Forum Thread

More Malware re-directs....

implode 89,221 9,379 July 18, 2016 at 08:09 AM
This was the ad that was being served when I was redirected...

Ad 1:
PHP Code:
https://www.googleadservices.com/pagead/aclk?sa=L&ai=CLnema_CMV8grzZYFx_6dmAH46Oz6RKfr2ae6Apfrz9ykBhABIKuwzhpgye7yiZik9BKgAZv6zP4DyAEJ4AIAqAMBqgTdAU_QhOgTMGR6ISdNY6eAOlE0q3_wfrfP1DKsyrD-qWlgr8sli8qrbC5SGmd4LkZjxoBCO2YbZTptq0wgK1PGQrMe99JvmmNElYBCCA7dnUpyyqEC3LkiksjJG38qfili77TuVGIASuAxEyEy6pSE5b21MzUNqZPO0dx5eRqZZWIjLvqkkJXzbEOP2vsJkRwLA72eNqxAlFvwgYgwAW2YVVhhc9aZONHNgRSN_UGo9m7WFzEuZP9D5lBrqaQT6Ad73d6Os430Sjmzor1WHqodkzxrv8nWuzUdFJHgnczs4AQB-gUGCCUQARgAiAYBoAYugAfNhbMBqAemvhvYBwA&num=1&cid=CAASEuRoloWF2zpM98slGipxmQyjyw&sig=AOD64_05ZmwVlTGZvNOC6WSj0f8uY0GygQ&adurl=http://www.gojane.com/108231.html%3FSIZE%3DSM%26id%3D108231-red&client=ca-pub-7882965302669036 
Ad 2:
PHP Code:
http://www.shelterpetproject.org/ 
Basically took me to a fake firefox site, after sitting idle for a couple mins...the FF had an exe file it tried to Download. Sick of this shit. Was in the sweepstakes forum at around 10:05 AM CST when it happened.

6 Comments

1

Sign up for a Slickdeals account to remove this ad.

#2
Quote from implode View Post :
This was the ad that was being served when I was redirected...

Ad 1Stick Out TongueHP Code:
Code:
Code:
 https://www.googleadservices.com/pagead/aclk?sa=L&ai=CLnema_CMV8grzZYFx_6dmAH46Oz6RKfr2ae6Apfrz9ykBhABIKuwzhpgye7yiZik9BKgAZv6zP4DyAEJ4AIAqAMBqgTdAU_QhOgTMGR6ISdNY6eAOlE0q3_wfrfP1DKsyrD-qWlgr8sli8qrbC5SGmd4LkZjxoBCO2YbZTptq0wgK1PGQrMe99JvmmNElYBCCA7dnUpyyqEC3LkiksjJG38qfili77TuVGIASuAxEyEy6pSE5b21MzUNqZPO0dx5eRqZZWIjLvqkkJXzbEOP2vsJkRwLA72eNqxAlFvwgYgwAW2YVVhhc9aZONHNgRSN_UGo9m7WFzEuZP9D5lBrqaQT6Ad73d6Os430Sjmzor1WHqodkzxrv8nWuzUdFJHgnczs4AQB-gUGCCUQARgAiAYBoAYugAfNhbMBqAemvhvYBwA&num=1&cid=CAASEuRoloWF2zpM98slGipxmQyjyw&sig=AOD64_05ZmwVlTGZvNOC6WSj0f8uY0GygQ&adurl=http://www.gojane.com/108231.html%3FSIZE%3DSM%26id%3D108231-red&client=ca-pub-7882965302669036  
Ad 2Stick Out TongueHP Code:
Code:
Code:
 http://www.shelterpetproject.org/  
Basically took me to a fake firefox site, after sitting idle for a couple mins...the FF had an exe file it tried to Download. Sick of this shit. Was in the sweepstakes forum at around 10:05 AM CST when it happened.
Thanks for providing the info. According to that, it looks like it's probably coming from Google Ad Exchange which is supposed to be the safest and more reliable ad provider. I'll reach out to them about this and in the meantime, we've blocked both of those URLs you provided.
Reply Helpful Comment? 0 0
Joined May 2006
Keeper of the Trophy
89,221 Posts
9,379 Reputation
Original Poster
#3
Quote from doublewood View Post :
Thanks for providing the info. According to that, it looks like it's probably coming from Google Ad Exchange which is supposed to be the safest and more reliable ad provider. I'll reach out to them about this and in the meantime, we've blocked both of those URLs you provided.
I have a question, does hitting back button reset the ads being served...this was me hitting back button after it transferred me to malware site. Don't want to give the wrong ads. Didn't record url of site transferred to, wanted to get the hell out of there ASAP.
Reply Helpful Comment? 0 0
#4
Quote from implode View Post :
I have a question, does hitting back button reset the ads being served...this was me hitting back button after it transferred me to malware site. Don't want to give the wrong ads. Didn't record url of site transferred to, wanted to get the hell out of there ASAP.
Hitting the back button will reload the ads in most cases so these probably were different ads. I did check out all ads related to those two URLs and they looked safe but we blocked them just in case someone was using them in a malicious way. Even if they weren't it, I think we'll catch a few this weekend with our scanning tool and that will hopefully stop them for a while.
Reply Helpful Comment? 0 0
Joined May 2006
Keeper of the Trophy
89,221 Posts
9,379 Reputation
Original Poster
#5
Quote from doublewood View Post :
Hitting the back button will reload the ads in most cases so these probably were different ads. I did check out all ads related to those two URLs and they looked safe but we blocked them just in case someone was using them in a malicious way. Even if they weren't it, I think we'll catch a few this weekend with our scanning tool and that will hopefully stop them for a while.
Given it forcing the transfer to a different site, when I'm in a different window...I'm unsure how I'm supposed to record the questionable ads. Its not like it instantly transfers me, its on some sort of delay.

When I enter sweepstakes from SD, I click on a link and it takes me to that site in another window. I fill out the entry form, and submit it. Return to SD window. Repeat x 200 sweepstakes. So constantly loading, cycling through a ton of ads.
Reply Helpful Comment? 0 0
Joined May 2006
Keeper of the Trophy
89,221 Posts
9,379 Reputation
Original Poster
#6
I also wanted to remind anyone reading this thread and dealing with malware sites---report the site to Firefox/Mozilla--when encounter it:

Help -> Report Deceptive Site

I would hope those using FF can make good use of this info, and mods would urge this as something else you can do to stop these sites.
Reply Helpful Comment? 0 0
#7
I was tabbed out, so I didn't see which ad it was, but I was redirected to some Chrome Update installer site that auto-downloaded the "installer.exe". Chrome stopped it from completing and the source was the most scammiest site ever too-
Code:
https://ailooperfectgaytube.net
Reply Helpful Comment? 0 0
Page 1 of 1
1
Join the Conversation
Add a Comment
 
Copyright 1999 - 2016. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard