按楼上的方法找到了 基本确定是 User-Agent Switcher
然后搜索了下 User-Agent Switcher 都说是木马
此扩展 id:ffhkkpnppgnfaobgihpdblnhmmbodake
注意看—= CHROME_EXTENSION_REDIRECTED_REQUEST 这里
最后:WQNMLGB
t=37261 [st= 0] +REQUEST_ALIVE [dt=3841]
--> priority = "HIGHEST"
--> url = "
https://www.jd.com/"
t=37262 [st= 1] +NETWORK_DELEGATE_BEFORE_URL_REQUEST [dt=11]
t=37262 [st= 1] DELEGATE_INFO [dt=10]
--> delegate_blocked_by = "扩展程序“ User-Agent Switcher for Google Chrome ”"
t=37272 [st= 11] DELEGATE_INFO [dt=0]
--> delegate_blocked_by = "扩展程序“ IDM Integration Module ”"
t=37272 [st= 11] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ IDM Integration Module ”"
t=37273 [st= 12] CHROME_EXTENSION_REDIRECTED_REQUEST
--> extension_id = "ffhkkpnppgnfaobgihpdblnhmmbodake"
t=37273 [st= 12] -NETWORK_DELEGATE_BEFORE_URL_REQUEST
t=37273 [st= 12] +URL_REQUEST_START_JOB [dt=5]
--> load_flags = 18432 (MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE)
--> method = "GET"
--> url = "
https://www.jd.com/"
t=37273 [st= 12] URL_REQUEST_REDIRECT_JOB
--> reason = "Delegate"
t=37273 [st= 12] URL_REQUEST_FAKE_RESPONSE_HEADERS_CREATED
--> HTTP/1.1 307 Internal Redirect
Location:
http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1%26sa%3D116%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F Non-Authoritative-Reason: Delegate
t=37273 [st= 12] +URL_REQUEST_DELEGATE_RECEIVED_REDIRECT [dt=5]
t=37274 [st= 13] DELEGATE_INFO [dt=4]
--> delegate_blocked_by = "MojoAsyncResourceHandler"
t=37278 [st= 17] -URL_REQUEST_DELEGATE_RECEIVED_REDIRECT
t=37278 [st= 17] URL_REQUEST_REDIRECTED
--> location = "
http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1%26sa%3D116%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F"
t=37278 [st= 17] -URL_REQUEST_START_JOB
t=37278 [st= 17] +NETWORK_DELEGATE_BEFORE_URL_REQUEST [dt=4]
t=37278 [st= 17] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ User-Agent Switcher for Google Chrome ”"
t=37279 [st= 18] DELEGATE_INFO [dt=3]
--> delegate_blocked_by = "扩展程序“ AdBlock ”"
t=37282 [st= 21] -NETWORK_DELEGATE_BEFORE_URL_REQUEST
t=37282 [st= 21] +URL_REQUEST_START_JOB [dt=3804]
--> load_flags = 18432 (MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE)
--> method = "GET"
--> url = "
http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1%26sa%3D116%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F"
t=37282 [st= 21] +NETWORK_DELEGATE_BEFORE_START_TRANSACTION [dt=1]
t=37282 [st= 21] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ User-Agent Switcher for Google Chrome ”"
t=37283 [st= 22] -NETWORK_DELEGATE_BEFORE_START_TRANSACTION
t=37283 [st= 22] HTTP_CACHE_GET_BACKEND [dt=0]
t=37283 [st= 22] HTTP_CACHE_OPEN_ENTRY [dt=2]
t=37285 [st= 24] HTTP_CACHE_ADD_TO_ENTRY [dt=0]
t=37285 [st= 24] HTTP_CACHE_READ_INFO [dt=0]
t=37285 [st= 24] +HTTP_STREAM_REQUEST [dt=2644]
t=37285 [st= 24] HTTP_STREAM_JOB_CONTROLLER_BOUND
--> source_dependency = 30866 (HTTP_STREAM_JOB_CONTROLLER)
t=39929 [st=2668] HTTP_STREAM_REQUEST_BOUND_TO_JOB
--> source_dependency = 31013 (HTTP_STREAM_JOB)
t=39929 [st=2668] -HTTP_STREAM_REQUEST
t=39929 [st=2668] +HTTP_TRANSACTION_SEND_REQUEST [dt=0]
t=39929 [st=2668] HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET
http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1%26sa%3D116%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F HTTP/1.1
Host:
rtbs24.com Proxy-Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
DNT: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Select Language