a particular URL.
    It can even give you a preview (sometimes) of the page.