Rogue ads when using my Android phone...


Recommended Posts

Yesterday evening I was having a lot of issues with rogue ads taking over my mobile Chrome browser and I had to leave the Neowin website in order to get the ads to close.  I am posting the links below that I was able to copy from my phone history.

 

https://walmart-rewards.us/lp?lpId=73&cid=61aaac92-8887-419c-87fc-185cabc56cb7&params=W3sibGFuZGluZ1BhZ2VJZCI6NDEsIm9mZmVySWQiOjE5Nywid2VpZ2h0Ijo0fSx7ImxhbmRpbmdQ YWdlSWQiOjc1LCJvZmZlcklkIjoyNTMsIndlaWdodCI6NH0seyJsYW5kaW5nUGFnZUlkIjo1Nywi b2ZmZXJJZCI6MTMzLCJ3ZWlnaHQiOjN9LHsibGFuZGluZ1BhZ2VJZCI6NjQsIm9mZmVySWQiOjE5 OCwid2VpZ2h0IjozfSx7ImxhbmRpbmdQYWdlSWQiOjU3LCJvZmZlcklkIjoyMDcsIndlaWdodCI6 Mn0seyJsYW5kaW5nUGFnZUlkIjo0MSwib2ZmZXJJZCI6MjU0LCJ3ZWlnaHQiOjN9LHsibGFuZGlu Z1BhZ2VJZCI6NTcsIm9mZmVySWQiOjIwOCwid2VpZ2h0IjoyfSx7ImxhbmRpbmdQYWdlSWQiOjY3 LCJvZmZlcklkIjoyNTIsIndlaWdodCI6MX0seyJsYW5kaW5nUGFnZUlkIjo3NSwib2ZmZXJJZCI6 MjA1LCJ3ZWlnaHQiOjJ9LHsibGFuZGluZ1BhZ2VJZCI6NjcsIm9mZmVySWQiOjE5OSwid2VpZ2h0 IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjY0LCJvZmZlcklkIjoxOTgsIndlaWdodCI6MX0seyJsYW5k aW5nUGFnZUlkIjo3Miwib2ZmZXJJZCI6MjA2LCJ3ZWlnaHQiOjF9LHsibGFuZGluZ1BhZ2VJZCI6 NjQsIm9mZmVySWQiOjIwMywid2VpZ2h0IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjczLCJvZmZlcklk IjoyMDksIndlaWdodCI6MX1d &campaignId=236&times=1&index=13

 

https://iphone-awards.info/lp?lpId=41&cid=de53be87-1a00-443e-9b3e-0ae11618e1a9&params=W3sibGFuZGluZ1BhZ2VJZCI6NDEsIm9mZmVySWQiOjE5Nywid2VpZ2h0Ijo0fSx7ImxhbmRpbmdQ YWdlSWQiOjc1LCJvZmZlcklkIjoyNTMsIndlaWdodCI6NH0seyJsYW5kaW5nUGFnZUlkIjo1Nywi b2ZmZXJJZCI6MTMzLCJ3ZWlnaHQiOjN9LHsibGFuZGluZ1BhZ2VJZCI6NjQsIm9mZmVySWQiOjE5 OCwid2VpZ2h0IjozfSx7ImxhbmRpbmdQYWdlSWQiOjU3LCJvZmZlcklkIjoyMDcsIndlaWdodCI6 Mn0seyJsYW5kaW5nUGFnZUlkIjo0MSwib2ZmZXJJZCI6MjU0LCJ3ZWlnaHQiOjN9LHsibGFuZGlu Z1BhZ2VJZCI6NTcsIm9mZmVySWQiOjIwOCwid2VpZ2h0IjoyfSx7ImxhbmRpbmdQYWdlSWQiOjY3 LCJvZmZlcklkIjoyNTIsIndlaWdodCI6MX0seyJsYW5kaW5nUGFnZUlkIjo3NSwib2ZmZXJJZCI6 MjA1LCJ3ZWlnaHQiOjJ9LHsibGFuZGluZ1BhZ2VJZCI6NjcsIm9mZmVySWQiOjE5OSwid2VpZ2h0 IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjY0LCJvZmZlcklkIjoxOTgsIndlaWdodCI6MX0seyJsYW5k aW5nUGFnZUlkIjo3Miwib2ZmZXJJZCI6MjA2LCJ3ZWlnaHQiOjF9LHsibGFuZGluZ1BhZ2VJZCI6 NjQsIm9mZmVySWQiOjIwMywid2VpZ2h0IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjczLCJvZmZlcklk IjoyMDksIndlaWdodCI6MX1d &campaignId=237&times=1&index=5

 

https://samsung-prizes.info/lp?lpId=67&cid=8fa6d81a-dc46-46a7-b4b2-7cf9ef9e046a&params=W3sibGFuZGluZ1BhZ2VJZCI6NDEsIm9mZmVySWQiOjE5Nywid2VpZ2h0Ijo0fSx7ImxhbmRpbmdQ YWdlSWQiOjc1LCJvZmZlcklkIjoyNTMsIndlaWdodCI6NH0seyJsYW5kaW5nUGFnZUlkIjo1Nywi b2ZmZXJJZCI6MTMzLCJ3ZWlnaHQiOjN9LHsibGFuZGluZ1BhZ2VJZCI6NjQsIm9mZmVySWQiOjE5 OCwid2VpZ2h0IjozfSx7ImxhbmRpbmdQYWdlSWQiOjU3LCJvZmZlcklkIjoyMDcsIndlaWdodCI6 Mn0seyJsYW5kaW5nUGFnZUlkIjo0MSwib2ZmZXJJZCI6MjU0LCJ3ZWlnaHQiOjN9LHsibGFuZGlu Z1BhZ2VJZCI6NTcsIm9mZmVySWQiOjIwOCwid2VpZ2h0IjoyfSx7ImxhbmRpbmdQYWdlSWQiOjY3 LCJvZmZlcklkIjoyNTIsIndlaWdodCI6MX0seyJsYW5kaW5nUGFnZUlkIjo3NSwib2ZmZXJJZCI6 MjA1LCJ3ZWlnaHQiOjJ9LHsibGFuZGluZ1BhZ2VJZCI6NjcsIm9mZmVySWQiOjE5OSwid2VpZ2h0 IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjY0LCJvZmZlcklkIjoxOTgsIndlaWdodCI6MX0seyJsYW5k aW5nUGFnZUlkIjo3Miwib2ZmZXJJZCI6MjA2LCJ3ZWlnaHQiOjF9LHsibGFuZGluZ1BhZ2VJZCI6 NjQsIm9mZmVySWQiOjIwMywid2VpZ2h0IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjczLCJvZmZlcklk IjoyMDksIndlaWdodCI6MX1d &campaignId=236

 

https://mediamarket-awards.xyz/lp?lpId=75&cid=e55da121-22b6-4aab-a797-e9fb99275c92&params=W3sibGFuZGluZ1BhZ2VJZCI6NDEsIm9mZmVySWQiOjE5Nywid2VpZ2h0Ijo0fSx7ImxhbmRpbmdQ YWdlSWQiOjc1LCJvZmZlcklkIjoyNTMsIndlaWdodCI6NH0seyJsYW5kaW5nUGFnZUlkIjo1Nywi b2ZmZXJJZCI6MTMzLCJ3ZWlnaHQiOjN9LHsibGFuZGluZ1BhZ2VJZCI6NjQsIm9mZmVySWQiOjE5 OCwid2VpZ2h0IjozfSx7ImxhbmRpbmdQYWdlSWQiOjU3LCJvZmZlcklkIjoyMDcsIndlaWdodCI6 Mn0seyJsYW5kaW5nUGFnZUlkIjo0MSwib2ZmZXJJZCI6MjU0LCJ3ZWlnaHQiOjN9LHsibGFuZGlu Z1BhZ2VJZCI6NTcsIm9mZmVySWQiOjIwOCwid2VpZ2h0IjoyfSx7ImxhbmRpbmdQYWdlSWQiOjY3 LCJvZmZlcklkIjoyNTIsIndlaWdodCI6MX0seyJsYW5kaW5nUGFnZUlkIjo3NSwib2ZmZXJJZCI6 MjA1LCJ3ZWlnaHQiOjJ9LHsibGFuZGluZ1BhZ2VJZCI6NjcsIm9mZmVySWQiOjE5OSwid2VpZ2h0 IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjY0LCJvZmZlcklkIjoxOTgsIndlaWdodCI6MX0seyJsYW5k aW5nUGFnZUlkIjo3Miwib2ZmZXJJZCI6MjA2LCJ3ZWlnaHQiOjF9LHsibGFuZGluZ1BhZ2VJZCI6 NjQsIm9mZmVySWQiOjIwMywid2VpZ2h0IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjczLCJvZmZlcklk IjoyMDksIndlaWdodCI6MX1d &campaignId=236&times=1&index=1#

 

https://mediamarket-giveaway.life/lp?lpId=75&cid=d8e55ca7-1033-44f1-a393-f151fc5758e9&params=W3sibGFuZGluZ1BhZ2VJZCI6NDEsIm9mZmVySWQiOjE5Nywid2VpZ2h0Ijo0fSx7ImxhbmRpbmdQ YWdlSWQiOjc1LCJvZmZlcklkIjoyNTMsIndlaWdodCI6NH0seyJsYW5kaW5nUGFnZUlkIjo1Nywi b2ZmZXJJZCI6MTMzLCJ3ZWlnaHQiOjN9LHsibGFuZGluZ1BhZ2VJZCI6NjQsIm9mZmVySWQiOjE5 OCwid2VpZ2h0IjozfSx7ImxhbmRpbmdQYWdlSWQiOjU3LCJvZmZlcklkIjoyMDcsIndlaWdodCI6 Mn0seyJsYW5kaW5nUGFnZUlkIjo0MSwib2ZmZXJJZCI6MjU0LCJ3ZWlnaHQiOjN9LHsibGFuZGlu Z1BhZ2VJZCI6NTcsIm9mZmVySWQiOjIwOCwid2VpZ2h0IjoyfSx7ImxhbmRpbmdQYWdlSWQiOjY3 LCJvZmZlcklkIjoyNTIsIndlaWdodCI6MX0seyJsYW5kaW5nUGFnZUlkIjo3NSwib2ZmZXJJZCI6 MjA1LCJ3ZWlnaHQiOjJ9LHsibGFuZGluZ1BhZ2VJZCI6NjcsIm9mZmVySWQiOjE5OSwid2VpZ2h0 IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjY0LCJvZmZlcklkIjoxOTgsIndlaWdodCI6MX0seyJsYW5k aW5nUGFnZUlkIjo3Miwib2ZmZXJJZCI6MjA2LCJ3ZWlnaHQiOjF9LHsibGFuZGluZ1BhZ2VJZCI6 NjQsIm9mZmVySWQiOjIwMywid2VpZ2h0IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjczLCJvZmZlcklk IjoyMDksIndlaWdodCI6MX1d &campaignId=237&times=1&index=1#

 

https://iphone-awards.us/lp?lpId=41&cid=50c21472-95ec-4a61-bf60-5d702009f86f&params=W3sibGFuZGluZ1BhZ2VJZCI6NDEsIm9mZmVySWQiOjE5Nywid2VpZ2h0Ijo0fSx7ImxhbmRpbmdQ YWdlSWQiOjc1LCJvZmZlcklkIjoyNTMsIndlaWdodCI6NH0seyJsYW5kaW5nUGFnZUlkIjo1Nywi b2ZmZXJJZCI6MTMzLCJ3ZWlnaHQiOjN9LHsibGFuZGluZ1BhZ2VJZCI6NjQsIm9mZmVySWQiOjE5 OCwid2VpZ2h0IjozfSx7ImxhbmRpbmdQYWdlSWQiOjU3LCJvZmZlcklkIjoyMDcsIndlaWdodCI6 Mn0seyJsYW5kaW5nUGFnZUlkIjo0MSwib2ZmZXJJZCI6MjU0LCJ3ZWlnaHQiOjN9LHsibGFuZGlu Z1BhZ2VJZCI6NTcsIm9mZmVySWQiOjIwOCwid2VpZ2h0IjoyfSx7ImxhbmRpbmdQYWdlSWQiOjY3 LCJvZmZlcklkIjoyNTIsIndlaWdodCI6MX0seyJsYW5kaW5nUGFnZUlkIjo3NSwib2ZmZXJJZCI6 MjA1LCJ3ZWlnaHQiOjJ9LHsibGFuZGluZ1BhZ2VJZCI6NjcsIm9mZmVySWQiOjE5OSwid2VpZ2h0 IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjY0LCJvZmZlcklkIjoxOTgsIndlaWdodCI6MX0seyJsYW5k aW5nUGFnZUlkIjo3Miwib2ZmZXJJZCI6MjA2LCJ3ZWlnaHQiOjF9LHsibGFuZGluZ1BhZ2VJZCI6 NjQsIm9mZmVySWQiOjIwMywid2VpZ2h0IjoxfSx7ImxhbmRpbmdQYWdlSWQiOjczLCJvZmZlcklk IjoyMDksIndlaWdodCI6MX1d &campaignId=236&times=1&index=0

Link to comment
Share on other sites

does this happen on any other site? if so you could have a rogue app on your phone presenting ads

 

@Steven P. to check/report with our provider :)

Link to comment
Share on other sites

  • 4 weeks later...

The problem is, Neowin does not have those survey award type ads at all. Whenever I report them I am told that it is possible that another site added malware to the phone or browser session. Best thing to do in the first example is to clear all data (cache) from Chrome which should empty out any rogue cookies.

 

We only have inline mobile ads (in the page, not popped up or redirecting away).

Link to comment
Share on other sites

  • 5 weeks later...

@Steven P.

OK. Ran my Android mobile through a proxy. Here is the chain of URLs from Neowin down to the dodgy ad:

 

https://cdn.nsstatic.net/ns/neowin.net.js

 

https://as-sec.casalemedia.com/cygnus?s=186675&v=7.2&r=%7B%22id%22%3A%2211e2425f85dcff%22%2C%22imp%22%3A%5B%7B%22id%22%3A%222b970275726e2e%22%2C%22banner%22%3A%7B%22w%22%3A320%2C%22h%22%3A50%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22186675%22%2C%22sid%22%3A%22320x50%22%7D%7D%2C%7B%22id%22%3A%223634cc98831314%22%2C%22banner%22%3A%7B%22w%22%3A320%2C%22h%22%3A100%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22186675%22%2C%22sid%22%3A%22320x100%22%7D%7D%2C%7B%22id%22%3A%22476d94559cb8d%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22186675%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%225830b312d3d6e5%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22186675%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%226ca08767fb4f18%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22186675%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%2271df1daa9e5729%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22186675%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.neowin.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22BOdznYKOil6XVAKATBENCY-AAAAoV7_______9______9uz_Ov_v_f__33e8__9v_l_7_-___u_-33d4-_1vf99yfm1-7ftr3tp_87ues2_Xur__59__3z3_9phPr8k89r6337MwwA%22%7D%7D%7D&ac=j&sd=1&

 

https://pr.ybp.yahoo.com/ab/secure/true/imp/6YaOIEQfyfdxKVBQ8YEyvXG0_VlwxxGrlz1lx-8BmnIYRtJ59sRujWuHwO_aOHT5pZrsnFAUH7lx-GtVJIZZNSKiYbgbNgEm9SbyejBMcqhJjQds1a7ZFmwSaSic4nh4MDxfpUYhcy0PnwIkydNRJpmMk6jyYvOYT52F3z6rgh9FpVR9lIgf_O1_1KcKcVIZR_izAwb1VpXSuFB0soVHnXaB5ww0SETMcB0PFPpesH2iLiiZMyUevzOdG-IBXm_4C9NSi0iz9QDiyjyheyQ7ea2Q-n2kiHrB336dHVlAD2cTmQhvREd8IAk257eBSwyrGsdMasVLCio50JsdwTY8gNtfrllMQNSKRz26uSg6L6fddPU3z91X_IPrwfTdKdp_iis1sFKYi-ZxfOlYu0w96Yi-rgtUdkVjH16NOpc8-62W1ITJqOfQiokKQa_2AJjl-8OHv_my6z1uyS6PySUBIztvzene5kiw2FtlSAm1O85THzRQJg3Hk06MkPfF8EJ3HJBI2YMf07OkUzmxqo2JnWYqAb02-Hk7bcQsR7mAkJea3oPuL3sgq1X5jq-Rx8_d1qHKcXLiQBS-XgT9RUCPjTfscg6Ev0XNJjSGh9VaXOigOWfhh-3vfbOV_pXtpC2CPT6d-mA1ozRX8AFR8wRm0F6ve2LydHE-1uyUayAA8FkSnr-I0ECz-72ZxJuGDRXn9y9VlfF-NKHlmq_hdKrXPeIQ4NvOTg-WJZIamNK0K9JijX2F0nug0VJLx7cK-62Y4ZAQyU7xfaQCCWg6i5LT8bxsKvC__pJvlQ0x0eP9bJHIBuJ6OEewBYqduQE-RybMNkgmrqqk5LDK1D49QcBHTT4okyhbQWbYHiDoj0XJSlX5C0qArqeGS648Wo92xtK8bLQ3I36JyWJBM3xl7_v2aFEYpaDYlctKSRV1fkz-OA8vhDJ8S9l605Hbdjkhp0kND4gCoZ8uMyCtcmAjCGebYtM-lq9NLLFuPstaY0iPjvTPn_fJ80VWQwI8KW9A1ZvzFXou9_w6wYvmoEyUeh6jYjB4RH5R1nlD8x7SzzQHBJ6LOIMCWhgTYOh99BiTXe6YUdlNApmEB_MK9X1x49T30kaEkM4dc2Ubo56l_M4om_FTthGOiiqIipuQVjcrba_8wWEj57MMy2ubwDQmJO0jRACE2h-aiYjVlck5kpvSMphggyfxrhykeZFvNr-7UHmD-jaerv_dd8ni1hqEW217Q5vzIsloSyeQtnaehAQJz7GFt5NHy_mvPQm0xoyXC3v0aZkWC-i9Vgpjsq9lGO82TwhD3vENErdrArAdjim9yPFbh-hikvrOOm6Wr_D6FycB3VZGVmH-4FXNT_WJ2Iz3p72cCXyAnnyjmiY1vvkCw_KOqCsEgJMogUYzwJy7jdac4wM_ZT9TpwPKqtplhOoi3WVVfv_4n11MzJtndFxz_TY1uPYkb_z4rPf8gf9r0aqkPDVXI5gkDmuw1aW5sAgJI2nxPZPFwdZacl9IxpWrV9vVMUbY7rTEBVzKY1BYvfoUOdFenJobfI8IUy3vgUYaekTnPBtx3jDvfwLJFWNzK9cQGT6jUvHxAI_5ZvtJG1Aq2K212N08cRIaNID1bIVv_Q/wp/5B51F38AADE2ED34

 

https://storage.googleapis.com/ark-mos/apop/pos-alkb.js?p1=neowin.net&p5=neowin.net_4

 

https://campaignm.com/wtrack?p1=neowin.net&p5=neowin.net_4&cid=795&csk=UnViaWNvbkFkU2VydmluZw==&dn=146&cva=04a16f53

 

The last one returns:

 var nodea  = document.createElement('a');
    nodea.setAttribute("href",'https://finme.club/req?cId=362&tv=1&parm1=neowin.net&parm2=&parm3=&parm4=&parm5=neowin.net_4');
    nodea.click();window.top.location='https://finme.club/req?cId=362&tv=1&parm1=neowin.net&parm2=&parm3=&parm4=&parm5=neowin.net_4';

 

Which then redirects onto https://samsung-2019-rewards.email

Link to comment
Share on other sites

Yep that does look like our advertiser. I will report it and direct them to your findings.

 

BTW I choose only to display inline ads on mobile, no popover or redirect crap, so this truly is a rogue ad and poor filtering/checks from my advertiser.

Link to comment
Share on other sites

@Xeron here's an update:

Quote

Hi Steven,

I am adding our ZD Programmatic team who would be able to look into this for you. I've also turned off your 320x50 default tag. If you can, please follow up with the user and see if the "reward" type ads have stopped or not.

Asking them to clear cache/cookies and also deleting browser data will help.

Thanks!

 

We had Google AdSense serving remnant (now turned off).

Link to comment
Share on other sites

Yes. That's stopped them without clearing cache and cookies. I knew I could clear cookies and that would probably serve different ads and sort it this time (as private browsing was fine) but it wouldn't remove the rogue ad from the stream for the next poor visitor.

 

Thanks

Link to comment
Share on other sites

1 hour ago, Xeron said:

Yes. That's stopped them without clearing cache and cookies. I knew I could clear cookies and that would probably serve different ads and sort it this time (as private browsing was fine) but it wouldn't remove the rogue ad from the stream for the next poor visitor.

 

Thanks

Thanks! I will report back.

Link to comment
Share on other sites

  • 2 weeks later...

The following known URLs to "You've won a prize" were blocked:

 

Walmart
iPhoneAwards
Samsung Prizes
MediaMarket Awards
MediaMarket Give Away
iPhone Awards 

 

^ they are not linked because the addresses inject malware via a cookie.

 

I was asked by our ad tech support to share this link https://techzillo.com/congratulations-youve-won/ because if you saw the ad once, it has injected malware into your browser, you can clear the malware injection by following the steps in that link. The above applies to mobile btw.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.