search

disconnectme / disconnect-tracking-protection

Canonical repository for the Disconnect services file
Other
650 stars 220 forks source link

Reddit is using Whiteops to do a lot of nasty fingerprinting #215

Closed ilikenwf closed 1 year ago

ilikenwf commented 4 years ago

Seems they use a lot of random domains (CNAME?) - I found out here:

https://smitop.com/post/reddit-whiteops/

I'd paste more here but don't want to rip off the author/researcher.

In a nutshell, I'm thinking something like this:

||minkatu.com
||vprza.com
||s.udkcrj.com
||udkcrj.com

at the least, but there may be more domains.

ilikenwf commented 4 years ago

I'd guess that this is one of their servers..or they're using a CDN. Either way most of these domains look suspect.

https://otx.alienvault.com/indicator/ip/52.27.83.225 https://otx.alienvault.com/indicator/domain/vprza.com https://otx.alienvault.com/indicator/domain/minkatu.com

ilikenwf commented 4 years ago

Data they collect: https://smitop.com/post/whiteops-data/