Skip to main content

Malicious Redirects via Mediavine Ad Stack

Chris DelliSanti
Edited

Hi Journey team,

Multiple publishers (myself included) have experienced malicious redirects served through Mediavine’s ad stack, and it does not appear that these incidents are being escalated or investigated at a security level.

While visiting my own site today from my father’s home Chrome browser, I experienced a forced full-page redirect from a blog page to a malicious site. When I attempted to open DevTools, the malicious page immediately redirected again, this time to a Google search landing page. I recorded the redirect URL, my IP address, and the approximate timestamp.

I’ve thoroughly verified that my server-side code and database are clean. Based on the behavior and timing, I believe this originated from a malicious ad creative served during Mediavine’s auction process.

  • This was not a popup inside an iframe, it was a full-page redirect
  • The redirect URL included user metadata (ISP, region, browser, OS, etc.) and campaign-style identifiers

I found multiple reports in this community involving spam redirects, fake reward pages, and other malicious behavior. In several of those cases, publishers were told the issue did not exist because a representative manually visited the page and could not reproduce it. However, these scripts load dynamically during the bidding auction, and manually visiting the page later is very unlikely to reproduce the behavior. The absence of an issue during a spot check does not rule out a malicious advertiser in the auction pool.

Previously, I emailed Journey looking for guidance on tightening my CSP to reduce exposure to risks like this and was told no assistance could be provided. Now that there is a documented incident affecting real users, I’m hoping this can be escalated to the appropriate security team.

I’m happy to provide logs, timestamps, redirect URLs, or additional details privately if needed. I’m posting here primarily for visibility and to understand the correct path forward when incidents like this occur.

Related reports from this community

 

UPDATE:

I experienced the redirect again this morning while home. I have the following data ready for the security team including:

  • timestamp
  • IP address
  • URL of originating page
  • and a plethora of IDs/URLs I scrapped from the malicious page source

Please provide a secure way for me to send these details directly to your security engineers.

 

1

Comments

3 comments

Date Votes
  • Support
    • Journey Support Team

    Hey Chris,

    Thanks so much for reaching out. The behavior you're experiencing is unfortunate, and I'm sorry for the poor experience. While ads do load into safe frames (as outlined in one of the examples you sent along), bad actors will find ways to circumvent this failsafe, resulting in a redirect like what you're experiencing. This behavior doesn't stem explicitly from our script, but is likely coming through from one of our ad partners. 

    We count on our ad distributors to have due diligence when checking for ads to ensure that this behavior does not happen, but from time to time, ads like this can slip through. The majority of readers getting ads served to them will not see this happen, though.

    I'd be happy to connect with our ad operations team and file a report - if you happen to have a screenshot of the exact redirect you're seeing, as well as a link to the page in question, I would be happy to pass this along. We'd be happy to keep your post from displaying publicily as well, if you would like.

    Thanks!

     

    0
  • Chris DelliSanti

    Thank you. I would like to be connected with the ad operations team to file a report and I would like this post to be public as a resource for others.

    0
  • Support
    • Journey Support Team

    Hi Chris,

    Our ad operations team is working with one of our partners to address the pop-ups you're seeing. For security reasons, we cannot comment on the status of these reports, but I would be happy to pass along any of the following information if you're able.

    • Platform: iOS, Android, Windows, Mac OS, etc.
    • Device: iPhone, Android phone, Tablet, Desktop, etc.
    • Browser: Safari, Chrome, Firefox, Internet Explorer, etc.
    • Geolocation: The location of the viewer affected by the redirect.
    • The specific webpage URL is also useful.

       
    0

Journey is Self Supported

Our support staff is monitoring this forum everyday for bugs related to ad delivery, the display and functionality of the Journey dashboard, and any bugs related to the onboarding process. We are typically unable to assist with non-bug related issues like RPM performance expectations, issues setting up the ads.txt file, and questions already answered by our existing help docs. Read here for a more detailed breakdown of how Journey is self-supported and our recommendations for how to find answers to common issues.

Please sign in to leave a comment.

Powered by Zendesk