Re: Best bit of GDPR is...
"..finding out all the shitty business' that advertise on small local rag sites. Go to those sites on an Android and you get hit with full screen popup ads, some nasty ones that
popup false virus infections "Download our app to clean it" and ones that force you straight to the Play store to install their app or game. Now we can see all thosecompanies."
Yes Indeed!
Some of us have already been doing just that.
After reading this article:
https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/
I copied a small section of the hex code and did a quick Google search and found that there were a disturbing amount of hits.
One of which was from a hacked official website for a past US Presidents library.
I used an online URL scanner that allows you to spoof the user agent and referrer to bypass the checks and got simillar reseults as Sans with one of those nasty pop-ups
that said "Congratulations!, you've been selected to win a $100.00 gift card from Amazon!".
I went further by cross-checking domains on a different site and got:
consumerproductsusa.com
43,097 25/smtp, 443/https, 443/https_www, 80/http, 80/http_www
Congratulations! sni185339.cloudflaressl.com, *.americancheddar.com, *.consumerproductsusa.com
usarewardspot.com
73,157 443/https, 443/https_www, 80/http, 80/http_www
Congratulations! sni104900.cloudflaressl.com, *.anchorprojects.co.nz, *.bandaging.bid
explorereward.com
95,180 443/https, 443/https_www, 80/http, 80/http_www
(1) Reward Explorer sni205982.cloudflaressl.com, *.bilgisayarkursubul.com, *.bioltech.tk
consumersrvycnter.com
157,649 25/smtp, 443/https, 443/https_www, 80/http, 80/http_www
Congratulations! ssl385353.cloudflaressl.com, *.consumersrvycnter.com, consumersrvycnter.com
electronicproductzone.com
161,337 25/smtp, 443/https, 443/https_www, 80/http, 80/http_www
Congratulations! sni104900.cloudflaressl.com, *.anchorprojects.co.nz, *.bandaging.bid
retailproductzone.com
177,379 25/smtp, 443/https, 443/https_www, 80/http, 80/http_www
Congratulations! sni80345.cloudflaressl.com, *.4i59zbooks.cf, *.appofthedaygiveaway.com
nationalconsumercenter.com
342,185 25/smtp, 443/https, 443/https_www, 80/http, 80/http_www
Congratulations! ssl385692.cloudflaressl.com, *.nationalconsumercenter.com, nationalconsumercenter.com
Playing Devils advocate here, the domains listed above may not know that users are being directed to their sites by malicious JavaScript and I in no way make any
suggestion otherwise.
@steviebuck: I'm not sure why you got a downvote on your post?
Oh yes I do, there are a few corporate shills that tend to downvote anything that may reflect badly on their companies.
Sometimes I use downvotes to judge whether or not I am on the right track when hunting down "bad actors".
Commence with the downvotes!
Biting the hand that feeds IT
