Browser hijacking ad

[Brainonska511]

It seems like there is a bad ad in circulation that redirects to a site that claims your browser is infected. Couldn't catch which ad it was, but the redirect is to us. bastardizes41yz .top (added spaces to keep it from being a link).

 

[fralexandr]

Been getting a lot as of the past hour also. Trying to read a thread but it keeps popping up, redirect to a bunch of nonsense then to m43p.callitagain.com and then adpresso.io
As well as an us.criticizes806bq.top

Hopefully chromes next major mobile update actually fixes this...

 

[Brainonska511]

Been getting a lot as of the past hour also. Trying to read a thread but it keeps popping up, redirect to a bunch of nonsense then to m43p.callitagain.com and then adpresso.io
As well as an us.criticizes806bq.top

Hopefully chromes next major mobile update actually fixes this...

Just happened again twice. Once reading a thread and once typing this reply.

And the ad tried to open what's probably a fake GooglePlay browser page to probably try to get you to install their adware. For a tech website, there sure seems to be pretty poor choices made for ad providers.

 

[ch33zw1z]

Yup, it's constant for me in chrome at this point

https://imgur.com/a/2mzPq

 

[JSt0rm]

constantly telling me I won with a spoofed amazon frontpage. impossible to browse on my phone

 

[bbhaag]

I've noticed this same ad as well but only when browsing on my phone. Clearing my cache and cookies through Chrome did not resolve the issue but when I ran the ccleaner app on my phone it seemed to resolve the issue and I no longer redirected.

 

[Tiluka]

It seems like there is a bad ad in circulation that redirects to a site that claims your browser is infected. Couldn't catch which ad it was, but the redirect is to us. bastardizes41yz .top (added spaces to keep it from being a link).

install uBlock Origin, and see if you still get these ads.

https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
also read this articles for extra knowledge
https://malwaretips.com/blogs/remove-browser-redirect-virus/

 

[Brainonska511]

install uBlock Origin, and see if you still get these ads.

https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
also read this articles for extra knowledge
https://malwaretips.com/blogs/remove-browser-redirect-virus/

I don't think it's a virus. Just a malicious ad trying to get you to install malware. And though I could install an ad blocker on my phone, it doesn't solve the root of the problem. A tech site should at least be able to run ads that don't try to compromise its users systems.

 

[Mr.IncrediblyBored]

I've been getting similar hijack ads the last few days.

 

[UsandThem]

@Viddyvane I had these pop up when I was browsing the forums on my phone this morning. I had to kill my browser to be able to do anything since they pretty much hijacked my browser. The full redirect address from my browser history is (I removed the http from the beginning so the whole address shows):

://us.rigorism491dr.top/u23s/0_index.php?model=Galaxy S7 Edge&brand=Samsung&osversion=Android 7.0&ip=108redacted&voluumdata=deprecated&eda=deprecated&cep=PJAln499_8oV9MBUNCh3V2YX-Ks8G7dxd1hgnau70aO75IxJ_xuhOpgndsmkiGphFZzb4WMua0xjrHpEe5DKaO00pbyQ-fyvztHcBHcT-YzlowfaRlnM2KYuTWhOI8cvcmUeMYgrqR9iY2WZVUIj-c5Y2mtHGo3l_tfCWT5SWct3jwvmV39UdQ5jzOgU6_BRiM4R4TACCor-v3QJQrKpEkAIBrK0VCSkuSYKWbu0et1tcCkpSyqMSOcns0bMDB0rN4Bb_MLer8EFF3UjmSsYPyCmzAxm3slLfxioeYhSaKzNepHApUjmPLu7XcjSeUte18XAm4Pm10cx9iSFyx9HUg&clickid=8b061ee951cfb4a0fa751da7d93fd057&channel_id=purch.com_111883.617718&rtb_source=a4gdsp&device_id=none&sizeid=300250&mediaid=pulsepoint#nbb

 

[Viddyvane]

Hey all,

Thanks so much for reporting. I've been seeing similar ones myself (though not on AnandTech). We've been talking to the Ads Team and they've done what they can to identify the company/user behind these malicious ads, but they need a little help.

Below I have attached the "Reporting Malicious Mobile & Desktop Advertising" Instruction Booklet that the team wrote. It's a short introduction to the concept of malicious ads and how you can log this data for reporting. This booklet will walk you through the preferred applications, software, and reporting styles for Mobile & Desktop devices.

I know that I am asking a lot by providing these instructions, but I hope that with more detailed reports sent directly to the Ads Team, they can use that information to make your browsing and Community Experience a better one.

I'd also like to stress that we take your privacy and security very seriously. If you decide to follow the booklet, please be sure that ALL of your malicious ad reports go directly to adissues@purch.com, and that you do not share private information on an open thread such as your IP address any Personally Identifying Information.

Thank you!
Viddyvane
Assistant Community Manager

 

[AdamK47]

These forums are nearly unusable without ad blocking on an Android device. It's not if but when you get one of these random invasive redirects.

 

[lupi]

Just got one on my phone for first time in awhile.


http://c7pp0lmnft.pw/cz/US/yyhvf.php?model=Galaxy Note8&brand=Samsung&ip=172.58.153.74#


http://m43p.callitagain.com/click

 

[MagnusTheBrewer]

@Viddyvane I had these pop up when I was browsing the forums on my phone this morning. I had to kill my browser to be able to do anything since they pretty much hijacked my browser. The full redirect address from my browser history is (I removed the http from the beginning so the whole address shows):

://us.rigorism491dr.top/u23s/0_index.php?model=Galaxy S7 Edge&brand=Samsung&osversion=Android 7.0&ip=108redacted&voluumdata=deprecated&eda=deprecated&cep=PJAln499_8oV9MBUNCh3V2YX-Ks8G7dxd1hgnau70aO75IxJ_xuhOpgndsmkiGphFZzb4WMua0xjrHpEe5DKaO00pbyQ-fyvztHcBHcT-YzlowfaRlnM2KYuTWhOI8cvcmUeMYgrqR9iY2WZVUIj-c5Y2mtHGo3l_tfCWT5SWct3jwvmV39UdQ5jzOgU6_BRiM4R4TACCor-v3QJQrKpEkAIBrK0VCSkuSYKWbu0et1tcCkpSyqMSOcns0bMDB0rN4Bb_MLer8EFF3UjmSsYPyCmzAxm3slLfxioeYhSaKzNepHApUjmPLu7XcjSeUte18XAm4Pm10cx9iSFyx9HUg&clickid=8b061ee951cfb4a0fa751da7d93fd057&channel_id=purch.com_111883.617718&rtb_source=a4gdsp&device_id=none&sizeid=300250&mediaid=pulsepoint#nbb

I've started getting the exact same redirect. Looks like purch needs to do some serious reviews of their advertising partners.

 

[AdamK47]

I've started getting the exact same redirect. Looks like purch needs to do some serious reviews of their advertising partners.

It's probably from the same ad service that puts all of those classy high quality ads at the end of each Anandtech article.

 

[fralexandr]

chrome://flags/#enable-framebusting-needs-sameorigin-or-usergesture

Setting the above to enabled in chrome 62+ might block them?

Source:https://www.androidpolice.com/2017/11/08/heres-protect-rogue-redirect-ads-right-now-chrome/

 

[Brainonska511]

chrome://flags/#enable-framebusting-needs-sameorigin-or-usergesture

Setting the above to enabled in chrome 62+ might block them?

Source:https://www.androidpolice.com/2017/11/08/heres-protect-rogue-redirect-ads-right-now-chrome/

I just followed those steps and it looks like it may have helped. While browsing, I got a notification that a pop-up from "fast click ads dot net" (spelled out to keep from hyperlinking) was blocked. Probably blocked that pesky browser hijacking redirect nonsense that's been happening.

 

[Ryan Smith]

Hey guys, I need to reiterate that while we greatly appreciate being informed about hijack ads, it's sadly not enough for us to act on. The ad guys unfortunately can't work backwards from a screenshot. So if you're regularly getting hijacked, please please see Viddyvane's post; we need your logs in order to identify the bad ad units that are causing this.

 

[AdamK47]

chrome://flags/#enable-framebusting-needs-sameorigin-or-usergesture

Setting the above to enabled in chrome 62+ might block them?

Source:https://www.androidpolice.com/2017/11/08/heres-protect-rogue-redirect-ads-right-now-chrome/

I had this prevent one redirect.

It doesn't help with this one though:

 

[lupi]

Hey guys, I need to reiterate that while we greatly appreciate being informed about hijack ads, it's sadly not enough for us to act on. The ad guys unfortunately can't work backwards from a screenshot. So if you're regularly getting hijacked, please please see Viddyvane's post; we need your logs in order to identify the bad ad units that are causing this.

I read through the link, seems to require using a laptop which doesn't do a lot of good if it only occurs when away from home on your mobile.

 

[Viddyvane]

I read through the link, seems to require using a laptop which doesn't do a lot of good if it only occurs when away from home on your mobile.

Yes, the initial set up for Android does require a laptop but once you have the logging program up and running it would be automatically configured to record logs while browsing on your phone.

 

[UsandThem]

I started getting worse hijacks tonight with Chrome on Android. I left my last page on the main forum webpage, and I got hit with talking ads telling me I was infected while watching a TV show. I got so fed up with it I cleared all my cookies and history, and started using the Samsung Android browser instead with an ad blocker extension.

I think I am going to get my backup Android phone I keep as an emergency spare, and do that program on my laptop so we can get whatever ad company is doing this. I just don't feel comfortable using my daily phone because I use it for payment services like PayPal and Fifth Third.

If not, Anandtech is otherwise not a site anyone who uses the mobile Chrome browser will want to be on because of those annoying redirects are getting worse.

 

[quikah]

Yes, the initial set up for Android does require a laptop but once you have the logging program up and running it would be automatically configured to record logs while browsing on your phone.

This is a joke right?

how about your ad guys sets this up and finds the offending ads themselves? Ad blocking is a hell of a lot easier than troubleshooting ads for you.

 

[UsandThem]

OK. I got my backup phone out of storage, charged it, and updated it. I then downloaded the Charles program from the Word document, and installed it.

However, I could not get it working based on the directions in the document. Then I noticed it said this:

For Android, As of Android N, you need to add configuration to your app in order to have it trust the SSL certificates generated by Charles SSL Proxying. If your phone is version N or higher, you cannot use Charles.

I assume "N" means Nougat, or Android 7.0 and higher. I think that will be a problem for most people who use Android phones, unless someone has a relatively old phone.

 

[UsandThem]

Ok. It wouldn't work on my backup phone, but I got it to work my S7 Edge.

I currently browsing the forums on it, but no redirects yet. However, I did get a security warning when I first went to log in to the forums from Google saying the certificate is invalid.

Edit:
I'm not seeing any ads on this site even though I don't have an ad blocker. But Charles is logging quite a bit of stuff as I browse through the forums.

Edit 2:
I got Charles to record my browsing session, but I never had any ads display on my phone. After I finished recording and went back on the site via wifi, ads began displaying on the phone again. So if someone from Purch wants to help me figure out what I did wrong so we can find the advertiser(s) who are supplying the redirects, I've got everything ready to go. I could send the recorded sessions to the email, but since there were no ads, I don't know if it would help or not.