ib.adnxs.com on Microsoft homepage


Recommended Posts

Hi, I'm experiencing something strange, when visiting Microsoft website and I hover over images containing links I see that those links point to ib.adnxs.com, this happens with both Firefox and Midori, however this happens only on the Microsoft's website homepage, I've tried Bing, Outlook.com, WindowsPhone.com other websites like Google, Amazon, Facebook, Twitter and also local Italian websites but this does not happen, also this does not happen when I hover over text links.

 

I'm not getting redirected to any other website, I clicked on an image and Ghostery blocked it, I'm not seeing any pop ups or any change in my search engines, or any extension besides those I installed myself.

 

I'm using Lubuntu 14.04 fully updated and Firefox 35.0 with Ghostery, AdBlock Plus, Hola Better Internet, LastPass, X-Notifier and Ubuntu Firefox Modifications.

 

I've guess somehow I've been infected by that hijacker, even if I have no idea how that happened, how can I remove that?

 

Thanks

Link to comment
Share on other sites

I don't know if I'm right or wrong, but I'm using Firefox's dev tools to analyze the page, this is what I see when I select those particular images (text based links are fine)

 

Italian version:

 

<a id="703b75e7-03b7-3a7c-1d71-bd1e807870c1" target="_self" class="mscom-link" href="http://ib.adnxs.com/clktrb?id=438904" bi:linkid="F1A-GEN-152Q1ITIT59568-UNK">Scopri di pi

Link to comment
Share on other sites

It's just another analytics engine, same as sites using google-analytics.com, etc etc isn't it? (See #3.) It's fairly hard to find a site not using at least one of these anymore.

Link to comment
Share on other sites

If you want to block this, an easy way is to use OpenDNS, and make sure you are blocking category "Adware".

I tried your solution, but it isn't working I keep seeing this, I hover over a link and that link points to another website.

 

inQMRPD.png

 

I'm getting exactly the same thing. I dunno if their website has been hacked or purposely made that way, because it wasn't like that few days ago.

I'm seriously confused.

 

I mean, Microsoft got hacked by such a well documented adware? Really? And after more than 24 hours they can't fix that? I just can't believe that.

 

Nevertheless, analyzing their page with Firefox's dev tools it really looks like that redirect is injected into their code but, yet again, I refuse to believe their main site can get hacked so easily and they just don't realize it, and it's not just their Italian version, US version is affected too, at least on my PC.

 

On the other hand, I just may have got infected by this adware, even though I have no idea how, I only install software via the packet manager and install only trusted updates, but, in the event of an infection, I'd expect to see more than a few redirects on just one homepage - redirects that when I clicked it, before I realized something was off, got blocked by Ghostery -, I'd expect to see changes to my browser's search engines, start page, maybe extensions too, redirects and pop ups everywhere, slow downs, but I don't see any of that, rather, as a matter of fact, after yesterday's updates my browser and system seem even faster.

 

Or maybe my PC is infected but this adware can't just cause too much trouble on Linux.

Link to comment
Share on other sites

I see it on the US version of the Microsoft homepage. The links in the upper third all refer to adnxs servers and are broken (404 on clicking them).

 

Page is served as https with the Microsoft cert.

post-17075-0-82428000-1422057145.png

 

Clicking the link gives:

post-17075-0-27764000-1422057158.png

Link to comment
Share on other sites

They are using it for consumer monitoring and analysis. It is placed by Microsoft. For me, when I bypass Ghostery, it works, and goes to the correlating Microsoft page.

So basically Microsoft, instead of just using one of those sites that Ghostery usually picks up and blocks, they're pushing their traffic through this ib.adnxs.com site and then to their website, something like, for what I understand, those guys who upload pirated stuff on cyberlockers and then post links on forums but sometimes they make you go through interstitial webpages so they get revenue, in this case instead ib.adnxs.com acts like an interstitial webpage who doesn't show you ads in order to generate revenue for Microsoft but essentially they just use it to track you.

 

And that site is safe? What worries me is that all over the internet I read bad stuff about this website, even if all link scanners, except MyWOT and Quttera, say that it's safe, I guess you can use their services to do something legitimate like consumer analysis as well as spreading malicious software and as a redirect for adwares.

Link to comment
Share on other sites

So basically Microsoft, instead of just using one of those sites that Ghostery usually picks up and blocks, they're pushing their traffic through this ib.adnxs.com site and then to their website, something like, for what I understand, those guys who upload pirated stuff on cyberlockers and then post links on forums but sometimes they make you go through interstitial webpages so they get revenue, in this case instead ib.adnxs.com acts like an interstitial webpage who doesn't show you ads in order to generate revenue for Microsoft but essentially they just use it to track you.

 

And that site is safe? What worries me is that all over the internet I read bad stuff about this website, even if all link scanners, except MyWOT and Quttera, say that it's safe, I guess you can use their services to do something legitimate like consumer analysis as well as spreading malicious software and as a redirect for adwares.

Just seeing who visits each link and from what page, and how long until they clicked, and stuff like that. Not the most private company.

Link to comment
Share on other sites

And that site is safe? 

Welcome to the Internet.  Most every site out there uses some sort of tracker, analytics engine, etc.  Including the one you're on right now.  

Link to comment
Share on other sites

Just seeing who visits each link and from what page, and how long until they clicked, and stuff like that. Not the most private company.

Ok, well, what's important is that we're not talking about a possible infection but just Microsoft choosing a particular service for its purposes. I guess this thread is solved.

 

Welcome to the Internet.  Most every site out there uses some sort of tracker, analytics engine, etc.  Including the one you're on right now.  

Yup, that's why I use Ghostery.

Link to comment
Share on other sites

Yup, that's why I use Ghostery.

Yea that's a good option, I re-read my previous comment, came off a little harsh, unintended that way.. just meant it's an extremely common thing nowadays, not just advertising but keeping track of what's popular versus what isn't, etc etc, helps publishers provide a better site in the long run.. although it wouldn't surprise me if there's been cases of these sort of things being abused or hijacked.  That said I block all of it too, safety first and all that.

Link to comment
Share on other sites

Yea that's a good option, I re-read my previous comment, came off a little harsh, unintended that way.. just meant it's an extremely common thing nowadays, not just advertising but keeping track of what's popular versus what isn't, etc etc, helps publishers provide a better site in the long run.. although it wouldn't surprise me if there's been cases of these sort of things being abused or hijacked.  That said I block all of it too, safety first and all that.

No problem man. I was worried about that particular site just because it seems that many malicious softwares redirect your traffic to that site once your system is compromised, probably it's a perfectly safe site, otherwise I think Microsoft wouldn't use it, that can also be used for malicious purposes.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.