# TCF pages automatically directing me to scam sites



## RickStrobel

On two separate occasions today I found my web browser redirecting to scam sites.

Example 1, while I was on this page
https://www.tivocommunity.com/commu...ial-mac-thread.375562/page-2184#post-11343965










Example 2 
https://www.tivocommunity.com/commu...ial-mac-thread.375562/page-2184#post-11343477









These pages seemed to appear on their own directly from TCF pages and did not appear to be coming from other tabs. You can see from this screenshot by history for that tab.










Could it be a problem caused by my computer? Of course. Is it likely to by from my computer? I'm pretty confident it's not. I'll leave it at that.

Note that this hasn't appeared on any other page or tab that I've had opened today.


----------



## Mike Lang

Probably just a rogue ad. It happens sometimes.


----------



## jhwpbm

Mike Lang said:


> Probably just a rogue ad. It happens sometimes.


It's happened to me several times over the past few days - and ONLY on this site, out of 100s I've visited. This is a problem.


----------



## Gavroche

I was somehow redirected to some spam/malware site when this was the only site I had open in my browser (latest Firefox). The malware site opened in the same tab i had this site open in. (I could have accidentally clicked an ad, I suppose.)

My system appears clean so I suspect a rogue ad somewhere on this site.

I can't provide any data or proof I'm afraid, but I thought I would mention it just in case!

Edit: I see I'm not alone and this has been going on for weeks now? Hmmm...

Edit 2: and Just for information... indeed it was the "something is wrong with your windows" site displayed in the message at the top of this thread.


----------



## mdavej

Yes, I get the same thing. I have to run an ad blocker on TCF. Can't run it at all on a phone it's so bad. Pretty sad they're so greedy they can't bring themselves to remove this crap.


----------



## kpeters59

It happens to me, too.

I had to re-enable my ad-blocker to stop it.

There's been more than 1. One tries to get me to download a .js file. The other is some kind of spam site.

It's been occurring for at least a month.

-KP


----------



## tommage1

I've had it happen multiple times. I've seen "upgrade to latest version of Firefox", and "you have the Zeus virus", maybe some others. Usually locks up the browser too, I have to reboot the computer. As far as I can remember it has only happened when using Firefox. Maybe my settings for FF are different than my IE settings.


----------



## mdavej

It's not a FF or settings issue. Happens everywhere (Safari, Chrome, etc.). The root cause is TCF itself. IE may be a little better at blocking popups or rejecting redirects, who knows.


----------



## loganasu

I have had this several times tonight on an iPhone using safari.


----------



## kpeters59

I'm not disabling my Ad-Blocker (ABP) again until I'm assured it's been fixed.

-KP


----------



## tommage1

mdavej said:


> It's not a FF or settings issue. Happens everywhere (Safari, Chrome, etc.). The root cause is TCF itself. IE may be a little better at blocking popups or rejecting redirects, who knows.


Some are dangerous I think. The one that said "update to the latest version of Firefox" wanted to download something. Almost had me fooled, looked semi-legit but I checked the actual link which was NOT legit. I also checked my Firefox settings for an actual update check and there were none. I am a bit worried, spam is one thing, tricking people into downloading who knows what is very bad.


----------



## RickStrobel

Browsing from my iPhone is becoming almost comical now. I have frequently gotten pop ups that overtake my phone. Usually they're telling me I won a $1000 gift card from Walmart.


----------



## OhFiddle

I was just thinking about starting a thread about this when I saw the topic in the sidebar. I have had this happen several times on this site recently on my tablet. It redirects to a junk page and locks up the Chrome Browser. I have to exit out of the app and empty the cache then force stop and reopen it. The page is usually still open but then I am able to close it at least. One time I had to completely reboot the tablet. Had this happen a couple of times on the Bored Panda site on my tablet too. It has never happened on my PC, but I do use an adblocker (Ghostery) in my Opera browser and additional antivirus which probably prevents it.

I understand these sites' revenue comes from ads, but when the ads stops the site from loading properly or worse yet do this kind of crap.... I have to use an ad blocker. I thought I could just install something similar to Ghostery for my tablet's browsers? But, the only thing I could find on the Google Play Store was to install browsers that I have never heard of which supposedly have built in ad-blockers. So you can't just use an ad blocker extension for the browsers on the Android OS? Is that because Google makes a ton of revenue through their own ad service? I wouldn't even mind the ads if it was just text or a picture and not videos or content that could be malware.


----------



## inaka

RickStrobel said:


> View attachment 31526
> Browsing from my iPhone is becoming almost comical now. I have frequently gotten pop ups that overtake my phone. Usually they're telling me I won a $1000 gift card from Walmart.


Yup. I can't even browse TCF at all on the iPhone. It's hardly a random rogue ad, it's a full-fledged browser hijack making viewing the forum completely impossible, with multiple occurrences happening over and over. Bummer.


----------



## RickStrobel

Crap TCF! Tonight I've noticed several times where sound is playing in the banner ads at the bottom of the page! :down:


----------



## Enrique

I've seen the same thing, if you're using an iOS you can download AdBlock Plus from the App Store and then turn it on in Setting -> Safari and content blockers.


----------



## Enrique

Mike Lang said:


> Probably just a rogue ad. It happens sometimes.


That's an unacceptable answer. If you're going to be displaying ads you need to make sure it's from a reputable source and that they've taken every precaution feasible to prevent these type of issues, as so far I haven't see that being done with the continuing and ongoing issues.


----------



## BrettStah

Sounds like it's time to switch ad networks, or adjust the settings of the current one. Many other sites seem to be able to have ads without the major problems seen here, based on numerous reports posted about it.
It doesn't impact me since I'm a club member (and I'm using ad blockers anyway), but it does sound like a horrible experience for many folks.


----------



## dlfl

I get "you've won ....." pop ups occasionally using Google Chrome on my iPad.


----------



## Mike Lang

The same stuff happens on AVS Forum with completely different ad networks and I see it all the time on various forms as a member.


----------



## mdavej

Mike Lang said:


> The same stuff happens on AVS Forum with completely different ad networks and I see it all the time on various forms as a member.


I have to strongly disagree. AVS is really bad, but TCF is absolutely horrible. I browse both all the time on my phone and have never had an AVS session completely hijacked. With TCF it happens constantly. There is no excuse for this type of advertising on a mainstream site. It's unacceptable.


----------



## kpeters59

Mike Lang said:


> The same stuff happens on AVS Forum with completely different ad networks and I see it all the time on various forms as a member.


Wait!

So, you're not doing anything about it?

-KP


----------



## Mike Lang

Reporting them as I see them like the rest of you. I don't have access to or control of ad networks on either site.


----------



## Enrique

Mike Lang said:


> Reporting them as I see them like the rest of you. I don't have access to or control of ad networks on either site.


My question is then who does? I remember some time ago this site was sold to some 3rd party...is that still the case are "we" still controled by some 3rd party? If that's not the case why would you still contact out your ads to any company that can't ensure your users their security and you don't have control of what ads are displayed on your what is supposed to be a family friendly site.

Let me just say I don't mean all this as an attack just really want to know as now the site I've visited since I was what 15 years old is now no longer a safe site to visit.


----------



## Mike Lang

Enrique said:


> My question is then who does?


The owners of each site. I've seen them each change ad networks several times but these will sometimes get through.


----------



## kpeters59

‘Sometimes’ is downplaying it, in case you’re missing our position...

-KP


----------



## dianebrat

Enrique said:


> My question is then who does? I remember some time ago this site was sold to some 3rd party...is that still the case are "we" still controled by some 3rd party? If that's not the case why would you still contact out your ads to any company that can't ensure your users their security and you don't have control of what ads are displayed on your what is supposed to be a family friendly site.
> 
> Let me just say I don't mean all this as an attack just really want to know as now the site I've visited since I was what 15 years old is now no longer a safe site to visit.


David Bott, the original owner bought the site back a while ago.
David Bott


----------



## Mike Lang

David does have the site monitored 24/7 by a third party for malware and other issues.

No ad service is perfect just like no email provider can get spam with 100% accuracy.


----------



## RickStrobel

Correct me if I'm wrong, but it would seem that service is monitoring the site and server, not necessarily the 3rd party ads and what they do and don't do.


----------



## markb

I just got redirected a spam/malware site while composing a reply to a thread on this forum. Apparently, this is my reward for disabling my ad blocker on TCF.


----------



## kpeters59

Well, some guy just called the landline here offering tech support for a PC we don't own...would you like his number?

-KP


----------



## krkaufman

The frequency of the hijacks seems to be increasing.


----------



## markb

I just happened to me again! This is unacceptable. Time to ditch this ad network.


----------



## Mike Lang

They'll need a screenshot & URL to flag it.


----------



## markb

Mike Lang said:


> They'll need a screenshot & URL to flag it.


I posted a screenshot above, the first time it happened. But I'm advocating that the ad network be ditched entirely, because they clearly aren't keeping a lid on this problem.


----------



## RickStrobel

Becoming unusable on my iPhone. Getting ads that take over and redirect to fake gift card sites. :down:


----------



## BrettStah

RickStrobel said:


> Becoming unusable on my iPhone. Getting ads that take over and redirect to fake gift card sites. :thumbsdown:


iOS supports content blockers... I use 1Blocker, but there are others also.


----------



## krkaufman

Mike Lang said:


> They'll need a screenshot & URL to flag it.


I used to only get them when reading a specific post; now they're popping-up whenever I'm reviewing Unread Watched Posts or New Posts, and with MUCH greater frequency.

It's getting really tough to interact with the site via my iPhone.


----------



## dlfl

Today I'm getting Congratulations you've won pop-ups every minute or so. The popup is modal and you have to hit OK which directs you to a new web page with a URL starting like this:
http://www.google.com-win-a-free-gift-from-amazon-walmart-samsung.verygoodads.com/home
Then you can go back to the TCF page you were on.

This makes TCF almost unuseable for me.

I'm running the Google Chrome browser on an iPad and have popups blocked. Doesn't happen on any other web sites. I tried clearing all browsing data (cookies, history). There isn't any other remedial action that can be taken with this browser and computer.


----------



## RickStrobel

dlfl said:


> Then you can go back to the TCF page you were on.


I think you meant to say "can't". I can't go back. This is really starting to piss me off. In fact I was coming here to post an example and it happened again. Note that I'm viewing a post about the same damned pop up.

URL
http://www.google.com-win-a-free-gi...t-from-amazon-walmart-samsung.verygoodads.com


----------



## Mike Lang

URL reported. David and I have yet to see any of these even running full ads. They seem to only hit a few of you but consistently.


----------



## krkaufman

iPhone 5S, iOS 10.3.3, AT&T, here. I think I'll update my OS and see if anything changes.


----------



## RickStrobel

krkaufman said:


> iPhone 5S, iOS 10.3.3, AT&T, here. I think I'll update my OS and see if anything changes.


Probably not much, although your phone may get slower and waste it's battery faster. iOS 11 hurt my iPhone 7's battery.

Also, I'm on an iPhone X with iOS 11.1.2 and AT&T. I get those ads whether I'm on cellular data traveling around town or at home on my WiFi which uses Spectrum Internet.


----------



## krkaufman

RickStrobel said:


> Probably not much, although your phone may get slower and waste it's battery faster. iOS 11 hurt my iPhone 7's battery.
> 
> Also, I'm on an iPhone X with iOS 11.1.2 and AT&T. I get those ads whether I'm on cellular data traveling around town or at home on my WiFi which uses Spectrum Internet.


Thanks for the heads-up.


----------



## dlfl

RickStrobel said:


> View attachment 31685
> 
> I think you meant to say "can't". I can't go back. This is really starting to piss me off. In fact I was coming here to post an example and it happened again. Note that I'm viewing a post about the same damned pop up.
> 
> URL
> http://www.google.com-win-a-free-gift-from-amazon-walmart-samsung.verygoodads.com/home/valid?jkhjkhetjkewhkjth=541;9;a3744b23e1ab80a1b8f6767ddf36fd29;d0d59e94400786b968fe2717908b3ec2;s2=125048.8466|s3=tivocommunity.com|;1395278_1034;http://www.google.com-win-a-free-gift-from-amazon-walmart-samsung.verygoodads.com


No, on my browser/computer (chrome/iPad 4) I can go back. If not it would **really** suck.


----------



## raebyddet

Me too. It’s really really bad. It’s making the site completely unusable.

I keep getting the “Congratulations” $1000 Walmart gift card ad.

It’s really bad. I’m on the current version of iOS. Desktop is fine, never an issue, only phone.


----------



## dlfl

dlfl said:


> Today I'm getting Congratulations you've won pop-ups every minute or so. The popup is modal and you have to hit OK which directs you to a new web page with a URL starting like this:
> http://www.google.com-win-a-free-gift-from-amazon-walmart-samsung.verygoodads.com/home
> Then you can go back to the TCF page you were on.
> 
> This makes TCF almost unuseable for me.
> 
> I'm running the Google Chrome browser on an iPad and have popups blocked. Doesn't happen on any other web sites. I tried clearing all browsing data (cookies, history). There isn't any other remedial action that can be taken with this browser and computer.


Still happening!


----------



## dlfl

Mike Lang said:


> URL reported. David and I have yet to see any of these even running full ads. They seem to only hit a few of you but consistently.


I'm guessing you haven't (probably can't) test running the Google Chrome browser on an iPad 4.


----------



## longrider

A quick note on this, the www.google.com is nothing but misdirection for the user. The actual domain is verygoodads.com and has nothing whatsoever to do with Google. Stuff like this is why I refuse to surf without an ad blocker. I sites I want to be active at I will do what I can to support the site but ads still get blocked even if the support turns off ads


----------



## mdavej

dlfl said:


> Still happening!


I think we need to send screenshots of these pop-ups to all the mods every time we get them so they see how annoying they are.


----------



## Mike Lang

dlfl said:


> I'm guessing you haven't (probably can't) test running the Google Chrome browser on an iPad 4.


Google Chrome browser on an iPad Pro. Can't replicate it at all. Even logged in as you.


----------



## longrider

I tried Chrome om an iPad Air and had no issues. Being a club member I had to log out but all I saw were normal ads.

However I will say verygoodads.com is the culprit and probably should go. DigitalSpy.com forums are reporting the exact same issue with ads from verygoodads.com I got that from the first page of a Google search on the domain, how may more would i find with a deeper search??


----------



## markb

Aren't there any logs that the admins can access to show what ads were served to which user and when?


----------



## dlfl

Mike Lang said:


> Google Chrome browser on an iPad Pro. Can't replicate it at all. Even logged in as you.





longrider said:


> I tried Chrome om an iPad Air and had no issues. Being a club member I had to log out but all I saw were normal ads.
> 
> However I will say verygoodads.com is the culprit and probably should go. DigitalSpy.com forums are reporting the exact same issue with ads from verygoodads.com I got that from the first page of a Google search on the domain, how may more would i find with a deeper search??


Possibly my iPad 4 is more vulnerable than the Pro's?

Also, the frequency of popups varies a lot. There can be long periods with none and then periods where they are frequent. I also wonder if particular navigation paths on the forum make a difference.

Mine are all always the verygoodads type so I would second the motion to get rid of those.


----------



## BrettStah

Try blocking that site:
How to block websites in Safari on iPhone and iPad


----------



## dlfl

BrettStah said:


> Try blocking that site:
> How to block websites in Safari on iPhone and iPad


Since I am running the Chrome browser (not Safari) I was skeptical about the procedure linked, which is to use (in settings):
General .... Restrictions .... Websites .... Limit Adult Content ... Never Allow .... AddWebsite
The verygoodads.com popups occur on a random basis so to test whether this would work in Chrome, I tried blocking www.avsforum.com/forum/ . Then I tried browsing to my AVS bookmark (in Chrome):
http://www.avsforum.com/forum/showthread2.php?t=1524543&goto=newpost
And the block worked!

So I entered what appears to the root URL for the popups:
www.google.com-win-a-free-gift-from-amazon-walmart-samsung.verygoodads.com/home

But everytime these popups occur the url contains a lot more stuff including what appear to be random number sequences. So fingers-crossed this is going to block them.


----------



## raebyddet

Yesterday it seemed better, now today they are back again. Badly, I can click on a forum topic, usually read one post then the pop up happens.


----------



## BrettStah

dlfl said:


> Since I am running the Chrome browser (not Safari) I was skeptical about the procedure linked, which is to use (in settings):
> General .... Restrictions .... Websites .... Limit Adult Content ... Never Allow .... AddWebsite
> The verygoodads.com popups occur on a random basis so to test whether this would work in Chrome, I tried blocking www.avsforum.com/forum/ . Then I tried browsing to my AVS bookmark (in Chrome):
> http://www.avsforum.com/forum/showthread2.php?t=1524543&goto=newpost
> And the block worked!
> 
> So I entered what appears to the root URL for the popups:
> www.google.com-win-a-free-gift-from-amazon-walmart-samsung.verygoodads.com/home
> 
> But everytime these popups occur the url contains a lot more stuff including what appear to be random number sequences. So fingers-crossed this is going to block them.


iOS's Internet content filter affects all browsers, since they all use the iOS web rendering engine. Just block *verygoodads.com*, and it'll block everything with that domain name.


----------



## BrettStah

raebyddet said:


> Yesterday it seemed better, now today they are back again. Badly, I can click on a forum topic, usually read one post then the pop up happens.


What browser and operating system? If it's this same verygoodads.com crap, it can be blocked.


----------



## RickStrobel

Just got it again

http://www.google.com-win-a-free-gi...t-from-amazon-walmart-samsung.verygoodads.com


----------



## mdavej

All the blocking advice is appreciated. But you're missing the point. TCF shouldn't do crap like this. We shouldn't have to block anything. In fact, there's a big banner every time I visit begging me to turn off my ad blocker. If they want me to turn it off, they need to make their site safe to use without one.


----------



## markb

mdavej said:


> In fact, there's a big banner every time I visit begging me to turn off my ad blocker. If they want me to turn it off, they need to make their site safe to use without one.


Indeed. I turned my my ad blocker back on, specifically because of these scams. This site is not safe to browse without an ad blocker, anymore!


----------



## dlfl

BrettStah said:


> Try blocking that site:
> How to block websites in Safari on iPhone and iPad





dlfl said:


> Since I am running the Chrome browser (not Safari) I was skeptical about the procedure linked, which is to use (in settings):
> General .... Restrictions .... Websites .... Limit Adult Content ... Never Allow .... AddWebsite
> The verygoodads.com popups occur on a random basis so to test whether this would work in Chrome, I tried blocking www.avsforum.com/forum/ . Then I tried browsing to my AVS bookmark (in Chrome):
> http://www.avsforum.com/forum/showthread2.php?t=1524543&goto=newpost
> And the block worked!
> 
> So I entered what appears to the root URL for the popups:
> www.google.com-win-a-free-gift-from-amazon-walmart-samsung.verygoodads.com/home
> 
> But everytime these popups occur the url contains a lot more stuff including what appear to be random number sequences. So fingers-crossed this is going to block them.





BrettStah said:


> iOS's Internet content filter affects all browsers, since they all use the iOS web rendering engine. Just block *verygoodads.com*, and it'll block everything with that domain name.


This works but *not really*. The modal popup requiring hitting an "OK" button no longer pops up, but the TCF page you were viewing is replaced by one saying the verygoodads.com page could not be reached. Then the back button will restore the TCF page. So now instead of 2 clicks and an iterruption there is 1 click and an interruption. Not satisfactory!


----------



## dlfl

What popup blockers work well on an iPad 4 ? I prefer not to depend on an external site for this but might try one if that's the only way.

Also, apparently this doesn't happen to TCF Club Members. I hope this isn't a passive-aggressive tactic to promote club membership. Sorry but that isn't worth what it costs, to me.


----------



## ClearToLand

dlfl said:


> Since *I am running the Chrome browser* (not Safari) I was skeptical about the procedure linked, which is to use (in settings):
> General .... Restrictions .... Websites .... Limit Adult Content ... Never Allow .... AddWebsite


I don't see these 'Tabs' in Chrome 62.0.3202.84 on Android 5.0.1 - are they tied to your personal profile? (which I don't use).


dlfl said:


> ...The verygoodads.com popups occur on a random basis so to test whether this would work in Chrome, I tried blocking www.avsforum.com/forum/ . Then I tried browsing to my AVS bookmark (in Chrome):
> http://www.avsforum.com/forum/showthread2.php?t=1524543&goto=newpost
> And the block worked!
> 
> So I entered what appears to the root URL for the popups:
> www.google.com-win-a-free-gift-from-amazon-walmart-samsung.verygoodads.com/home
> 
> But everytime these popups occur the url contains a lot more stuff including what appear to be random number sequences. So fingers-crossed this is going to block them.


This 'Popup / Virus Problem' began on my Android tablet about a month ago with random (once-every-ten-hours of browsing) announcing that my tablet had four (4) viruses:
us DOT rq3i DOT date
followed by much more frequent annoyances from
us DOT macadamized34sv DOT xyz
and
us DOT editorializer28df DOT xyz
which progressed to the point of one right after the other while just attempting to view my 'Watched Threads'. [Around three weeks ago, I checked this forum and there were a handful of related threads but they had minimal activity / confirmations. Around two weeks ago, this thread got active so I've been following it.]

Since I'm on my home LAN and all of my devices have static IPs assigned in groups per task, I was easily able to create a filter on my router (running DD-WRT) to block *.xyz on two (consecutive) IPs. I was hesitant to block the whole domain (after reading about it via Google *Wikipedia: xyz*) but since it was just on two tablets, I figured what the heck. [NOTE: Google "Pi-Hole on a Raspberry Pi" for an alternate 'Whole House' solution.]

Shortly afterwards, verygoodads.com became pesky so I added the whole domain, which is what I suggest you do.

There is no filtering on my third tablet (Amazon Fire OS - I was running Silk but installed Chrome just to test TCF) which I turned on today and strangely, there are no annoying popups either. I wonder if the Android tablet has a 'seed' on it that 'attracts' the problem (and maybe that's why someone like @Mike Lang doesn't see the problem).



BrettStah said:


> iOS's *Internet content filter affects all browsers*, since they all use the iOS web rendering engine. Just block *verygoodads.com*, and it'll block everything with that domain name.


:thumbsup:



RickStrobel said:


> *Just got it again*
> 
> http://www.google.com-win-a-free-gift-from-amazon-walmart-samsung.verygoodads.com/home/valid?jkhjkhetjkewhkjth=541;9;a3744b23e1ab80a1b8f6767ddf36fd29;1dbc41b4fd181b343272a1d937c5d513;s2=125048.8466|s3=tivocommunity.com|;2377060_0906;http://www.google.com-win-a-free-gift-from-amazon-walmart-samsung.verygoodads.com


Are you on a local LAN or public / work WiFi / Cellular?



dlfl said:


> *This works but not really*. The modal popup requiring hitting an "OK" button no longer pops up, but the TCF page you were viewing is replaced by one saying the verygoodads.com page could not be reached. Then the back button will restore the TCF page. So now instead of 2 clicks and an iterruption there is 1 click and an interruption. Not satisfactory!





dlfl said:


> What popup blockers work well on an iPad 4 ? I prefer not to depend on an external site for this but might try one if that's the only way.
> 
> Also, apparently this doesn't happen to TCF Club Members. I hope this isn't a passive-aggressive tactic to promote club membership. Sorry but that isn't worth what it costs, to me.


When I added the "verygoodads.com" filter, my popups disappeared instantly without any residue 'could not be reached'. I also have 'third-party cookies' disabled in Chrome. I wonder if you have any existing "verygoodads.com" cookies or cache entries / 'seeds' that need to be deleted?

NOTE: I still had the two us DOT "RandomText" DOT xyz tabs open in Chrome on my tablet and now they are "ERR_NAME_NOT_RESOLVED" so I can try removing the .xyz domain from my DD-WRT filter list. Maybe someone reported them.


----------



## dlfl

@ClearToLand,
I'm running Chrome on an *iPad 4, *not Android like you. That probably explains the differences in what we see.


----------



## raebyddet

BrettStah said:


> What browser and operating system? If it's this same verygoodads.com crap, it can be blocked.


iOS current version. iPhone 7.


----------



## RickStrobel

I get it on cellular and on WiFi.


----------



## raebyddet

Literally, just now, got it trying to read this thread.


----------



## dlfl

Oh great, now a new ad popup URL I can't block in my Google Chrome browser on my iPad4:

Congrats!

And while I was composing this post the old popup (verygoodads.com) interrupted me.

Ridiculous!


----------



## dlfl

If I used TapaTalk (on an ipad 4) to access TCF, would it ignore these popups? Would I have to pay the $0.99/month to achieve this?


----------



## RickStrobel




----------



## RickStrobel

Post above is the history of my Windows Chrome browser. Here's what was on my screen... CAN'T BELIEVE THIS IS HAPPENING HERE... DISGUSTING.










In my little corner of the world I personally know a handful of clients who've been tricked by this stuff. Several of them were out $400 - $600 to the scammers like these. And that doesn't include the $100 - $300 they end up paying to get things cleaned up.


----------



## RickStrobel

On iPhone 
Congrats!


----------



## Marc

Just as an additional data point in case it's useful, I tried browsing this site in Safari (incognito window) and Chrome (not logged in) on my Mac, and nothing untoward popped up.

After seeing Rick's post, though, I tried from my iPhone (not logged in). Almost immediately after loading the top-level forum page, I was presented with the same kind of redirection that others have previously reported.


----------



## samsauce29

Definitely appears that blocking ads on desktop and using TapaTalk on mobile remains the correct approach when using TCF.

To answer the poster above, I've used TapaTalk both with and without paying and haven't seen these scammer ads... So I'd say it's worth a shot.


----------



## Mike Lang

I've given the info to David and I know he's contacted the ad network with the few URLs supplied.


----------



## stevel

Note that it's not just scam ads (Google gift), but also scam "Windows support". If an ad network I was using showed any of these, I'd drop them instantly. There is no excuse for this, in combination with the "Aw, snap" popup if one is running an ad blocker. Either you take responsibility for ads or don't get upset if people block them.


----------



## Mike Lang

Remove "Congratulations Google User" fake alert (Virus Removal Guide)


----------



## Mike Lang

"This Congratulations Google User redirect is usually caused by adware installed on your computer. These adware programs are bundled with other free software that you download off of the Internet."


----------



## Marc

In @RickStrobel's and my cases, we're getting those redirects on our iPhones. From what I can tell, unless one's device is jailbroken, it's pretty much impossible to get adware installed on an iPhone.


----------



## Mike Lang

I can't get any of them to show up on any platform under any account. If it's anything like AVS, only 1-3% of people see them, but those few see them a lot.


----------



## ClearToLand

dlfl said:


> @ClearToLand,
> I'm running Chrome on an *iPad 4, *not Android like you. That probably explains the differences in what we see.


I know that you're running Chrome on an iPad 4:


dlfl said:


> No, *on my browser/computer (chrome/iPad 4)* I can go back. If not it would **really** suck.


I have no problems reading, but you seem to be very quick to be dismissive.

I spend an hour researching and composing my earlier reply to you and @RickStrobel . During that research I learned about Chrome Parental Controls, which are located inside your Google Personal Profile. Since I don't use a Google Personal Profile (i.e. log into Google to share my bookmarks, etc... across platforms), I asked if you did. It's a valid question and it still stands.

I also asked if you had 'Third-Party Cookies' enabled or disabled.

I've solved the problem on my tablets (running on my local LAN) and I'm only trying to share what I've learned to help others...


----------



## ClearToLand

RickStrobel said:


> I get it on cellular and on *WiFi*.


Is the WiFi on your local LAN and can you add filters in your router?

If filters on your router are not an option, Pi-Hole on a Raspberry Pi can solve the problem for an entire LAN (vs installing blocking extensions on each device's browser).


RickStrobel said:


> Post above is the history of my *Windows Chrome browser*. Here's what was on my screen... CAN'T BELIEVE THIS IS HAPPENING HERE... DISGUSTING.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> In my little corner of the world I personally know a handful of clients who've been tricked by this stuff. Several of them were out $400 - $600 to the scammers like these. And that doesn't include the $100 - $300 they end up paying to get things cleaned up.


On Windows using Chrome, the following extensions work very well AND have 'Activity Icons' to the right of the Address Bar:
*uBlock Origin*
*uBlock Origin Extra*
*uBO-Scope / uBlock Origin Scope*
As I compose this reply, #1 shows "34" (sites blocked - started at 21 and keeps climbing) and #3 shows "356" (third-party site call attempts), AFAICT.


----------



## ClearToLand

dlfl said:


> Oh great, now a new ad popup URL I can't block in my Google Chrome browser on my iPad4:
> 
> Congrats!
> 
> And while I was composing this post the old popup (verygoodads.com) interrupted me.
> 
> Ridiculous!





RickStrobel said:


> On iPhone
> Congrats!


IMO, posting:

landingdisplay DOT page DOT user DOT liimrs DOT com​
is safer than posting an actual URL that TCF automatically converts into a clickable LINK that some unsuspecting / non-technical user might click on.


----------



## ClearToLand

Mike Lang said:


> "This Congratulations Google User redirect is usually caused by adware installed on your computer. These adware programs are bundled with other free software that you download off of the Internet."


It appears that the majority of the problem is with iPhone users and possibly Android phone / tablets (i.e. me as one Android tablet data point) but your solution is for Windows computers.

[ @Mike Lang: Securi Website Firewall keeps popping up with a 'Open a Support Ticket' form as I compose this reply. Now I can't PREVIEW - saving to Notepad in case REPLY TO THREAD fails. Can't REPLY. Opened new TAB in Chrome and began new reply w/ Cut-N-Paste from Notepad. Securi won't let me QUOTE Post #79. Removed Post #79 QUOTE. PREVIEW now works again. Bottom line in both paragraphs displays as CENTERED although BBCode view displays no tags. ALIGN LEFT has no effect. Securi Hosting Timeout Popup when attempting to REPLY TO THREAD.]


----------



## RickStrobel

Loading...


----------



## RickStrobel

Privacy Enhancement


----------



## RickStrobel

Previous two were on my Windows PC. Came back to my Mac with a TCF page I had left open and found this:

Flash Player


----------



## smbaker

Adding myself to the list of people who have had issues being redirected to spam/scam sites. It has happened to me twice within the last week, out of perhaps a half-dozen times that I have used the phone to access this website.

My iPhone is about as plain as it gets. No jailbreak. Not even very many apps installed on it. This is the only website I have had this problem with. It's also the only forum I visit from the phone.


----------



## dlfl

ClearToLand said:


> .........
> I spend an hour researching and composing my earlier reply to you and @RickStrobel . During that research I learned about Chrome Parental Controls, which are located inside your Google Personal Profile. Since I don't use a Google Personal Profile (i.e. log into Google to share my bookmarks, etc... across platforms), I asked if you did. It's a valid question and it still stands.
> 
> I also asked if you had 'Third-Party Cookies' enabled or disabled.
> 
> I've solved the problem on my tablets (running on my local LAN) and I'm only trying to share what I've learned to help others...


My Chrome was signed in to my Google account and I had syncing enabled. I don't benefit from this since there is no other device running Chrome that I want to sync/share data with. Thus I've turned both these things off.

I've looked tediously through all the possible places I could set anything related to Chrome (i.e., both in iOS/iPad settings and my Google Account/Profile) and can't find anything about 'Third-Party Cookies'. This appears to be an example of how Android and iPad/iPhone settings affecting Chrome are just different, unless someone can tell me where to find this setting.


----------



## stevel

Blaming the victims is never the right approach. Yes, on some platforms there are things you can do to block TCF’s support of malevolent ad networks, but that’s like asking “what were you wearing?” There are enough reports of this inexcusable behavior that David should drop this ad provider immediately. Not that there is any ad provider out there that is 100% safe, but some are better than others. This is NOT adware on people’s devices, it’s TCF pushing scams.


----------



## dlfl

dlfl said:


> My Chrome was signed in to my Google account and I had syncing enabled. I don't benefit from this since there is no other device running Chrome that I want to sync/share data with. Thus I've turned both these things off. ............
> .


And ..... still getting verygoodads.com interruptions today.


----------



## andyw715

I get it (congrats google user)consistently on iOS 11.1.2 with safari either cellular or wifi.


----------



## LoREvanescence

Last night I could not brows or post on the forums on iOS via Safari. 

After 30 seconds or so I kept getting redirected to a spam page such as you are a google winner. You could not go back / had to close the tab and start over.

This made it impossible to compose a message because it would always redirect while you were trying to type something. After this happening 10 times in a row I just gave up.


----------



## kdelande

Adding my name to the chorus. iPhone on IOS 11. verygoodads.com and two others that I've lost the domain name for. Same crap as others, "You've won..." and it forcing my session to their site. Have to Close the window and go back several pages to get back to where I was.


----------



## dlfl

I wondered if this was an iOS 11 issue but it's not, because my iPad 4 is on iOS 10.3.xx and says it is up to date. Apparently it will never go to 11.


----------



## series5orpremier

I’m constantly getting hijacked on this website unless I’m using a VPN or unless I’m logged in.


----------



## ClearToLand

FYI (from the Happy Hour Forum):



BrettStah said:


> I just want to bring this up again, not as the acceptable "fix" to the scummy ads that are being seen by some folks, but as a relatively cheap thing that folks can add to their homes.
> 
> To clarify, there are two different pieces of software that can be installed onto the same Raspberry Pi. You connect the Pi to your network, and configure a few things on your router, and then the Pi-hole software all of your devices on your home network can then have known ad websites (and malware sites) can be blocked. If you also install the PiVPN software (which is a very easy way to have OpenVPN installed, basically), and configure a few things (one change on your router, plus editing a few text files, basically - only takes a few minutes), then you can create VPN certificates for any devices that you want to be able to remotely connect to your home network via VPN.
> 
> The main benefits:
> 
> Decrease overall bandwidth usage by blocking the loading of many ads
> Works for all devices that use your internet connection, not just your laptop, smart phone, or tablet
> Speeds up browsing because fewer ads are downloaded
> Can work outside of your home for devices that can connect to VPN networks, so you get the same benefits from cellular connections (or other wifi networks) as you do while at home
> Makes using other networks (such as free WiFi hotspots) more secure, since your traffic is all being securely tunneled through your own VPN
> Besides blocking ads, it can also block known malware sites
> It's pretty easy to manually whitelist sites if needed. For example, some legitimate websites will use affiliate links that will then navigate to amazon, etc. If you want to support those websites by following the affiliate links, you just need to add the website that hosts their links to the whitelist
> Raspberry Pi thread, starting with info about PiVPN:
> https://www.tivocommunity.com/commu...ith-raspberry-pi.545572/page-14#post-11239617
> 
> Existing thread here about Pi-hole:
> https://www.tivocommunity.com/commu...s/ad-blocking-pi-hole-on-raspberry-pi.543596/
> 
> This guide is a great one to follow to get both Pi-hole and PiVPN working together, IMHO:
> PiVPN and Pi-hole - marcstan.net


I heard of Pi-Hole but not PiVPN.

Thanks @BrettStah ! :thumbsup:


----------



## raebyddet

Mike Lang said:


> "This Congratulations Google User redirect is usually caused by adware installed on your computer. These adware programs are bundled with other free software that you download off of the Internet."


No. Is there a verbal equivalent of smack hand to forehead. This is impossible on iPhones. This is your ad network serving bad ads. Either mistakenly or through not caring.

The response here is bordering on whatever or it's a problem with your device. This is not the answer.

You have many people complaining, it's even leaked into happy hour. This is not isolated to a few people this is a real issue. Please fix this. This is an ad network issue. Please reach out to them to report this.


----------



## RickStrobel

While composing a reply on this thread:


----------



## Mike Lang

raebyddet said:


> Please reach out to them to report this.


Again...



Mike Lang said:


> I don't have access to or control of ad networks on either site.


Only David can control the ad networks and he's submitted reported ads.


----------



## Chapper1

But I thought your official stance is that it was all of us with adware on our phones.


----------



## RickStrobel

Walked away from my Mac and 20 minutes later it's telling me I need a Flash Player update...

http://check4free.groupsserversupgr...d=RxY5ywZoDiRSifP_4dLnXHfitUVw2DPnPibjp3owQPQ.


----------



## dlfl

Another hijack url:
Congrats!


----------



## markb

Mike Lang said:


> Again...
> 
> Only David can control the ad networks and he's submitted reported ads.


Well, hopefully David understands the urgency of the situation. That the ad network hasn't already been given the boot is discouraging. Simply reporting the ads to the ad network isn't enough, at this point.


----------



## Mikeguy

Simply FYI and as a further warning and data point:

Visited the TCF website today on a Win10 laptop, using the Edge browser with no ad-blocking software installed; had a few tabs open, all directed at TCF, and no other website was open under the browser. Everything was fine for 5-10 minutes, and then I started hearing a warning from a woman with a British accent (!?) about my system and its Microsoft software needing urgent attention, coming from one of the tabs. I went to the tab and found that the posts open there were now obstructed by 1-2 large pop-up window warnings echoing the voice, that my system needed urgent attention (and threatening, if I recall correctly, dire consequences if I tried to cancel the message), and containing a toll-free number to call and a button to click. Trying to X out of the pop-ups was ineffective, and the voice continued on; likewise, I couldn't X out of the tab or access the other tabs. The only thing I was able to do was to use Task Manager to stop Edge entirely. Someone lesser-experienced with computers easily could have gone into a panic and been frozen.

When I restarted Edge, it opened up the TCF tabs that had been aborted prematurely. Once again, the same scam high-jacking pop-ups reappeared after a few minutes along with the verbal warning (same Brit), and I once again only was able to use Task Manager to escape them.

I since have installed AdBlock under Edge and the site has been fine since (as it also had been earlier, before I first came to TCF today)--this obviously is a TCF site-specific issue. I would not recommend that anyone visit the site without an ad-blocking extension.

This is many-ways dangerous.


----------



## Mikeguy

Mike Lang said:


> David does have the site monitored 24/7 by a third party for malware and other issues.
> 
> No ad service is perfect just like no email provider can get spam with 100% accuracy.


Data point: the only time I have had issues such as this has been from a sketchy site.


----------



## dianebrat

The problem here is that this has been going on for a while and as the community that supports the site we're not hearing back anything positive, nor is the issue going away.
We all get it, TCF needs ad support, and even asks users to turn off their ad-blockers, but turning off ad-blockers REQUIRES that you give us a safe site to do so in and that simply is no longer the case with TCF.

I'm a TCF club member and don't run an ad-blocker here, but with everything that's gone on in the past month+ here there's NO WAY I'd surf TCF without an ad-blocker turned on if I wasn't a member and that's disappointing.


----------



## Mikeguy

I apologize for not posting a screen grab of the spam attack I encountered earlier today (see above)--candidly, I was spooked by the attack (the on-going spam audio announcement adding to the scare tactic) and my first thought was to get away from it as quickly as possible, and so forgot about getting a screen grab.


----------



## smbaker

Hijacked twice on the iPad within the last minute.


----------



## Phil T

Was hijacked yesterday out of home on my IPhone8+. I have to keep the ad blocker on my MacBook Pro at home.
This really needs attention by the owner/admin of the site. Does not make for an enjoyable experience and I think it would deter prospective customers looking for info here. Also an embarrassment to TiVO corporate.


----------



## Mikeguy

Phil T said:


> Was hijacked yesterday out of home on my IPhone8+. I have to keep the ad blocker on my MacBook Pro at home.
> This really needs attention by the owner/admin of the site. Does not make for an enjoyable experience and I think it would deter prospective customers looking for info here. *Also an embarrassment to TiVO corporate.*


(Note: as far as I am aware, TiVo Corporation itself is not connected to this site officially.)


----------



## Phil T

Mikeguy said:


> (Note: as far as I am aware, TiVo Corporation itself is not connected to this site officially.)


I realize that but with TiVO Ted participating they are aware and "unofficially" monitoring the site. There is a lot of good information here and I think the hjack issues don't help anything or anyone.


----------



## dlfl

Another hijack domain just now: freebielistdaily.com


----------



## David Bott

So, you think we are not doing anything. Well, not only is the ad network I use monitoring this thread and trying to reproduce the issues, so have I been as well as Mike and several other I have enlisted across the country. I have longed in as each of you going as far as pulling the IP's and getting on a VPN in your area to look like I am in the same area. I have not once received any issues with the ads or hijacks or anything like this. I have run the same time on all browsers and now what must be hundreds of page refreshes. Again, nothing. (Hours and hours of my time to do this as you would guess.)

So I thought ok, they think it is the ad provider, I change all ad slots to be Google Ads and did not use the ad network for a day. In that same day some of you reported still seeing the issue. So, where does that leave us? Not sure, but with all the hacks in apps and browsers going around, I surely would not be surprised if you may find something on the device. If I counted right, we have about 9 people with this complaint out of the thousands of visitors we have each day.

You think I would want this to happen to anyone? Oh come on. I have done everything I can for to protect any site I own. You all know that. Even go as far as to having it monitored by a third party.

As far as Sucuri stopping a post is because it see something in the post that looks like it was injected into the post stream that it should not be. This could be something on the device injecting something when you go to post and you would never know it. (Their surly can be false positives for sure like any protection system for sure.) But this is why we have protection system in place.

Going one step further, the system loads pages, including ads, and will alert me to anything it can see that could be an issue.








I also see someone mentioned it is happening on AVSForum...I do not own it, sold it in Oct 2011, and do not run the ads their. So that connection surely is not something you can lump into me.

I am still at a loss as to what to say as I can not fix something we can not see and we do not see it. Yes, I know you have the issue, but I also know that hijacks can target sites to make it look like it is a site that is making for the issue thus the person blames the site and does not look further. Turning on a ad blocker surely could stop it from happening based on what the ad blocker does...It strips code from loading. Code that may be used to trigger something to happen.

All in all, I have done all I can do to look for the issue and so have others. But we are still looking.

SIDE NOTE: We also run thew same ad provider on DBSTalk.com...We have no reports of issues. The sites are setup 100% the same way. (Same software, add-ons, etc.)


----------



## OhFiddle

I think I only had it happen two times to me on this site on my Android tablet, and I visit almost daily on it. It wasn't the "Google you won something", but a popup with horrible grammar and spelling saying my "generic android device was infected with malware from viewing too many porn site", and to follow the link provided to remove it and fix my tablet. I couldn't close the tab and ended up having to force shutdown the Chrome app, clear the cache, and reboot the tablet. Since other people have started reported increasing problems recently I haven't had any at all. The last time was weeks ago. I never had any issues at all on my pc with this site, but I do use an ad blocker on it. Maybe it is some targeted ad that is triggered by the device id and the data in the saved cookies and cache on the device? I don't know, but it must be frustrating.


----------



## murrays

Add my name to the list. I've been hijacked on my iPhone, iPad and iMac, all running Safari. I have not seen it on my work PC, but I have had the issue with my iPhone logged into our company WiFi.


----------



## Chapper1

For my safety and sanity, I’ll keep using the adblock I use for my iPhone and MacBook. I stopped having hijack problems here when I installed the one on my phone. While I wish I could support the site by having the ads visible, it makes the whole process too dangerous and difficult. Knowing that the admin blames the users (especially the long time users who are IT professionals) for these issues makes me feel better about my decision.


----------



## Phil T

Just a data point. I have not seen it on DBS Talk, just here. I will turn my ad blocker off on both sites and will report back.


----------



## nyny523

I get it a lot on my iphone and my ipad.

Scary.


----------



## markb

In the interest of science, I turned off my ad blocker and reloaded this page. After sitting on this page for a few minutes, the redirect happened. The web server this time was tech-ra52.stream.

I have a Fiddler log of the session. I'm not entirely sure how to interpret it. But the order of servers that it connects to is:

s.update.adsrvr.org
tracking.beginads.com
fastclickrewards.com
jcibj.com
selitutes-touning.com
vrzkz.redirectvoluum.com
server1.1honesty.com
tech-ra52.stream

In regards to reproducing the issue, I've found I have to sit on the page for a while. In this case, for about five minutes.

This is Firefox 57 on Window 10.


----------



## murrays

It had been awhile, but just got hijacked on my iPhone on work WiFi (Sub-Zero group).


----------



## dianebrat

David Bott said:


> So, you think we are not doing anything. Well, not only is the ad network I use monitoring this thread and trying to reproduce the issues, so have I been as well as Mike and several other I have enlisted across the country. I have longed in as each of you going as far as pulling the IP's and getting on a VPN in your area to look like I am in the same area. I have not once received any issues with the ads or hijacks or anything like this. I have run the same time on all browsers and now what must be hundreds of page refreshes. Again, nothing. (Hours and hours of my time to do this as you would guess.)
> 
> So I thought ok, they think it is the ad provider, I change all ad slots to be Google Ads and did not use the ad network for a day. In that same day some of you reported still seeing the issue. So, where does that leave us? Not sure, but with all the hacks in apps and browsers going around, I surely would not be surprised if you may find something on the device. If I counted right, we have about 9 people with this complaint out of the thousands of visitors we have each day.
> 
> You think I would want this to happen to anyone? Oh come on. I have done everything I can for to protect any site I own. You all know that. Even go as far as to having it monitored by a third party.


THANK YOU!
David, I know it may not sound like much, but just having you come in and say what you did goes a very long way in helping us know that it's being heard, there was a time the discussion started to feel like it was heading towards just blaming the victims.

So once again, thank you for speaking up and letting us know what you've been doing on this front.


----------



## David Bott

dianebrat said:


> THANK YOU!
> David, I know it may not sound like much, but just having you come in and say what you did goes a very long way in helping us know that it's being heard, there was a time the discussion started to feel like it was heading towards just blaming the victims.
> 
> So once again, thank you for speaking up and letting us know what you've been doing on this front.


I did not say anything until I had reports back from all that where helping. But it feels al for not when you have another user saying..."Knowing that the admin blames the users (especially the long time users who are IT professionals) for these issues makes me feel better about my decision."

I DID NOT blame the users. I presented the information I have and the testing we have done and continue to do. I even adding information as to how some of these intrusions present themselves and how they may behave. As mentioned, it also was reported on AVSForum, which I do not control, and has not shown up on DBSTalk, which I do run 100% the same as I do this site right down to the same ad network.

There are many areas of IT professionals, not sure what area someone may be in so maybe someone have never had to deal with such issues and thus do not know what is involved. And I would have to guess without knowing such things, then someone may surely know how hard it can be to find such issues. Example, are you aware that some of these will only show up on a site you visit most often? Again, so to make it look like the site is the issue thus to mask itself on your device.

I, as well as others, have spent a lot of time looking into it. Yet none of us have seen the issue first hand at all. I do not discount you are having an issue. But I also know how these can present themselves and have seen many iOS type attacks just like the ones you are seeing. Mike even linked to one that some of you were seeing.

I, others, and the ad network team continue to monitor and look for an issue. I would surely rather say...Ah, got it thanks for all the info and help and it be over with. But at this point, we have yet to see anything. Think about it, have you ever seen me not own up to an issue? BTW...The answer is NO.


----------



## BrettStah

The fact that lots of the reports are from folks who are technically proficient themselves, and are in many cases reports about iPhones and iPads, leads me to think that at least some of the reports are indicative of some server-side issue.


----------



## David Bott

BrettStah said:


> The fact that lots of the reports are from folks who are technically proficient themselves, and are in many cases reports about iPhones and iPads, leads me to think that at least some of the reports are indicative of some server-side issue.


And that is where services like Sucuri comes in. Not only does it scan all the directories of the site and this the code, it also runs everything though a proxy server firewall checking code in and out.

See real time reports... 
Sucuri Security - Sucuri Verified Websites


----------



## BrettStah

Can you check to see if the various FQDN's that have been reported are indeed matches to ads that are served by the ad network that's used here? For example:
post #122


----------



## David Bott

Here are some quick search references to some of the ad types you are seeing....

Be aware: Have you seen this pop-up on your iPhone?

Remove "Congratulations Amazon User" fake alert (Virus Removal Guide)

You Are Today's Lucky Visitor Scam

Remove "You Are Today's Lucky Visitor" ads (Removal Guide) - Chrome, Firefox, IE, Edge


----------



## David Bott

BrettStah said:


> Can you check to see if the various FQDN's that have been reported are indeed matches to ads that are served by the ad network that's used here? For example:
> post #122


The ad network team is monitoring this thread, they have checked URLs that have been referenced. The issue being is that the domain names used may have nothing to do with the ad being presented. I wish it was that simple as to just match a URL.

BTW...The network I use, and have been for a long time is PubGalaxy - Connects quality publishers with premium advertisers! They are a company that works with premium advertisers which means you should not see "bad ads" or "Low class ads" that you can get by using Google Adsense where anyone can insert an ad.

Using a premium service means the site actually can loose money as we do not accept ads from just anyone from anywhere. This does not mean a bad ad can not get though or caught by a system before it goes out as they change tactics like a virus. However it does mean it is less likely as the cost to run the ads are higher. (Hope this makes sense.)


----------



## markb

BrettStah said:


> Can you check to see if the various FQDN's that have been reported are indeed matches to ads that are served by the ad network that's used here? For example:
> post #122


That's my post. I tried to post the whole chain of FQDNs that led to the scam site. It appears it went through a bunch of redirects. A lot of reports here are just reporting the final FQDN/URL that they ended up at, but I don't imagine that information is very useful in tracking this down. Any match to ads served by the ad network would probably be early in the redirect chain.

I have a whole bunch more detail in my log than what I posted. I don't want to post the whole thing, because I'm not sure what private information might be in it. But I'm happy to help the TCF admins track this down, if they want me to look for anything in the log.


----------



## kcarl75

For me it only happens on this site and only when using a mobile device.


----------



## dlfl

@David Bott,
Thanks for the update and for your efforts.


----------



## murrays

And another from my iMac running Safari:


----------



## Chapper1

David Bott said:


> I did not say anything until I had reports back from all that where helping. But it feels al for not when you have another user saying..."Knowing that the admin blames the users (especially the long time users who are IT professionals) for these issues makes me feel better about my decision."
> 
> *I DID NOT blame the users.* I presented the information I have and the testing we have done and continue to do.


Oh, I must have misunderstood your message.



David Bott said:


> So I thought ok, they think it is the ad provider, I change all ad slots to be Google Ads and did not use the ad network for a day. In that same day some of you reported still seeing the issue. *So, where does that leave us? Not sure, but with all the hacks in apps and browsers going around, I surely would not be surprised if you may find something on the device. If I counted right, we have about 9 people with this complaint out of the thousands of visitors we have each day*.


Oh, wait. I guess I didn't. Carry on. If you would like me to find some of the many examples of a moderator telling users it is their devices when they have brought up similar complaints in the past, let me know. I know there are many.


----------



## Mikeguy

Just as a balancing and other data point: 

I've had the high-jacks (plus overlaid/obscuring ads containing pics of busty women in low-cut tops) on Windows machines running Win7 (I believe--a library computer) and Win10 using IE and Edge, on a PC and a laptop--this is not only an iOS issue. On the occasions, I was doing quite a bit of web browsing and the issues only occurred at the TCF site and when there was no ad blocker. As someone else reported, issues did not occur immediately, but typically only after a few minutes at TCF. Also, I assume that my library uses some form of virus, etc. protection, as do I (and I have not otherwise had an issue of this type on my laptop).


----------



## David Bott

From my account manager....

Hi David,

To answer your questions:

1. Yes, we do monitor the thread, in fact, the ad quality specialist who is investigating your problem is going to the topic every morning. Then he is blocking each and every reported landing page, but that doesn't help much. It would help if they can do a screenshot as soon as the redirect triggers so that we can see the initial URL.

2. Lets ask a favor. If someone can extract a HAR file when the redirect happens and send it over we can find the issue faster and kill it if it is something getting through. As you area aware, it all can be IP based on location or triggered via something in their history on the device. This could be why we or others testing can not see it. I have attach to guides, one for desktop & one for iOS, as to how to help if they would like to help.

3. It's may not an adware and yes it is it could be bad campaign which we are trying to catch. But as mentioned, something that can be directly targeted and thus a low number of visitors see it.

We do is 10K scans per day with special software, but without success. Additionally, the Ad quality team investigating the issue refreshed and browsed your site simultaneously through a laptop with Windows, iPad & iPhone, plus an Android phone and not one redirect&#8230;. We are really trying hard.

Hope I addressed your questions and gave you the info you needed about what we are doing out here.

I'll keep you updated with anything that pops-up on my end, please do the same.

--------------------------------

So here are PDF file instructions for those computer savvy enough to try to grab this information when it happens. We have people here that surely understand this simple instructions, so lets see if we can find something.

$50 Amazon Gift Card to the first person that submits information that leads to the arrest (ok, stoppage) of this issue. Send data to me at issue @ bott.net with the *subject TCF Ad Issue*.


----------



## nyny523

David - that is awesome!

As the resident Luddite, I will sit back and leave this to the experts, but I very much appreciate your efforts to fix this!

Thank you!!!


----------



## murrays

File sent.


----------



## murrays

Scratch that, [email protected] is not a known address.


----------



## David Bott

murrays said:


> Scratch that, [email protected] is not a known address.


Dang firewalls. For some reason it is sending the mail for the new account to a black hole. Ok, now fixed.

Thanks and sorry.


----------



## murrays

Done.


----------



## David Bott

Both Received. Thanks!!! Sent on to network. Feel free to catch others if you care to for it may help.


----------



## dlfl

Receiving a slew of redirects today to this URL:


Code:


www.google.com-win-a-free-gift-from-amazon-walmart-samsung.ketgarden.com

I've started using OpenDNS and have blocked the ketgarden.com domain. The block "works" in the sense that the TCF page I'm viewing is replaced by a page from OpenDNS stating the url was blocked, then I can back-arrow to the TCF page. Thus the block reduces the number of clicks to get past the interruption from 2 to 1. (Chrome browser on an iPad)

When I try to download the har pdf (iOS version) attached to a previous post I just get "download failed". I don't usually have any problem with pdf's.


----------



## krkaufman

FWIW, disabling JavaScript in Safari (iOS) seems to eliminate the hijacks, along with much of TCF's conveniences. I re-enabled JavaScript and it only took a few minutes for the hijacks to occur.


----------



## dlfl

David Bott said:


> ............
> So here are PDF file instructions for those computer savvy enough to try to grab this information when it happens. We have people here that surely understand this simple instructions, so lets see if we can find something.
> ...............


I'm assuming the attached "har file extraction_iOS.pdf" is intended to tell iOS users (e.g., my iPad 4 running Chrome browser) how to grab the desired information --- and if so I would like to look at the pdf. However whenever I try to view it I just get "download failed" -- and I normally have no problem with pdf's.


----------



## murrays

dlfl said:


> I'm assuming the attached "har file extraction_iOS.pdf" is intended to tell iOS users (e.g., my iPad 4 running Chrome browser) how to grab the desired information --- and if so I would like to look at the pdf. However whenever I try to view it I just get "download failed" -- and I normally have no problem with pdf's.


Pretty simple, it has you download a utility/browser HttpWatchBasic from the app store. I had to log into TCF through that browser and then record a redirect. You can then email the file to David.


----------



## David Bott

Yes, any information you can grab from the methods posted will be of great help. Not sure why you can't download a PDF however. Anyone else having an issue downloading the PDF's. 

Thanks Murray for the files sent. If you see more, please feel free to send over.


----------



## Mike Lang

They both open fine for me.


----------



## David Bott

*I am happy to report that Murray has been awarded a $50 Amazon gift card!!! *

Thanks for your help Murray! The data has been able to identify some sort of new ads types that are able to get though current checking methods.

-----------------------

Based on the data submitted, the ad team was able to identified the source of the issue. A couple of the campaigns had infected ads which triggered the redirects with some new schema that is very targeted. As such, very hard to detect as you have seen. It does mimic the pop-up's that are usually found hidden in apps right down to the same wording in some cases. This of course makes it even worse as users search for that issue and thus are pointed to their device.

We're in the process of removing the mentioned campaigns along with everything connected to them to be on the safe side. Of course we are also sending this data on other providers, even though they are competitors, so to better help protect the public.

-----------------------

*Seeing this is something difficult, I will keep this personal bounty OPEN for any other issues caught over the next week. Please use the tools mentioned in the PDF files. *

Thanks!


----------



## murrays

Glad I could help!


----------



## kdelande

I would hope the user community will be given the benefit of the doubt a little more liberally next time.


----------



## dlfl

Paraphrasing Pres. Ford: Our forum nightmare is over. (I hope).


----------



## dandrewk

Thank God I thought to look at this sub forum. Those hijacks were killing TCF on my iPad. I tried clearing web history/settings, and it kept coming back. 

It seems they were all leading to a "landing site" at ensarkizkurankursu.com. As we know, impossible to exit out of this without closing the tab.


----------



## smbaker

Hijacked again just now


----------



## raebyddet

Yep. Still happening to me too.


----------



## dwatt

Happened to me again around 7pm tonight.


----------



## cwerdna

Happened several times to me ("Congratulations _______" pages) on my iPhone 8 w/iOS 11.1.2 using Safari earlier today. I think I started seeing this within the past few weeks.

Will see if I can help out.

I've not seen this issue on my desktop/laptop browsers w/TCF, usually Firefox on 32-bit Win 7, 64-bit Windows 10 and Mac OS).


----------



## murrays

I got redirected this morning and launched Chrome to capture a hijack, but have been unable to get a redirect since then...I count that as a good thing!


----------



## MighTiVo

I have found that just this website has some pretty nasty ads that sneak in if I accidentally leave a tab connected here and I leave tabs open a lot of places with no problems anywhere else. 
I occasionally return to find this site seems to have allowed a link to a difficult to close "warning" and nearly anytime I leave this tab open it consumes huge amounts of ram in Chrome.

Now that I have found this thread I will try to return here to post if/when I get another troublesome ad.


----------



## mooseAndSquirrel

On the iPad in Safari, I keep getting "congratulations, you're a winner!".

Getting tired of constantly clearing my cache, I tried Tapatalk. Man, do I hate that interface.

So now, I mostly use Chrome from a Windows PC. And now on this platform, I'm redirected to some Windows anti-virus scam.

Is there anything I can do on my end to prevent this?


----------



## Squeak

Install an ad blocker, and follow the thread in the Operations Center


----------



## BlueMerle

Join TCF club or use an adblocker.


----------



## Squeak

kdelande said:


> I would hope the user community will be given the benefit of the doubt a little more liberally next time.


I reported this back in March, and was dismissed as it being installed viruses on my computer (but it was a phone). And then never got anywhere to get it fixed. Only way I got it to stop was installed an ad blocker on my phone and computer.

Mobile browser version keeps getting hijacked by spam


----------



## allan

BlueMerle said:


> Join TCF club or use an adblocker.


I do both. So far no problems.


----------



## MonsterJoe

It only happens on my phone, since I have an adblocker on my laptop.

When it happens, I just put my phone down and go about my day. TCF isn't making any money off me, so they've no reason to care other than a data point.

My phone is clean - there are no shady 3rd party apps on it...it's definitely an ad provider related issue.


----------



## mooseAndSquirrel

OK thanks. I guess I'll either investigate ad-blockers, learn to ignore it, or give up on TCF. This is the only site I've ever experienced having my browsers co-opted. Some site are annoying, but not so that I've ever felt the need for an ad blocker.

The worst is Safari on the iPad. That went away for a while but now "congratulations" is back with a vengeance.


----------



## BlueMerle

Adblock Plus - Surf the web without annoying ads!


----------



## TAsunder

BlueMerle said:


> Adblock Plus - Surf the web without annoying ads!


I stopped using them long ago when they began selling ads of their own. YMMV. Adblock Plus now sells ads

I now use uBlock Origin


----------



## jcondon

TAsunder said:


> I stopped using them long ago when they began selling ads of their own. YMMV. Adblock Plus now sells ads
> 
> I now use uBlock Origin


Not sure why I switched exactly but another happy uBlock Orign convert here. I actually looked last week to see if they took donations. Thought I would throw them a few bucks keeping my computer free of malicious ads and making the web a much faster experience. They don't want your money. No donations at all.


----------



## BlueMerle

TAsunder said:


> I stopped using them long ago when they began selling ads of their own. YMMV. Adblock Plus now sells ads
> 
> I now use uBlock Origin


Ok, wow! I hadn't heard that before. Thanks for the heads up.

I will say that I haven't noticed any ads being placed on other sites, so if they are they're discrete. But I'll pay closer attention going forward and will look into uBlock Origin.


----------



## krkaufman

I've been using TCF via Safari on my phone, with JavaScript enabled, for 10 minutes and no hijacks thus far. First day in weeks. Fingers crossed.

edit: p.s. ... and came back to the open tab 35 minutes later and still no hijackery. Hope still vibrates!

p.p.s. Alas, my first hijack at 65 minutes.

... and hijacks are back strong Monday evening.


----------



## TAsunder

BlueMerle said:


> Ok, wow! I hadn't heard that before. Thanks for the heads up.
> 
> I will say that I haven't noticed any ads being placed on other sites, so if they are they're discrete. But I'll pay closer attention going forward and will look into uBlock Origin.


I have no idea if it really has any impact in practice. I merely switched out of the principle of the thing.


----------



## allan

I'm still using Adblock Plus, and haven't noticed any ads.


----------



## BrettStah

mooseAndSquirrel said:


> OK thanks. I guess I'll either investigate ad-blockers, learn to ignore it, or give up on TCF. This is the only site I've ever experienced having my browsers co-opted. Some site are annoying, but not so that I've ever felt the need for an ad blocker.
> 
> The worst is Safari on the iPad. That went away for a while but now "congratulations" is back with a vengeance.


And in case it isn't known, there are content blockers for iPhones and iPads. I use 1Blocker, but there are many out there.


----------



## Hoffer

BlueMerle said:


> Join TCF club or use an adblocker.


I do both and have not seen any of the issues complain about.

It does sound annoying what is happening. You'd think admins wouldn't want people rushing to use an ad blocker because their site is so awful.


----------



## Squeak

Hoffer said:


> I do both and have not seen any of the issues complain about.
> 
> It does sound annoying what is happening. You'd think admins wouldn't want people rushing to use an ad blocker because their site is so awful.


Go read the posting in the Operations Center to get a better sense of the tone of response related to it....


----------



## mooseAndSquirrel

Yeah, I think one of the reasons I haven't needed an adblocker is most sites (that I frequent) are fairly well done and I actually like seeing some of the ads. I'm able to tune a lot of stuff out.


----------



## Sparky1234

jcondon said:


> Not sure why I switched exactly but another happy uBlock Orign convert here. I actually looked last week to see if they took donations. Thought I would throw them a few bucks keeping my computer free of malicious ads and making the web a much faster experience. They don't want your money. No donations at all.


+1 for uBlock Origin with Firefox.


----------



## murrays

Here's another thread discussing the issue here: TCF pages automatically directing me to scam sites


----------



## mooseAndSquirrel

So now I get a "please whitelist TCF" message.


----------



## LoadStar

mooseAndSquirrel said:


> So now I get a "please whitelist TCF" message.


You can either ignore that, or with most adblock software, you can manually block that message. (With uBlock Origin, use the "element picker" to select the message, then use it again to select the gray overlay.)


----------



## LoREvanescence

Are there any ad blockers that work in Safari on iOS though?

That is the only place I see this issue and it's so severe it renders this site unusable.


----------



## Squeak

LoREvanescence said:


> Are there any ad blockers that work in Safari on iOS though?
> 
> That is the only place I see this issue and it's so severe it renders this site unusable.


Adblock plus is what I use without any issue


----------



## LoREvanescence

Squeak said:


> Adblock plus is what I use without any issue


Oh wow, I didn't realize that Adbockers were even a option for iOS


----------



## mooseAndSquirrel

Thanks for all the help


----------



## danm628

LoREvanescence said:


> Are there any ad blockers that work in Safari on iOS though?
> 
> That is the only place I see this issue and it's so severe it renders this site unusable.


That was added a couple of iOS releases ago. There is a whole section in the App store for ad blockers.

I use 1Blocker on my iPad and iPhone. It's free for basic functionality. If you want to enable more than one block list you have to pay. I used the free version for several months and was happy. I finally bought the upgrade to enable multiple block lists.


----------



## mqpickles

It's been happening to me. Hadn't for a couple days. But just happened again.


----------



## krkaufman

mqpickles said:


> View attachment 31866
> It's been happening to me. Hadn't for a couple days. But just happened again.


Yeah, seemed better earlier today, but it's seemingly ramped back up again, tonight. Got hijacked reading just your post, about 10+ seconds after hitting the site


----------



## kdmorse

All through these troubled times, I seem to have managed to be on of those folks unaffected by the recent wave.

Got it in spades today on my Samsung S6. First page today, first visible add, and it played "CONGRAGULATIONS!" at max volume, with a full screen highjack, spin the win to win a prize, and oh by the way, a dialog pops up whose only option s are "OK" and "Done". Had to reboot the phone having no better way of getting out.

I appreciated that progress has been made, and bad actors kicked. The problem however, is clearly not yet solved...


----------



## dlfl

kdmorse said:


> All through these troubled times, I seem to have managed to be on of those folks unaffected by the recent wave.
> 
> Got it in spades today on my Samsung S6. First page today, first visible add, and it played "CONGRAGULATIONS!" at max volume, with a full screen highjack, spin the win to win a prize, and oh by the way, a dialog pops up whose only option s are "OK" and "Done". Had to reboot the phone having no better way of getting out.
> 
> I appreciated that progress has been made, and bad actors kicked. The problem however, is clearly not yet solved...


Yours could be an interesting case for the iOS adblockers being recommended in a few earlier posts. I suspect those posters are among the (apparent) majority of forum users who would not get *full screen hijacks* even without a blocker, so they don't really know if their blocker is preventing them from getting them.

I (using Chrome browser on an iPad 4) can block specific sites that give the full screen hijacks two ways:

1. Settings .... Restrictions ... Websites ... Limit Adult Content and block specific domain
(or)
2. Using OpenDNS and set to block the specific domain(s)

However, although they work, these "solutions" are not satisfactory. They just provide a different full screen hijack to a page saying the site was blocked! So I still get the irritating interruption and have to click to get back to the TCF page I was viewing.

I would be curious to see if any of the recommended adblockers can block these hijacks without replacing the TCF page (on a system that was previously getting the full screen hijacks).

Fortunately, apparently as a result of remedial action by the forum adminstrators and the ad providers, I am no longer getting these hijacks -- so I can't test these adblockers on my system. (Also, some of the adblockers apparently don't work on my iPad 4 anyway.)

*EDIT:* Duh! Neglected the fact your phone is not iOS based. Nevertheless the question I have defined is still valid (for iPad/iPhone users).


----------



## danm628

dlfl said:


> Yours could be an interesting case for the iOS adblockers being recommended in a few earlier posts. I suspect those posters are among the (apparent) majority of forum users who would not get *full screen hijacks* even without a blocker, so they don't really know if their blocker is preventing them from getting them.
> 
> I (using Chrome browser on an iPad 4) can block specific sites that give the full screen hijacks two ways:
> 
> 1. Settings .... Restrictions ... Websites ... Limit Adult Content and block specific domain
> (or)
> 2. Using OpenDNS and set to block the specific domain(s)
> 
> However, although they work, these "solutions" are not satisfactory. They just provide a different full screen hijack to a page saying the site was blocked! So I still get the irritating interruption and have to click to get back to the TCF page I was viewing.
> 
> I would be curious to see if any of the recommended adblockers can block these hijacks without replacing the TCF page (on a system that was previously getting the full screen hijacks).
> 
> Fortunately, apparently as a result of remedial action by the forum adminstrators and the ad providers, I am no longer getting these hijacks -- so I can't test these adblockers on my system. (Also, some of the adblockers apparently don't work on my iPad 4 anyway.)
> 
> *EDIT:* Duh! Neglected the fact your phone is not iOS based. Nevertheless the question I have defined is still valid (for iPad/iPhone users).


The iOS content blockers work just like the ad blockers on desktop systems. The attempt to fetch the ad is blocked.

Since installing 1Blocker I haven't had any hijacks on my iPad mini or iPhone. Very rarely I will see an advertisement, those are ones a site locally hosts instead of from an ad service.

You do need a 64 bit CPU for the content blocker feature. Your iPad 4 has an A6X processor which is 32 bit.


----------



## mooseAndSquirrel

Squeak said:


> Adblock plus is what I use without any issue


So I installed AdBlock on my iPad and think I have it configured and operating correctly. It has the vpn running, and I loaded the easylist and set Sadfari to use it as it's blocker.

Yet still on TCF I get the "congratulations google user".

I guess I'll clear cached content.


----------



## Squeak

mooseAndSquirrel said:


> So I installed AdBlock on my iPad and think I have it configured and operating correctly. It has the vpn running, and I loaded the easylist and set Sadfari to use it as it's blocker.
> 
> Yet still on TCF I get the "congratulations google user".
> 
> I guess I'll clear cached content.


I had to kill Safari after installing it, and then wait a couple of seconds for Safari to pick up on it. Also, make sure AdBlock is turned on.


----------



## dlfl

mooseAndSquirrel said:


> So I installed AdBlock on my iPad and think I have it configured and operating correctly. It has the vpn running, and I loaded the easylist and set Sadfari to use it as it's blocker.
> 
> Yet still on TCF I get the "congratulations google user".
> 
> I guess I'll clear cached content.


So AdBlock requires using a VPN? Not keen on that complication.
Is this true of other blockers that work on iPad?


----------



## dlfl

danm628 said:


> The iOS content blockers work just like the ad blockers on desktop systems. The attempt to fetch the ad is blocked.
> 
> Since installing 1Blocker I haven't had any hijacks on my iPad mini or iPhone. Very rarely I will see an advertisement, those are ones a site locally hosts instead of from an ad service.
> 
> You do need a 64 bit CPU for the content blocker feature. Your iPad 4 has an A6X processor which is 32 bit.


So does this mean 1Blocker on my iPad 4 would, or would not, be able to stop the hijacks (without replacing the currently viewing page with a new one that just says it was blocked)? And does 1Blocker require running a VPN?


----------



## danm628

dlfl said:


> So AdBlock requires using a VPN? Not keen on that complication.
> Is this true of other blockers that work on iPad?


No.


----------



## OhFiddle

My tablet is Android and I had been using the Chrome and sometimes Opera browser on it. They both are supposed to have some form of built in ad blocking I think, but it didn't help much. In the past I had looked into adblocking extensions or addons for Android and couldn't find anything available. After someone mentioned it here I looked again and saw that now the Android version of Firefox has several adblocking addons available. I installed Ghostery since I am already familiar with it and also tried the recommended uBlock Origin. The settings on the uBlock Origin seem a little less beginner friendly than Ghostery. I don't know what all the icons or terminology is for it yet. They're both installed which I'm not sure if that is good or not? Anyway a lot of the ad heavy sites load *a lot faster* now on the tablet and I haven't gotten another hijack yet.

I don't know that this type of hijack ad is all that new. When I Googled it, I saw articles about it from several years ago. From what I read it seems like most of the time it isn't really installing malware or attempting to spread a virus, it's just an way to register more clicks for ad revenue.


----------



## ps2baseball

I am seeing this as well. I can't get it to stop. Only an issue on my iPad.


----------



## raebyddet

Still happening. This is definitely not solved. It gets better for a bit then comes back. It’s happened to me twice while trying to post this message.


----------



## nyny523

I keep getting it, too


----------



## Phil T

I turned adblocker off for several days on my Macbook Pro and had no issues. My IPhone still gets hijacked at least once per day.


----------



## dlfl

Just back on the forum and got 3 hijacks from the ketgarden.com domain within the first minute. This after several days of no hijacks.

This is the only forum or site of any kind that gives me these things, not that I visit a huge number of them. Are others getting these on other forums they visit?


----------



## krkaufman

Yep, hijacking seems to be enjoying a comeback, tonight.


----------



## murrays

It's pretty easy to send David the log which should help resolve the issue...and you could get some Amazon credit: TCF pages automatically directing me to scam sites


----------



## ellinj

I am getting mostly on the mobile skin. So annoying since it's difficult to get back to the page I want to be on.

*You've been randomly selected to participate in our 10th Anniversary iPhone X Giveaway!*


----------



## TiVo'Brien

Annoying that these ads are highjacking my browser and preventing me from canceling out of them!


----------



## Mikeguy

allan said:


> I'm still using Adblock Plus, and haven't noticed any ads.


Yep. Started using Adblock Plus here with IE11 when the sheer number of ads here continually would freeze my Win8 or 10 tablet (2GB RAM), and then all was fine--the day I inadvertently came to the site under Edge without Adblock installed, I repeatedly got vicious and obnoxious audio and visual system malfunction popup highjack ads, threatening me if I cancelled them (and which prevented me from doing so--I had to use Task Manager). Installed Adblock under Edge and no issue since.


----------



## cwerdna

I sent several HWL captures (after getting redirects to scam sites) from my iPhone 8 to David earlier today.

I asked him some questions in email but I think I should ask publicly and get a public answer, since it'd benefit others and perhaps cut down on the dupes he might receive, besides saving time of TCF users.

My question was basically: if I see scam ads that look basically the same as what I've sent already, should I send it again or just ignore it? Or, should I wait a few days before sending what I think is the same?

Earlier in the day, I got a few more of the Congratulations pages that looked the same as before. (I sent the first one but not the others.) Should I try to distinguish by the hosting domain or not at all and just send them all?

Also, after sending 1 HWL from the iOS app, should I clear the log? The HWL seemed to get progressively larger as the day went on even though I'm sure iOS had memory killed the app in the background.

Sizes of the HWL files I sent in megs: 3.5, 4.3, 7.6, 10. Not sure if the 4th file actually contained everything in files 1 thru 3.


----------



## dlfl

I'm also trying to catch a log on iOS using the httpWatchBasic browser and I have an additional question:

So far the only (possible) hijacks I've seen are popup modal dialog boxes that just say (something like) "can't open that URL". Are these the form that these offending hijacks take on that browser? I've never seen this type in my regular browser (chrome on iPad 4).


----------



## David Bott

*Just sent another $50 bounty to member cwerdna who has been so kind to send in some file with more information. Thanks cwerdna!
*
So this is where we stand. It should be stopped now. This actually as a new form of ad attack that mimics app's that are infected thus the attacks to try to disguise itself as an APP issue. (When you search for the text you will see it all points to app's issues) So really new as Google has not seen it. (Luckly us.) This is the notes I got from PubGalaxy....

----------------

The origin of the bad campaigns is Google and our ad quality team contacted them as soon as we found that they were the source so that they can remove these two campaigns along with the advertiser. However, we didn't receive confirmation from them on Friday that they removed what we asked. Instead, they replied that problem is not from them, regardless of the fact we provided Google with the logs proving that the bad campaigns were served by them.

In a nutshell, we found the problem (the two campaigns) and its source (Google), therefore we requested the removal of the problematic campaigns and advertiser, but Google didn't do what we asked for so that the issue continues.

We reached Google again with the new log, which showed the same campaign we flagged to them on Friday. Google is now concerned finely!

-----------------

E-Mail this morning...my time...(12/6 7:30AM MT)

We've ditched a partner yesterday evening (5:30 PM our time, UK) that Google also identified as having the attack. While today we applied additional blocking and enforced our filters approximately an hour ago to scan for this new variant, so we should have this solved according to our ad quality team.

Is it possible to ask members to report only if they experience something from this moment onwards?

As a precaution measure, we advised them to clear the cache from their browsers and devices as well.

We will review the thread topic again first thing tomorrow morning to see if there are any other reports.

-------------------

So it is my hope this has been caught thanks to two of our members that took the time to send in about 9 logs total.


----------



## raebyddet

Thanks David. Its much appreciated that you took the time to dig into the issue and really solve it.


----------



## krkaufman

David Bott said:


> As a precaution measure, we advised them to clear the cache from their browsers and devices as well.


Noted!


----------



## cherry ghost

So was this different than what was reported 15 months ago or just happening to more people?

Ad spam hijack


----------



## David Bott

Seems to be a different as the other one was stopped and this one was a new variant as mentioned.


----------



## Squeak

cherry ghost said:


> So was this different than what was reported 15 months ago or just happening to more people?
> 
> Ad spam hijack


No, but the same one I submitted 9 months ago and was told it was a virus app on my phone


----------



## dwatt

I just got it again on my Moto X.


----------



## danm628

cherry ghost said:


> So was this different than what was reported 15 months ago or just happening to more people?
> 
> Ad spam hijack


Ad hijacks are an ongoing battle. They try to develop new ones. Sites try to prevent them. It will never end.


----------



## Bighouse

And here's the love awaiting me on TCF tonight- seriously, I may just give up my my TCF account...


----------



## David Bott

Bighouse said:


> And here's the love awaiting me on TCF tonight- seriously, I may just give up my my TCF account...
> View attachment 31897


I do not recall this one being mentioned before as it does not look like the others that have been shown. Are you able to help out and look to catch the data as referenced earlier in the thread? If so, please be so kind to try. Thanks


----------



## cwerdna

David, thanks for the card! Today, I haven't seen any more hijackings on my iPhone 8 browsing TCF via HttpWatch Basic.

With hesitation (I don't like what's blown away), I nuked mobile Safari's cache via the directions at Clear the history and cookies from Safari on your iPhone, iPad, or iPod touch. (I'm not sure if Safari's and HttpWatch's cache are shared but the cookies don't seem to be.) I only wish were ways to delete only the cache and maybe cookies but not history.

Obviously, it sounds like more captures and investigation are needed. Will send them if I hit any. IIRC, I've never seen any hijackings/scam sites when browsing TCF using my work Mac running Firefox and my home PCs running Firefox for Win32 and Win64.

At home, my home PCs and iOS devices are connected to an Asus RT-AC68U access point and have AiProtection - Commercial-Grade Security for Your Home Network turned on. The 1st log I sent to David (which may/may not have helped) was when I clicked on a post on TCF and my AP's AiProtection page came up saying it'd blocked access to normall.ss9696.com which it said was a scam site. The router doing (in some cases silent) blocking might be why I've not seen scam sites when browsing TCF at home.

For those still seeing scam sites, if you have an Asus router w/AiProtection, perhaps turn it on? If your router has something similar, try turning it on?


----------



## dwatt

Bighouse said:


> And here's the love awaiting me on TCF tonight- seriously, I may just give up my my TCF account...
> View attachment 31897


That is the same style as the one I mentioned a few posts above. It is different than the ones I was getting before.


----------



## David Bott

As of this morning PubGalaxy has not detected anything new getting through that did matched the logs that were already sent in. So as of now, we are thinking, hoping, the ad campaigns making for the issue that some where seeing over and over have been stopped.

I am going to close this thread now. Feel free to start a new one if (hummm...when) such an issue again comes up. Thank you again to those that helped to find the bad ad campaigns.


----------



## RickStrobel

It's back.

This morning on my Windows PC running Chrome I noticed that a TCF tab that I had left open was now saying something about installing a download manager.

Just now browsing with iOS and got a message "Congratulations! Click OK to secure your slot." Only option was to hit close, which I did and was then directed to a Walmart gift card site.

Similar behavior to this:
TCF pages automatically directing me to scam sites


----------

