TCF pages automatically directing me to scam sites

Discussion in 'Forum Operations Center' started by RickStrobel, Oct 26, 2017.

Thread Status:
Not open for further replies.
  1. David Bott

    David Bott Administrator Staff Member Administrator

    2,853
    246
    Jan 1, 1999

    Advertisements

    Dang firewalls. For some reason it is sending the mail for the new account to a black hole. Ok, now fixed.

    Thanks and sorry.
     
    Last edited: Nov 30, 2017
  2. murrays

    murrays Well-Known Member

    15,892
    1,890
    Oct 19, 2004
    Done.
     
  3. David Bott

    David Bott Administrator Staff Member Administrator

    2,853
    246
    Jan 1, 1999
    Both Received. Thanks!!! Sent on to network. Feel free to catch others if you care to for it may help.
     
  4. dlfl

    dlfl Cranky old novice

    9,074
    808
    Jul 6, 2006
    Dayton OH
    Receiving a slew of redirects today to this URL:
    Code:
    www.google.com-win-a-free-gift-from-amazon-walmart-samsung.ketgarden.com
    I've started using OpenDNS and have blocked the ketgarden.com domain. The block "works" in the sense that the TCF page I'm viewing is replaced by a page from OpenDNS stating the url was blocked, then I can back-arrow to the TCF page. Thus the block reduces the number of clicks to get past the interruption from 2 to 1. (Chrome browser on an iPad)

    When I try to download the har pdf (iOS version) attached to a previous post I just get "download failed". I don't usually have any problem with pdf's.
     
  5. krkaufman

    krkaufman TDL shepherd

    16,327
    3,063
    Nov 25, 2003

    Advertisements

    FWIW, disabling JavaScript in Safari (iOS) seems to eliminate the hijacks, along with much of TCF's conveniences. I re-enabled JavaScript and it only took a few minutes for the hijacks to occur.
     
  6. Dec 1, 2017 #146 of 224
    dlfl

    dlfl Cranky old novice

    9,074
    808
    Jul 6, 2006
    Dayton OH
    I'm assuming the attached "har file extraction_iOS.pdf" is intended to tell iOS users (e.g., my iPad 4 running Chrome browser) how to grab the desired information --- and if so I would like to look at the pdf. However whenever I try to view it I just get "download failed" -- and I normally have no problem with pdf's.
     
  7. Dec 1, 2017 #147 of 224
    murrays

    murrays Well-Known Member

    15,892
    1,890
    Oct 19, 2004
    Pretty simple, it has you download a utility/browser HttpWatchBasic from the app store. I had to log into TCF through that browser and then record a redirect. You can then email the file to David.
     
  8. Dec 1, 2017 #148 of 224
    David Bott

    David Bott Administrator Staff Member Administrator

    2,853
    246
    Jan 1, 1999
    Yes, any information you can grab from the methods posted will be of great help. Not sure why you can't download a PDF however. Anyone else having an issue downloading the PDF's.

    Thanks Murray for the files sent. If you see more, please feel free to send over.
     
  9. Dec 1, 2017 #149 of 224
    Mike Lang

    Mike Lang Administrator Staff Member Administrator TCF Club

    8,645
    1,594
    Nov 17, 1999
    They both open fine for me.
     
  10. Dec 1, 2017 #150 of 224
    David Bott

    David Bott Administrator Staff Member Administrator

    2,853
    246
    Jan 1, 1999
    I am happy to report that Murray has been awarded a $50 Amazon gift card!!!

    Thanks for your help Murray! The data has been able to identify some sort of new ads types that are able to get though current checking methods.

    -----------------------

    Based on the data submitted, the ad team was able to identified the source of the issue. A couple of the campaigns had infected ads which triggered the redirects with some new schema that is very targeted. As such, very hard to detect as you have seen. It does mimic the pop-up's that are usually found hidden in apps right down to the same wording in some cases. This of course makes it even worse as users search for that issue and thus are pointed to their device.

    We're in the process of removing the mentioned campaigns along with everything connected to them to be on the safe side. Of course we are also sending this data on other providers, even though they are competitors, so to better help protect the public.

    -----------------------

    Seeing this is something difficult, I will keep this personal bounty OPEN for any other issues caught over the next week. Please use the tools mentioned in the PDF files.

    Thanks!
     
    Robin, NorthAlabama, cwerdna and 7 others like this.
  11. Dec 1, 2017 #151 of 224
    murrays

    murrays Well-Known Member

    15,892
    1,890
    Oct 19, 2004
    Glad I could help!
     
  12. Dec 1, 2017 #152 of 224
    kdelande

    kdelande TiVo-Wobble

    3,123
    209
    Dec 17, 2001
    Louisville,...
    I would hope the user community will be given the benefit of the doubt a little more liberally next time.
     
  13. Dec 1, 2017 #153 of 224
    dlfl

    dlfl Cranky old novice

    9,074
    808
    Jul 6, 2006
    Dayton OH
    Paraphrasing Pres. Ford: Our forum nightmare is over. (I hope).
     
  14. Dec 1, 2017 #154 of 224
    dandrewk

    dandrewk Well-Known Member

    14,318
    783
    Mar 1, 2004
    Marin...
    Thank God I thought to look at this sub forum. Those hijacks were killing TCF on my iPad. I tried clearing web history/settings, and it kept coming back.

    It seems they were all leading to a "landing site" at ensarkizkurankursu.com. As we know, impossible to exit out of this without closing the tab.
     
  15. Dec 1, 2017 #155 of 224
    smbaker

    smbaker Well-Known Member

    25,634
    2,327
    May 24, 2003
    Hijacked again just now
     
  16. Dec 1, 2017 #156 of 224
    raebyddet

    raebyddet Person

    5,763
    2,302
    Oct 21, 2003
    Maryland
    Yep. Still happening to me too.
     
  17. Dec 1, 2017 #157 of 224
    dwatt

    dwatt Well-Known Member

    5,067
    1,890
    Jan 11, 2007
    Happened to me again around 7pm tonight.
     
  18. Dec 2, 2017 #158 of 224
    cwerdna

    cwerdna Proud Tivolutionary

    15,068
    889
    Feb 22, 2001
    SF Bay Area, CA
    Happened several times to me ("Congratulations _______" pages) on my iPhone 8 w/iOS 11.1.2 using Safari earlier today. I think I started seeing this within the past few weeks.

    Will see if I can help out.

    I've not seen this issue on my desktop/laptop browsers w/TCF, usually Firefox on 32-bit Win 7, 64-bit Windows 10 and Mac OS).
     
  19. Dec 2, 2017 #159 of 224
    murrays

    murrays Well-Known Member

    15,892
    1,890
    Oct 19, 2004
    I got redirected this morning and launched Chrome to capture a hijack, but have been unable to get a redirect since then...I count that as a good thing!
     
  20. Dec 3, 2017 #160 of 224
    MighTiVo

    MighTiVo TiVotarian

    2,612
    60
    Oct 26, 2000
    Nashville, TN
    I have found that just this website has some pretty nasty ads that sneak in if I accidentally leave a tab connected here and I leave tabs open a lot of places with no problems anywhere else.
    I occasionally return to find this site seems to have allowed a link to a difficult to close "warning" and nearly anytime I leave this tab open it consumes huge amounts of ram in Chrome.

    Now that I have found this thread I will try to return here to post if/when I get another troublesome ad.
     
Thread Status:
Not open for further replies.

Share This Page

spam firewall

Advertisements