ohanotherissue

New Member
Our proxy are bombarded with a lot of outbound traffic which is denied because of bad reputation.
hxxttps://sync.adkernel.com:443/user-sync?zone=79804&t=image&r=https://sync.springserve.com/usersync?aid=631&uuid={UID} -

the above is the URL which gets denied , and its because proxy finds it as malwarish or adware-ish in nature which is true. many computers in the network are reaching out to this url, because those PCs has some information in cookie to do so. My question is how do we identify which websites are pushing these cookies down to user PCs?
or in other words How can we find out retrospective from where it came originally.
 
Last edited by a moderator:
  • Like
Reactions: Correlate

nasdaq

Moderator
Verified
Staff member
Hello, Welcome to MALWARETIPS.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

hxxttps://sync.adkernel.com/user-sync?zone=79804&t=image&r=https%3A%2F%2Fsync.adkernel.com%2Fusersync%3Faid%3D631%26uuid%3D%7BUID%7D

Two domains are listed in the link.
adkernel.com
springserve.com


These sites can be block using this Hosts file.


Read the instructions on the page before using it.

Hope that helps
 

nasdaq

Moderator
Verified
Staff member
Hi

Any site you visit will try to install cookies.
How may time did you see a popup suggesting you to enable the cookies to serve you better.

What I do here I do not need them.
If the site is not available unless I enable them I do not and close the topic.

Search this string in your Default browser "cookie search" you may find a tool that you need.
 
  • Like
Reactions: Correlate