用 https 打开京东跳转到 https://www.joybuy.com

Flash Video Downloader
Video Downloader GetThemAll
禁用两天......两天内已经不触发跳转了.
我 Chrome 的原因看来已经找到了.

@beiousishen 这两个我都没有

@beiousishen 这两个我也没有

我总结出测试方法了。

一、保证一小时以上不访问京东。
二、打开 chrome, 禁用全部扩展。
三、打开京东, 查看是否跳转。如果跳转, 那就再次等待一个小时或更长时间。
四、依次启用扩展, 每次启用一个, 启用后重新打开京东, 观察有没有跳转。
五、没有则继续启用下一个扩展, 如果跳转则可确认是哪个扩展出现问题。

我经过测试, 发现“ User-Agent Switcher for Google Chrome ”( https://chrome.google.com/webstore/detail/user-agent-switcher-for-g/ffhkkpnppgnfaobgihpdblnhmmbodake)这个扩展存在问题。

如果有跟我一样的, 可以尝试禁用这个扩展试试。

从上面的回复观察, 好像这次出问题的不是一个扩展, 而是好几个, 原因未知。

@tracky @lspnicol
我的 Chrome 找到问题是
Flash Video Downloader
Video Downloader GetThemAll
这两个扩展
根据其他楼层回复来看.不止是一个扩展出了问题.
可能是这些出问题的扩展都使用了同一个模块,或者调用了同一个 API,亦或是直接复制了同一段成品代码.
如果这些扩展都是同一个问题.那基本能说明不是一个扩展本地的代码有问题,而是这些扩展调用的地方有问题.
或许这个东西已经埋藏了很久.但是最近这些被调用的地方才被激活了.不一定要最近更新过扩展版本的扩展才会出问题.

还是没有找到问题。哎~

的确有可能像 @beiousishen 所说，是某个 chrome 的 api 造成的，因为全局搜索那几个关键字，整个 chrome 下都搜不到

@tracky 我也装了这个 但是我可以明确的是 我这个一直装了关了没用 也发生了跳转

我先给大家一个建议 下次打开京东前先打开 chrome 的调试，在 network 里面勾上 preserve log。 然后打开京东，如果发生了跳转，看看有没有跳转的信息。

@Totato5749 只能全部禁用, 一个个开启测试。好像每个人都不同。

我也是禁用 Video Downloader GetThemAll 后 3 天没出现了

chrome://net-internals/#events 配合修改系统时间抓到了一次

在我这似乎是 BetterHistory 这个扩展搞的鬼



379947: URL_REQUEST
https://www.jd.com/
Start Time: 2018-11-21 00:32:46.413

t=6216 [st= 0] +REQUEST_ALIVE [dt=2848]
--> priority = "HIGHEST"
--> url = "https://www.jd.com/"
t=6216 [st= 0] +NETWORK_DELEGATE_BEFORE_URL_REQUEST [dt=3]
t=6216 [st= 0] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ uBlock Origin ”"
t=6217 [st= 1] DELEGATE_INFO [dt=0]
--> delegate_blocked_by = "扩展程序“ uBlock Origin ”"
t=6217 [st= 1] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ uBlock Origin ”"
t=6218 [st= 2] DELEGATE_INFO [dt=0]
--> delegate_blocked_by = "扩展程序“ Better History ”"
t=6218 [st= 2] DELEGATE_INFO [dt=0]
--> delegate_blocked_by = "扩展程序“ Better History ”"
t=6218 [st= 2] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ Better History ”"
t=6219 [st= 3] CHROME_EXTENSION_REDIRECTED_REQUEST
--> extension_id = "obciceimmggglbmelaidpjlmodcebijb"
t=6219 [st= 3] CHROME_EXTENSION_REDIRECTED_REQUEST
--> extension_id = "obciceimmggglbmelaidpjlmodcebijb"
t=6219 [st= 3] -NETWORK_DELEGATE_BEFORE_URL_REQUEST
t=6219 [st= 3] +URL_REQUEST_START_JOB [dt=4]
--> load_flags = 18432 (MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE)
--> method = "GET"
--> url = "https://www.jd.com/"
t=6219 [st= 3] URL_REQUEST_REDIRECT_JOB
--> reason = "Delegate"
t=6219 [st= 3] URL_REQUEST_FAKE_RESPONSE_HEADERS_CREATED
--> HTTP/1.1 307 Internal Redirect
Location: http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1__%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F
Non-Authoritative-Reason: Delegate
t=6219 [st= 3] +URL_REQUEST_DELEGATE_RECEIVED_REDIRECT [dt=4]
t=6219 [st= 3] DELEGATE_INFO [dt=4]
--> delegate_blocked_by = "MojoAsyncResourceHandler"
t=6223 [st= 7] -URL_REQUEST_DELEGATE_RECEIVED_REDIRECT
t=6223 [st= 7] URL_REQUEST_REDIRECTED
--> location = "http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1__%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F"
t=6223 [st= 7] -URL_REQUEST_START_JOB
t=6223 [st= 7] +NETWORK_DELEGATE_BEFORE_URL_REQUEST [dt=4]
t=6224 [st= 8] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ uBlock Origin ”"
t=6225 [st= 9] DELEGATE_INFO [dt=0]
--> delegate_blocked_by = "扩展程序“ uBlock Origin ”"
t=6225 [st= 9] DELEGATE_INFO [dt=0]
--> delegate_blocked_by = "扩展程序“ uBlock Origin ”"
t=6225 [st= 9] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ Better History ”"
t=6226 [st= 10] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ Better History ”"
t=6227 [st= 11] DELEGATE_INFO [dt=0]
--> delegate_blocked_by = "扩展程序“ Better History ”"
t=6227 [st= 11] -NETWORK_DELEGATE_BEFORE_URL_REQUEST
t=6227 [st= 11] +URL_REQUEST_START_JOB [dt=2827]
--> load_flags = 18432 (MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE)
--> method = "GET"
--> url = "http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1__%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F"
t=6227 [st= 11] +NETWORK_DELEGATE_BEFORE_START_TRANSACTION [dt=2]
t=6227 [st= 11] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ Better History ”"
t=6228 [st= 12] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ Better History ”"
t=6229 [st= 13] -NETWORK_DELEGATE_BEFORE_START_TRANSACTION
t=6229 [st= 13] HTTP_CACHE_GET_BACKEND [dt=0]
t=6229 [st= 13] HTTP_CACHE_OPEN_ENTRY [dt=0]
t=6229 [st= 13] HTTP_CACHE_ADD_TO_ENTRY [dt=0]
t=6229 [st= 13] HTTP_CACHE_READ_INFO [dt=1]
t=6230 [st= 14] +HTTP_STREAM_REQUEST [dt=542]
t=6230 [st= 14] HTTP_STREAM_JOB_CONTROLLER_BOUND
--> source_dependency = 379949 (HTTP_STREAM_JOB_CONTROLLER)
t=6772 [st= 556] HTTP_STREAM_REQUEST_BOUND_TO_JOB
--> source_dependency = 379950 (HTTP_STREAM_JOB)
t=6772 [st= 556] -HTTP_STREAM_REQUEST
t=6772 [st= 556] +HTTP_TRANSACTION_SEND_REQUEST [dt=0]
t=6772 [st= 556] HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1__%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F HTTP/1.1
Host: rtbs24.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
t=6772 [st= 556] -HTTP_TRANSACTION_SEND_REQUEST
t=6772 [st= 556] +HTTP_TRANSACTION_READ_HEADERS [dt=2261]
t=6772 [st= 556] HTTP_STREAM_PARSER_READ_HEADERS [dt=2261]
t=9033 [st=2817] HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 Nov 2018 16:32:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.37
Content-Encoding: gzip
t=9033 [st=2817] -HTTP_TRANSACTION_READ_HEADERS
t=9033 [st=2817] HTTP_CACHE_WRITE_INFO [dt=0]
t=9033 [st=2817] HTTP_CACHE_WRITE_DATA [dt=1]
t=9034 [st=2818] HTTP_CACHE_WRITE_INFO [dt=0]
t=9034 [st=2818] +NETWORK_DELEGATE_HEADERS_RECEIVED [dt=20]
t=9034 [st=2818] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ uBlock Origin ”"
t=9035 [st=2819] DELEGATE_INFO [dt=19]
--> delegate_blocked_by = "扩展程序“ Tampermonkey ”"
t=9054 [st=2838] -NETWORK_DELEGATE_HEADERS_RECEIVED
t=9054 [st=2838] URL_REQUEST_FILTERS_SET
--> filters = "GZIP"
t=9054 [st=2838] -URL_REQUEST_START_JOB
t=9055 [st=2839] +URL_REQUEST_DELEGATE_RESPONSE_STARTED [dt=8]
t=9055 [st=2839] DELEGATE_INFO [dt=8]
--> delegate_blocked_by = "MojoAsyncResourceHandler"
t=9063 [st=2847] -URL_REQUEST_DELEGATE_RESPONSE_STARTED
t=9063 [st=2847] HTTP_TRANSACTION_READ_BODY [dt=0]
t=9063 [st=2847] URL_REQUEST_JOB_BYTES_READ
--> byte_count = 216
t=9063 [st=2847] URL_REQUEST_JOB_FILTERED_BYTES_READ
--> byte_count = 509
t=9063 [st=2847] HTTP_TRANSACTION_READ_BODY [dt=0]
t=9064 [st=2848] -REQUEST_ALIVE

看了一下这个 Better History，居然在扩展商店已经下架了。。。。似乎作者重新申请了个账号重新上架了......

感觉还是有理由怀疑它的

况且被我抓到石锤，谷歌其扩展 id：obciceimmggglbmelaidpjlmodcebijb 发现早有劫持请求的前科了 https://www.reddit.com/r/techsupport/comments/6237fp/windows_defender_fake_zeus_virus_hijack_in_chrome/

大家可以参考我的做法找到劫持请求的扩展，我看你们也没有装 Better History，所以很可能你们是别的扩展干的。 建议看看你们怀疑的对象在 chrome 扩展商店里面还在上架没有

按楼上的方法找到了 基本确定是 User-Agent Switcher
然后搜索了下 User-Agent Switcher 都说是木马
此扩展 id：ffhkkpnppgnfaobgihpdblnhmmbodake


注意看—= CHROME_EXTENSION_REDIRECTED_REQUEST 这里


最后：WQNMLGB

t=37261 [st= 0] +REQUEST_ALIVE [dt=3841]
--> priority = "HIGHEST"
--> url = "https://www.jd.com/"
t=37262 [st= 1] +NETWORK_DELEGATE_BEFORE_URL_REQUEST [dt=11]
t=37262 [st= 1] DELEGATE_INFO [dt=10]
--> delegate_blocked_by = "扩展程序“ User-Agent Switcher for Google Chrome ”"
t=37272 [st= 11] DELEGATE_INFO [dt=0]
--> delegate_blocked_by = "扩展程序“ IDM Integration Module ”"
t=37272 [st= 11] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ IDM Integration Module ”"
t=37273 [st= 12] CHROME_EXTENSION_REDIRECTED_REQUEST
--> extension_id = "ffhkkpnppgnfaobgihpdblnhmmbodake"
t=37273 [st= 12] -NETWORK_DELEGATE_BEFORE_URL_REQUEST
t=37273 [st= 12] +URL_REQUEST_START_JOB [dt=5]
--> load_flags = 18432 (MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE)
--> method = "GET"
--> url = "https://www.jd.com/"
t=37273 [st= 12] URL_REQUEST_REDIRECT_JOB
--> reason = "Delegate"
t=37273 [st= 12] URL_REQUEST_FAKE_RESPONSE_HEADERS_CREATED
--> HTTP/1.1 307 Internal Redirect
Location: http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1%26sa%3D116%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F
Non-Authoritative-Reason: Delegate
t=37273 [st= 12] +URL_REQUEST_DELEGATE_RECEIVED_REDIRECT [dt=5]
t=37274 [st= 13] DELEGATE_INFO [dt=4]
--> delegate_blocked_by = "MojoAsyncResourceHandler"
t=37278 [st= 17] -URL_REQUEST_DELEGATE_RECEIVED_REDIRECT
t=37278 [st= 17] URL_REQUEST_REDIRECTED
--> location = "http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1%26sa%3D116%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F"
t=37278 [st= 17] -URL_REQUEST_START_JOB
t=37278 [st= 17] +NETWORK_DELEGATE_BEFORE_URL_REQUEST [dt=4]
t=37278 [st= 17] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ User-Agent Switcher for Google Chrome ”"
t=37279 [st= 18] DELEGATE_INFO [dt=3]
--> delegate_blocked_by = "扩展程序“ AdBlock ”"
t=37282 [st= 21] -NETWORK_DELEGATE_BEFORE_URL_REQUEST
t=37282 [st= 21] +URL_REQUEST_START_JOB [dt=3804]
--> load_flags = 18432 (MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE)
--> method = "GET"
--> url = "http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1%26sa%3D116%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F"
t=37282 [st= 21] +NETWORK_DELEGATE_BEFORE_START_TRANSACTION [dt=1]
t=37282 [st= 21] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ User-Agent Switcher for Google Chrome ”"
t=37283 [st= 22] -NETWORK_DELEGATE_BEFORE_START_TRANSACTION
t=37283 [st= 22] HTTP_CACHE_GET_BACKEND [dt=0]
t=37283 [st= 22] HTTP_CACHE_OPEN_ENTRY [dt=2]
t=37285 [st= 24] HTTP_CACHE_ADD_TO_ENTRY [dt=0]
t=37285 [st= 24] HTTP_CACHE_READ_INFO [dt=0]
t=37285 [st= 24] +HTTP_STREAM_REQUEST [dt=2644]
t=37285 [st= 24] HTTP_STREAM_JOB_CONTROLLER_BOUND
--> source_dependency = 30866 (HTTP_STREAM_JOB_CONTROLLER)
t=39929 [st=2668] HTTP_STREAM_REQUEST_BOUND_TO_JOB
--> source_dependency = 31013 (HTTP_STREAM_JOB)
t=39929 [st=2668] -HTTP_STREAM_REQUEST
t=39929 [st=2668] +HTTP_TRANSACTION_SEND_REQUEST [dt=0]
t=39929 [st=2668] HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1%26sa%3D116%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F HTTP/1.1
Host: rtbs24.com
Proxy-Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
DNT: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8

@Emory 我的意思并不是 Chrome 的 API.而是有些扩展需要联网并请求第三方服务器支持服务的 API 接口.有人恶意在接口上设定或者激活了以前就埋下的跳转激活.而这些扩展的作者在知情或者不知情的情况下,调用了这些服务接口以达到扩展能达到的功能.因为这些 API 有些是现成的,某些扩展作者并不会额外花这个成本去自己搭建服务器.而这些被调用的 API,要么被入侵后修改了跳转地址,要么一开始就已经被埋藏了.就等着这种双 11 618 的时候激活后获取大量用户访问连接以获取推广费用.
但我更相信
Flash Video Downloader
Video Downloader GetThemAll
这两个是前者.
在 Google 后发现这两个有前科.应该是故意就埋下去的.

或许所有扩展可能有"隐藏功能"就看有没有激活了.

最近 chrome 插件也全部更新了权限要求，都要求文件读写什么的，感觉要尽量少装插件了

@Totato5749 非常感谢这位同学的办法，我照着你的办法也试了一下，乍一看以为是 tampermonkey，但是仔细看看，
t=5572 [st= 11] CHROME_EXTENSION_REDIRECTED_REQUEST
--> extension_id = "abidndjnodakeaicodfpgcnlkpppapah"

按这个 id 去自己扩展里面找了一下，结果是 Allow Copy，然后去 chrome 扩展商店看了一下，同样也是早就下架了的，符合你说的下架了的比较可疑的猜测

下面是完整日志

75104: URL_REQUEST
https://www.jd.com/
Start Time: 2018-11-22 10:05:45.623
t=5561 [st= 0] +REQUEST_ALIVE [dt=989]
--> priority = "HIGHEST"
--> url = "https://www.jd.com/"
t=5562 [st= 1] +NETWORK_DELEGATE_BEFORE_URL_REQUEST [dt=10]
t=5562 [st= 1] DELEGATE_INFO [dt=3]
--> delegate_blocked_by = "扩展程序“ Tampermonkey ”"
t=5565 [st= 4] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ Tampermonkey ”"
t=5566 [st= 5] DELEGATE_INFO [dt=6]
--> delegate_blocked_by = "扩展程序“ Tampermonkey ”"
t=5572 [st= 11] CHROME_EXTENSION_REDIRECTED_REQUEST
--> extension_id = "abidndjnodakeaicodfpgcnlkpppapah"
t=5572 [st= 11] -NETWORK_DELEGATE_BEFORE_URL_REQUEST
t=5572 [st= 11] +URL_REQUEST_START_JOB [dt=2]
--> load_flags = 18432 (MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE)
--> method = "GET"
--> url = "https://www.jd.com/"
t=5572 [st= 11] URL_REQUEST_REDIRECT_JOB
--> reason = "Delegate"
t=5572 [st= 11] URL_REQUEST_FAKE_RESPONSE_HEADERS_CREATED
--> HTTP/1.1 307 Internal Redirect
Location: http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1__%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F
Non-Authoritative-Reason: Delegate
t=5572 [st= 11] +URL_REQUEST_DELEGATE_RECEIVED_REDIRECT [dt=1]
t=5573 [st= 12] DELEGATE_INFO [dt=0]
--> delegate_blocked_by = "MojoAsyncResourceHandler"
t=5573 [st= 12] -URL_REQUEST_DELEGATE_RECEIVED_REDIRECT
t=5574 [st= 13] URL_REQUEST_REDIRECTED
--> location = "http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1__%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F"
t=5574 [st= 13] -URL_REQUEST_START_JOB
t=5574 [st= 13] +NETWORK_DELEGATE_BEFORE_URL_REQUEST [dt=3]
t=5574 [st= 13] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ Tampermonkey ”"
t=5575 [st= 14] DELEGATE_INFO [dt=0]
--> delegate_blocked_by = "扩展程序“ Tampermonkey ”"
t=5575 [st= 14] DELEGATE_INFO [dt=2]
--> delegate_blocked_by = "扩展程序“ Allow Copy ”"
t=5577 [st= 16] -NETWORK_DELEGATE_BEFORE_URL_REQUEST
t=5577 [st= 16] +URL_REQUEST_START_JOB [dt=960]
--> load_flags = 18432 (MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE)
--> method = "GET"
--> url = "http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1__%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F"
t=5577 [st= 16] NETWORK_DELEGATE_BEFORE_START_TRANSACTION [dt=0]
t=5577 [st= 16] HTTP_CACHE_GET_BACKEND [dt=0]
t=5577 [st= 16] HTTP_CACHE_OPEN_ENTRY [dt=0]
--> net_error = -2 (ERR_FAILED)
t=5577 [st= 16] HTTP_CACHE_CREATE_ENTRY [dt=0]
t=5577 [st= 16] HTTP_CACHE_ADD_TO_ENTRY [dt=0]
t=5577 [st= 16] +HTTP_STREAM_REQUEST [dt=2]
t=5577 [st= 16] HTTP_STREAM_JOB_CONTROLLER_BOUND
--> source_dependency = 75107 (HTTP_STREAM_JOB_CONTROLLER)
t=5579 [st= 18] HTTP_STREAM_REQUEST_BOUND_TO_JOB
--> source_dependency = 75108 (HTTP_STREAM_JOB)
t=5579 [st= 18] -HTTP_STREAM_REQUEST
t=5580 [st= 19] +HTTP_TRANSACTION_SEND_REQUEST [dt=0]
t=5580 [st= 19] HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET http://rtbs24.com/?target=https%3A%2F%2Fytthn.com%2Fclick-IQL4686A-HFDQCIIE%3Fbt%3D25%26tl%3D1__%26url%3Dhttps%3A%2F%2Fwww.jd.com%2F HTTP/1.1
Host: rtbs24.com
Proxy-Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7
t=5580 [st= 19] -HTTP_TRANSACTION_SEND_REQUEST
t=5580 [st= 19] +HTTP_TRANSACTION_READ_HEADERS [dt=954]
t=5580 [st= 19] HTTP_STREAM_PARSER_READ_HEADERS [dt=953]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6533 [st=972] HTTP_STREAM_PARSER_READ_HEADERS [dt=1]
t=6534 [st=973] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6534 [st=973] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6534 [st=973] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6534 [st=973] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6534 [st=973] HTTP_STREAM_PARSER_READ_HEADERS [dt=0]
t=6534 [st=973] HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 21 Nov 2018 02:05:53 GMT
Keep-Alive: timeout=38
Server: nginx
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.37
t=6534 [st=973] -HTTP_TRANSACTION_READ_HEADERS
t=6534 [st=973] HTTP_CACHE_WRITE_INFO [dt=0]
t=6534 [st=973] HTTP_CACHE_WRITE_DATA [dt=0]
t=6534 [st=973] HTTP_CACHE_WRITE_INFO [dt=0]
t=6534 [st=973] +NETWORK_DELEGATE_HEADERS_RECEIVED [dt=3]
t=6534 [st=973] DELEGATE_INFO [dt=2]
--> delegate_blocked_by = "扩展程序“ Tampermonkey ”"
t=6536 [st=975] DELEGATE_INFO [dt=1]
--> delegate_blocked_by = "扩展程序“ AdBlock ”"
t=6537 [st=976] -NETWORK_DELEGATE_HEADERS_RECEIVED
t=6537 [st=976] URL_REQUEST_FILTERS_SET
--> filters = "GZIP"
t=6537 [st=976] -URL_REQUEST_START_JOB
t=6537 [st=976] +URL_REQUEST_DELEGATE_RESPONSE_STARTED [dt=11]
t=6537 [st=976] DELEGATE_INFO [dt=11]
--> delegate_blocked_by = "MojoAsyncResourceHandler"
t=6548 [st=987] -URL_REQUEST_DELEGATE_RESPONSE_STARTED
t=6548 [st=987] HTTP_TRANSACTION_READ_BODY [dt=0]
t=6549 [st=988] URL_REQUEST_JOB_BYTES_READ
--> byte_count = 216
t=6549 [st=988] URL_REQUEST_JOB_FILTERED_BYTES_READ
--> byte_count = 509
t=6549 [st=988] HTTP_TRANSACTION_READ_BODY [dt=0]
t=6550 [st=989] -REQUEST_ALIVE

我也遇到了，应该不是运营商的问题，两个地方一个电信，一个移动，都有这个问题

@Totato5749 我和 10 楼有装这个，虽然禁用 ublock 一天没事，不过看来这个嫌疑更大