Follow us or clickjacking for business
A few days ago I was looking for winter tires. Searched in Yandex search results. I went to the site, looked. Nothing came up, left the matter for later. I didn’t fill anything anywhere, I didn’t write anything to anyone (this is important).
Today they write me in a personal message VK:
I was very surprised. How did they know that it was me?
He began to study the site of the store. On the page, besides jquery, I. metrics and analytics google found a counter sending requests to socgate.ru. Because I didn’t fill anything, and jquery, Yandex and google would hardly merge information to the store, then suspicions fell on socgate.ru.
Domain IP: 46.4.58.141 Found
on the same IP: socfishing.ru The
main socfishing.ru reads:
According to socgate.ru, I found a note from zenn (possibly namesake), there are more technical details:
Now the code has been changed, I couldn’t catch it. But 99% sure that this is clickjacking ( tyts ).
When you visit the site for the first time, a transparent frame is drawn on the page, an authorization button in the VK or an entry into the group is “glued” to the mouse. Then you are already "led" to the site not as ID 327812, but as "Ivan Vasilyevich from Moscow, married, 2 children. Phone number .... ".
The following
is scary : - nothing prevents in a similar way (clickjacking) to deanonymize the visitor in various analytics, banner twists, RTB, etc. ... As a result, they will receive not just an unnamed user id, but real name, contact details of a person. Soon they will start calling “you went to our site, but left without buying anything ...”;
- You can completely deanonymize a person by collecting nicknames on forums / blogs and a person’s full name. Perhaps this is already happening.
What similar services do you know? How to block their work on the client side?
UPD: Now on the pages of the service it displays:
Today they write me in a personal message VK:
“You were interested in our product on the page .... We can help you ... blah blah blah. "
I was very surprised. How did they know that it was me?
He began to study the site of the store. On the page, besides jquery, I. metrics and analytics google found a counter sending requests to socgate.ru. Because I didn’t fill anything, and jquery, Yandex and google would hardly merge information to the store, then suspicions fell on socgate.ru.
Domain IP: 46.4.58.141 Found
on the same IP: socfishing.ru The
main socfishing.ru reads:
According to socgate.ru, I found a note from zenn (possibly namesake), there are more technical details:
talk.pr-cy.ru/topic/8957-kak-rabotaet-opredelenie-stranitcy-polzovatel/?p=102653Now the code has been changed, I couldn’t catch it. But 99% sure that this is clickjacking ( tyts ).
When you visit the site for the first time, a transparent frame is drawn on the page, an authorization button in the VK or an entry into the group is “glued” to the mouse. Then you are already "led" to the site not as ID 327812, but as "Ivan Vasilyevich from Moscow, married, 2 children. Phone number .... ".
The following
is scary : - nothing prevents in a similar way (clickjacking) to deanonymize the visitor in various analytics, banner twists, RTB, etc. ... As a result, they will receive not just an unnamed user id, but real name, contact details of a person. Soon they will start calling “you went to our site, but left without buying anything ...”;
- You can completely deanonymize a person by collecting nicknames on forums / blogs and a person’s full name. Perhaps this is already happening.
What similar services do you know? How to block their work on the client side?
UPD: Now on the pages of the service it displays: