2

In a message in Space Exploration chat

there was a link to imgur.com which I naively assumed would be an image, GIF, or perhaps even a short video clip. after the short video played, I was then sent to a strange url which appears to be an advertising company in India.

I didn't know imgur did that.

What concerns me further is that the page looks to me to be a Google page, logo and all. See screenshots below.

note: I was logged into Google at the time in another tab (chrome incognito, MacOS). Also, I'm overseas, so the fact that it's written in Chinese (which I can not read) is not unexpected. (an earlier question of mine: Are there any settings on my laptop that will tell my browser “I speak English”?)

Question: Is this an expected, or at least tolerated behavior? My feeling is that it is at least naughty and deceptive; am I just being naive? Is it in any way dangerous? Is this google-looking page really a google page? I don't understand what I'm looking at.

screenshot of unexpected behavior

screenshot of unexpected behavior

uhoh
  • 1,415
  • 2
  • 11
  • 21
  • I'm not sure how to properly tag this question, assistance appreciated. – uhoh Aug 26 '18 at 11:15
  • 1
    If I check the chat you mention there is only one link and it does not lead to what you've got but to some animation about particle interaction. Are you sure that the problem is not on your local system, i.e. some malicious browser extension or similar? Or maybe it was some third party advertisement included by imgur, i.e. [malvertising](https://en.wikipedia.org/wiki/Malvertising). – Steffen Ullrich Aug 26 '18 at 13:40
  • @SteffenUllrich the behavior was reproducible (twice at least) about 10 minutes later. Since then, I've logged out, shut down, and restarted. Now I've just tried again and I can't reproduce the behavior. Interesting. I've never had anything like that happen to me before, at least not in recent memory and notice no other problems. I haven't used or installed extensions that I know about, this is what's shown currently: https://i.stack.imgur.com/IgOp1.png which I'm guessing are just Chrome defaults. So I can't *rule out* something local but still it's quite a strange, and unfamiliar experience. – uhoh Aug 26 '18 at 13:50
  • Anyway, each time the loop played once, and then it spontaneously went to that fojmarketing url with the Google-like page. – uhoh Aug 26 '18 at 13:54
  • 1
    In this case I assume malvertising as already suggested. Most sites don't really have control over the ads they display but just depend on several ad-networks. Insofar it would not really be the fault of imgur, except that they rely on ad-networks they don't control and which can serve harmful ads. – Steffen Ullrich Aug 26 '18 at 14:02
  • @SteffenUllrich thanks for your reply. If that were the case, it would be an add that just happened to appear for a while when I accessed that imgur link, and it would not be related to the video itself shown there, or the uploader of that video? – uhoh Aug 26 '18 at 15:32
  • 1
    If it is malvertising it is unlikely to be related to the uploader of the video. It is more likely to be related either to the content shown and/or to the one visiting the site (i.e. the collected ad profile about you, what sites you visit, what browser you use, where you live...). See for example [Real-Time Bidding and Malvertising: A Case Study](https://blog.malwarebytes.com/cybercrime/2015/04/real-time-bidding-and-malvertising-a-case-study/) for some more details how this works. – Steffen Ullrich Aug 26 '18 at 15:39
  • @SteffenUllrich great, thank you very much for the additional information. I have a better understanding now. – uhoh Aug 26 '18 at 15:41
  • @uhoh Didn't you have similar issues with the Where Is Roadster site a while back? I suspect your ISP is injecting ad content for you. – Russell Borogove Aug 30 '18 at 18:28
  • @RussellBorogove no I did not. I simply asked [Why does this site show Starman's position so far from what Horizons gives?](https://space.stackexchange.com/q/26215/12102) and drew a red circle around "unsecure". I've also asked [Could an SE question that runs an SVG from a private website potentially be dangerous?](https://security.stackexchange.com/q/168857/115702) but that's unrelated. – uhoh Aug 30 '18 at 19:18
  • @SteffenUllrich this does seem to be a likely explanation. If you feel that you could rewrite that as an answer, I'm happy to accept it. – uhoh May 19 '19 at 02:26

0 Answers0