Malicious advertising URLs

[andris86]

Prerequisites

• [X] This site DOES NOT contain sexually explicit material, otherwise use NSFW-specific form;
• [X] Filters were updated before reproducing an issue;
• [X] AdGuard product version is up-to-date;
• [X] Browser version is up-to-date;
• [X] If the site or app is broken, disabling AdGuard protection resolves an issue.

What product do you use?

AdGuard Browser Extension

AdGuard version

4.3.13

What type of problem have you encountered?

Missed ads or ad leftovers, Dangerous site

Which browser(s) do you use?

Firefox

Which device do you use?

Desktop

Where is the problem encountered?

multiple sites

Ad Blocking

AdGuard Base filter, AdGuard Mobile Ads filter

Privacy

No response

Social Widgets

AdGuard Social Media filter

Annoyances

AdGuard Annoyances filter

Security

Online Malicious URL Blocklist, NoCoin Filter List

Other

No response

DNS filters

No response

Language-specific

AdGuard Chinese filter, AdGuard Dutch filter, AdGuard French filter, AdGuard German filter, AdGuard Japanese filter, AdGuard Russian filter, AdGuard Spanish/Portuguese filter, AdGuard Turkish filter, AdGuard Ukrainian filter

What Stealth Mode options do you have enabled?

No response

Add your comment and screenshots

https://externalfavlink.com/sm_a1_mn5fqbyt6gt6.html?zoneid=6973334&sourceid=229303&ymid=0ED58E00-CA61-11EE-A3AF-79073842E5D1&tt=2 Virustotal: https://www.virustotal.com/gui/url/8f1279e8a0e87969e2d39f147fd5eddca669b30d3c8af55d60fd9758ebfa1ea6?nocache=1

ak.arwobaton.com/afu.php?zoneid=6973334&ymid=0ED58E00-CA61-11EE-A3AF-79073842E5D1&var=229303 Virustotal: https://www.virustotal.com/gui/url/3fb3307772e0596c33e7251b94c3affb1d2736f652fe1115ee73062d12ede82c?nocache=1

https://gaming001.site/tracking/converto_track.php?ref=Mw==.aHR0cHM6Ly9wYXJ0bmVycy5vbHliZXRhZmZpbGlhdGVzLmNvbS9DLmFzaHg/YnRhZz1hXzEwMDAxM2JfMTIyOGNfJmFmZmlkPTEwMDAxMSZzaXRlaWQ9MTAwMDEzJmFkaWQ9MTIyOCZjPXtjbGlja2lkfQ==&params=btag=a_100013b_1228c_&affid=100011&siteid=100013&adid=1228&c=w26g0v10gdonhb5v2vtqhq4i Virustotal: https://www.virustotal.com/gui/url/a91a4f7f89736a775e49857fd7658a79698e69ba3d023b4c073662a1c6ee1e29/detection

https://fountaincheek.com/s6ht6r8i6?key=5fa67f9cd778c8eb4090e166562c6747 Virustotal: https://www.virustotal.com/gui/url/72e00a745906e324f28447637d89737413ad32b48b3293f2cf2af21404707e80

These websites redirect user multiple times to other websites, sometimes to gambling sites, sometimes to scams and malware. If you click on these links repeatedly you can discover new advertising domains that redirect to other sites.

Privacy

• [X] I agree to follow this condition

[zloyden]

Fixed, update should be available soon.

[andris86]

@zloyden What about

ak.arwobaton.com/afu.php?zoneid=6973334&ymid=0ED58E00-CA61-11EE-A3AF-79073842E5D1&var=229303

[zloyden]

Also added it.

[Alex-302]

Please provide source of all urls.

||externalfavlink.com/*.html?zoneid=*&sourceid=*&ymid=$all

@zloyden externalfavlink.com is a fake site used for ads.

[zloyden]

Hm, looked like a normal site, but I've exchanged the rule, thanks.

[Alex-302]

malwarebytes also blocks it https://www.malwarebytes.com/blog/detections/externalfavlink-com

[andris86]

@Alex-302 Domains that redirect to these links are already blocked in sites where they are placed as a subdocument. Here are the links:

https://fulltv.video/1/?s=1&b=7281 https://fulltv.video/3.html https://fulltv.video/2.html https://ver.gratis/1/?s=0&b=7282 https://ver.gratis/2.html

https://www.fulltv.tv/ and https://www.fulltv.com.ar/ are places where I first encountered these ads. I found these urls by clicking on these ads repeatedly until I got redirected through a new domain.