Report Problems with Ads Here!

[Audizine Ad Ops]

Hello!

We wanted to reach out and make an introduction, as well as have one place for any problems that you guys see with the ads here on Audizine. We're ramping up our efforts to make sure things are super smooth for the Community, so keeping away any pesky weirdness with our advertising is an important part of that.

When you make a report please do your best to include the following:

-Screen Capture of whatever you can get
-Browser
-Operating System
-Device

Don't hesitate to report anything that seems suspicious. Our Advertising Operations Team is here to make sure that the ads behave and we love nothing more than tracking down and eliminating ad problems.

Thanks!

[Allthea]

I had posted a thread on 2018-06-16 mentioning that I was getting force-forwarded to some Amazon Reward Event page:

https://www.audizine.com/forum/showt...ard-Event-spam

The odd part about this was that if I put my browser in Incognito Mode, the force-forward doesn't happen. Because of this I've been viewing audizine in an Incognito tab (would this mean it's tied to your cookies?) for the last couple weeks. The last time I tried in regular mode was on 2018-06-21 and it was still happening. Do you believe it was fixed after June 21?

I had done a full flush of my browser (cache, cookies, temp files, etc.) when the issue first started happening, thinking it was on my side. I updated apps and the OS on my phone. It kept happening, only with this website (of the ones I visit regularly).

I'm using Android Oreo on a Samsung Galaxy S7, using Android Chrome.

I'll try again tonight and see if it's still happening. If so I'll capture the screen shot, possibly get site addresses and whatnot.

[Allthea]

Seems like it's still happening. Thought it was gone, left the tab open for a few hours, just used it again and this came up:



I mashed the back button a few times and got out of it (after going through one of those "you're corrupted install this app now to fix it" pages in Google colors) before copying the address.

Should this have been fixed? Should I do a cookie / cache wipe again?

[Allthea]

Thought it was fine then went to page 60 of this thread and it happened again.

https://www.audizine.com/forum/showt...athread/page60

[Audizine Ad Ops]

I had posted a thread on 2018-06-16 mentioning that I was getting force-forwarded to some Amazon Reward Event page:

https://www.audizine.com/forum/showt...ard-Event-spam

The odd part about this was that if I put my browser in Incognito Mode, the force-forward doesn't happen. Because of this I've been viewing audizine in an Incognito tab (would this mean it's tied to your cookies?) for the last couple weeks. The last time I tried in regular mode was on 2018-06-21 and it was still happening. Do you believe it was fixed after June 21?

I had done a full flush of my browser (cache, cookies, temp files, etc.) when the issue first started happening, thinking it was on my side. I updated apps and the OS on my phone. It kept happening, only with this website (of the ones I visit regularly).

I'm using Android Oreo on a Samsung Galaxy S7, using Android Chrome.

I'll try again tonight and see if it's still happening. If so I'll capture the screen shot, possibly get site addresses and whatnot.

Seems like it's still happening. Thought it was gone, left the tab open for a few hours, just used it again and this came up:



I mashed the back button a few times and got out of it (after going through one of those "you're corrupted install this app now to fix it" pages in Google colors) before copying the address.

Should this have been fixed? Should I do a cookie / cache wipe again?

Thought it was fine then went to page 60 of this thread and it happened again.

https://www.audizine.com/forum/showt...athread/page60

So this very likely isn't something which will go away with a browser refresh, we will have to hit this at source. When you said above that you go into Incognito mode and it doesn't happen, you are correct that it is related to your cookies. For some reason you are a very valuable target to these nefarious actors.

We'll push out some much more strict rules within the next hour, and I'm hoping it addresses this for you.

Please do report anything you see though as soon as you see it, I'm not sure why (yet) they are sneaking through to you so specifically.

[Allthea]

Ok, I'll try tinkering in normal mode again. Weird to think I'm being targeted...?

[Allthea]

the other part is I don't have these issues on the computer, either.

[Audizine Ad Ops]

Ok, I'll try tinkering in normal mode again. Weird to think I'm being targeted...?

Sorry, when I say "You" I really mean just something about your profile, like where you live, your specific city, your specific device combination. The people that do these things look for patterns, and sometimes someone is just unlucky to fall into one of those categories.

the other part is I don't have these issues on the computer, either.

Yeah, as mentioned before I kind of mis-spoke, it isn't you as a person just something about you. Likely this is only targeting your mobile device and not as valuable on Desktop.

We pushed out a few extra protections, so I'm also hoping we've taken care of it. :)

[Allthea]

Sounds good, thanks! I'll report back if anything changes.

[Allthea]

Seems like what you did worked. I've been force forward free.

[Audizine Ad Ops]

Seems like what you did worked. I've been force forward free.

Awesome! We'll stay on top of it, but definitely let us know if any other problems crop up!

[DeeInSeatown]

I've been getting spam type page redirects in the B8 A4 forum as well. It's on an Apple laptop running Safari. When it happens, it's usually along the lines of "your computer may be infected, download this" or "your flash player is out of date, click here to update." When's it happened, I've not been able to use the "back" button to return to the previous page and just have to close the tab altogether.

It's been happening for the last several months, but I haven't gotten screenshots or link addresses from when it happens. Next time it does, I'll try to scrape up more details. I only browse on my computer so don't know if I have the same issue on my phone browser.

[Audizine Ad Ops]

I've been getting spam type page redirects in the B8 A4 forum as well. It's on an Apple laptop running Safari. When it happens, it's usually along the lines of "your computer may be infected, download this" or "your flash player is out of date, click here to update." When's it happened, I've not been able to use the "back" button to return to the previous page and just have to close the tab altogether.

It's been happening for the last several months, but I haven't gotten screenshots or link addresses from when it happens. Next time it does, I'll try to scrape up more details. I only browse on my computer so don't know if I have the same issue on my phone browser.

Definitely flag that up the next time it happens. These things are more common on Mobile browsers, but they do definitely happen on Desktop. Currently we have much stricter rules for mobile than Desktop (because 95% of the problem is on mobile) but if we get one tiny flickering of one of these things happening on desktop we'll lock it up immediately.

Do try and grab that screen shot when it happens, as well as report it as quickly as you can so we can address!

[Allthea]

Search the internet for chumbrowser malware. I'm just taking a shot in the dark. Just getting through dealing with this on my girlfriend's Mac.

[Allthea]

Ugh, it started happening again. Same one.

[Audizine Ad Ops]

Ugh, it started happening again. Same one.

Dang it - Ok we're looking into it.

Did you happen to get a screen capture? Was it exactly the same as last time?

[Paul@SupremePower]

Same here. Amazon adware lock out on safari. Can’t get on for more than a minute

[Paul@SupremePower]

[Allthea]

Dang it - Ok we're looking into it.

Did you happen to get a screen capture? Was it exactly the same as last time?

I didn't get a screen capture because it was exactly the same as last time. Are you interested in the URL? If so I'll get a capture tonight.

[Audizine Ad Ops]

Just to confirm -

That is an iPhone running Safari, correct? Which model version is it, and do you have the latest Safari?

Thanks for the report, always helps to get a bit more information.

We're investigating....

[Paul@SupremePower]

Yep. 6s running latest iOS

Thx!

[Audizine Ad Ops]

Yep. 6s running latest iOS

Thx!

OK, I think we have this pretty locked off. Was that the last one you saw?

[Paul@SupremePower]

OK, I think we have this pretty locked off. Was that the last one you saw?

Yep appears good now.

Last night was last time. Thx!

[Audizine Ad Ops]

Yep appears good now.

Last night was last time. Thx!

Ok good stuff. Just report in here the second you see anything funny again, we're monitoring this thread.

Same goes for anyone else watching - please let us know if you see anything funny!

[Paul@SupremePower]

Ok good stuff. Just report in here the second you see anything funny again, we're monitoring this thread.

Same goes for anyone else watching - please let us know if you see anything funny!

Oh I will. This stuff drives me to drink. Stupid adware!!!!

[Paul@SupremePower]

Quick question. What’s the end game for these guys?

What does torturing me by locking my browser do for them?

[Audizine Ad Ops]

Oh I will. This stuff drives me to drink. Stupid adware!!!!

Lol... you and me both!

The ad nerd in me feels compelled to explain: This category of attack is actually called a mobile re-direct. Adware is something that infects your computer and then injects ads into sites locally on your machine which aren't part of that website's advertising.

Sorry... ad nerded out a bit hard there. :)

[Paul@SupremePower]

Lol... you and me both!

The ad nerd in me feels compelled to explain: This category of attack is actually called a mobile re-direct. Adware is something that infects your computer and then injects ads into sites locally on your machine which aren't part of that website's advertising.

Sorry... ad nerded out a bit hard there. :)

Ahhhh. Ok. I always instantly X out of it. I never realized I was being redirected to a real site. A few times I got that fake virus warning.

[Audizine Ad Ops]

Quick question. What’s the end game for these guys?

What does torturing me by locking my browser do for them?

I'm glad you asked!

Basically they play a game of numbers. There is a segment of internet users who are about as tech savvy as a paper towel, and those people might see that re-direct and think "Holy cow, an amazon event I can't miss? I'll sign up!!"

The crazy thing is that it actually isn't trying to install a virus on your computer. They literally profit off of the fact that so many people actually click that thing and sign up for the Amazon event. Many of these things are pointing to legitimate promotions on Amazon, Apple/Google App stores, etc. So they get paid a few bucks when someone actually signs up.

What they do is hijack the process that publishers use to get fairly paid for their advertising, and actually buy ads at a really good price... then inject their sneaky re-direct code inside of it. It has layers of deception that run very deep, which is why they end up sneaking through from time to time.

We're always working on better prevention systems, and Audizine is running some of the best protection software in the game.. but it is the modern version of forum spam. No matter how much you ramp up your defences, the nefarious actors will sneak through from time to time until you smite them.

[Paul@SupremePower]

I'm glad you asked!

Basically they play a game of numbers. There is a segment of internet users who are about as tech savvy as a paper towel, and those people might see that re-direct and think "Holy cow, an amazon event I can't miss? I'll sign up!!"

The crazy thing is that it actually isn't trying to install a virus on your computer. They literally profit off of the fact that so many people actually click that thing and sign up for the Amazon event. Many of these things are pointing to legitimate promotions on Amazon, Apple/Google App stores, etc. So they get paid a few bucks when someone actually signs up.

What they do is hijack the process that publishers use to get fairly paid for their advertising, and actually buy ads at a really good price... then inject their sneaky re-direct code inside of it. It has layers of deception that run very deep, which is why they end up sneaking through from time to time.

We're always working on better prevention systems, and Audizine is running some of the best protection software in the game.. but it is the modern version of forum spam. No matter how much you ramp up your defences, the nefarious actors will sneak through from time to time until you smite them.

Very interesting stuff thank you!

[Allthea]

Seems better on my end as well

[Audizine Ad Ops]

Very interesting stuff thank you!

No worries! If you want to know anything about ads, just let it flow. I'm a massive digital ad nerd, so I get irrationally excited talking about this stuff.

Seems better on my end as well

Glad to hear it! Fingers crossed that we're all set.

[DeeInSeatown]

Okay, just got the redirect. I didn't grab a screenshot but I was able to click backwards to return to the post I was looking at. Here's the landing page where I got the "click to update flash:

https://cdn.smartupdflash.stream/?tl...DsegH_ADoWtgVs.

And here's the page that was one click back, landing right before my return to Audizine:

https://dynamic2pixel.com/click?node...IsInVybCI6IiJ9

And yep, same setup. Apple MacBook Pro running macOS 10.13.5 with Safari 11.1.1

Thanks for the background on why these things pop up. I've gotten some pretty crazy phishing spam lately so have gotten more paranoid of late when I get these redirects.

[DeeInSeatown]

Happened again. Here's the web address:

http://mesmerised.stream/aboutus2/?a....134.61&geo=US

Here's a screenshot:

Backdoor virus.jpg

And when I backed out this time, the page downloaded 7 safari files and txt document to my computer and I couldn't quit safari or get to the force quit dialog on the computer.

Think my time here is going to be even more curtailed.

[Allthea]

Happened again. Here's the web address:

Here's a screenshot:

Backdoor virus.jpg

And when I backed out this time, the page downloaded 7 safari files and txt document to my computer and I couldn't quit safari or get to the force quit dialog on the computer.

Think my time here is going to be even more curtailed.

Did you try what I said last time? Look to see if it got installed on your computer. The internet will tell you what to look for.

Search the internet for chumbrowser malware. I'm just taking a shot in the dark. Just getting through dealing with this on my girlfriend's Mac.

[DeeInSeatown]

Did you try what I said last time? Look to see if it got installed on your computer. The internet will tell you what to look for.

I hadn't but checked yesterday and that's not installed on my computer. I shutdown the browser and the computer and deleted the downloads as soon as it happened. This is the only site I get these redirects on.

As luck would have it, as I was in another tab after reading your post yesterday I came back to the Audizine tab to find another redirect. I didn't grab a screenshot or address seeing as what happened last time.

[Chris@EPL]

I am getting an ad playing sound that is for a dealership called Superior all the time. On Firefox and chrome on this account and my personal one as well. Also getting the AZ page switching to a malware page a few times a day as well similar to the others posted.

[Audizine Ad Ops]

I am getting an ad playing sound that is for a dealership called Superior all the time. On Firefox and chrome on this account and my personal one as well. Also getting the AZ page switching to a malware page a few times a day as well similar to the others posted.

Could I get a screen grab of that Superior ad please? Are you seeing it on Desktop / Mobile or Both?

As for the page switching to malware - If you see it again, could you please get a screen grab? Is this happening on Desktop, Mobile or Both?

We'll look into it!

[Chris@EPL]

Could I get a screen grab of that Superior ad please? Are you seeing it on Desktop / Mobile or Both?

As for the page switching to malware - If you see it again, could you please get a screen grab? Is this happening on Desktop, Mobile or Both?

We'll look into it!

The Superior ad does not show up, it just plays the sounds. There is no Ad for it on the page and it plays by itself. Just noticed on desktop.

[Audizine Ad Ops]

The Superior ad does not show up, it just plays the sounds. There is no Ad for it on the page and it plays by itself. Just noticed on desktop.

OK, the next time you see it can you get a screen grab of the ads you do see on the page? It sounds like it might be coming in with something else by accident.

Ads with sound on autoplay are definitely not allowed, and I'm going to go and double check everything to make sure none of the settings are wrong.

How many times per day would you say you're noticing this? Do you only know that it is on Audizine because the sound icon comes up in Chrome?