This request will be followed by a chain of redirects and the last request in the chain will be this one: com/en/content/2019-cj-emea/?coupon=aff-19-en-10-1&utm_source=affiliate&utm_medium=cj&utm_campaign=dedc1dc5d58611e982c203670a180513&utm_content=11&8585&affm_contj=293&utm_content=293&utm_content=2933&utm_content=2933&utm_content=293&utm_content=293&utm_content=293&utm_content=33=dedc1dc5d58611e982c203670a180513Īpparently, the address belongs to someone’s affiliate program with Teamviewer. For example, after visiting, the sent request will look like this: Response on such request will contain the following URL: The extension will immediately open this link in the background. Researchers explain that when entering every new domain, a request is sent to. “It’s about cookie stuffing, a popular scam technique that is often used in affiliate marketing to capture traffic from legitimate sources,” – write AdGuard experts. Therefore, in response to expansion requests, the server sends a list of commands, after which the behavior of the “blocker” changes: in addition to blocking ads, it starts to do something else. Researchers noticed that approximately 55 hours after installing these extensions, they begin to exchange suspicious requests with their servers. Google experts removed the problematic extensions after AdGuard experts discovered the fraudulent behavior of blockers.
Both extensions were fully functional, but they obviously disguised themselves as other popular blockers and engaged in fraud. These blockers tricked users with cookie stuffing. Google experts have excluded two dangerous ad blockers from the Chrome Web Store – AdBlock (about 800,000 users) and uBlock (850,000 users).
0 kommentar(er)
