A
A
Alexey Klyonin2020-02-14 09:52:04
Information Security
Alexey Klyonin, 2020-02-14 09:52:04

How to find the source of downloading third-party ads in browsers?

Good afternoon.

I ran into a problem, third-party ads are displayed on some sites in my browser (browsers).
Initially I thought it was a virus, I completely checked the PC with utilities from DrWeb Cureit, Kaspersky, malwarebytes.com/adwcleaner/.

The first one did not find anything, the second one did not find anything either, the third one found DriverPackSolution files, I deleted them all.

Reinstalled Chrome (because I thought that the problem was originally in it).
I cleared all the caches with my hands and ccleaner.
And all the same, this third-party advertising appears, it looks like a banner (see screenshot).

5e4643c8692f9354043754.jpeg

The problem appeared out of the blue, 2 days ago, before that there was nothing. I didn’t install any third-party software, I also didn’t climb on incomprehensible sites, I didn’t download anything. No one uses a PC except me.

Also, the problem was detected using a smartphone connected to the same Internet through a router. Those. a banner also sometimes appeared on the phone.

If I change the provider, turn off my home Internet and connect from the Phone, the problem goes away and everything works correctly.
The provider, by hook or by crook, claims that this is not his doing, and he has nothing to do with it. Technicians came, changed the firmware on the router, reset everything to the factory settings. The result is the same, the banners still appear.
Moreover, they came with their PC, connected to my Internet and they don’t have this banner on the same sites, but I have this banner, but they have a bunch of Adblocks and Antivirus software on their PC.

Summary:
Banner not always displayed (on my PC)
The banner is displayed on the phone (connected to the router - less often, but I definitely saw it a couple of times)
No viruses were found on the PC On the phone (Android), in general, everything is thrown into the factory from add-ons only Google Chrome from the
official playmarket I'm not here The banner is displayed only on sites with http, it has never been with https It is displayed both on my sites and on third-party sites, on completely different CMS and servers (in order to exclude the infection version of the web server) The banner is displayed in different browsers Chrome, Firefox, Yandex (moreover, Yandex includes ad blocking, their standard feature.)
I also checked it on a virtual machine running on Windows 7 (Host on 10), it also displays a banner (I think this eliminates the possibility of infection of the Host)

The banner is embedded in the html when the page, most often at the very beginning.

How can I find the source from where this whole thing is pulled up?

Answer the question

In order to leave comments, you need to log in

7 answer(s)
C
CityCat4, 2020-02-14
@CityCat4

The banner is displayed only on sites with http

It's definitely a provider. The support here is especially useless, they may not be in the know. Prov sees the http connection and crashes into it.

V
Vladimir Korotenko, 2020-02-14
@firedragon

Chemical provider. By the way, who are you?
This caught
Tele2
Rostelecom
Megafon
Beeline
In the general case, this happens on http sites, the script is inserted at the top of the page
https://github.com/vkorotenko/kickout-ads

I
irishmann, 2020-02-14
@irishmann

The banner is displayed only on sites with http

The provider is joking. The megaphone also has the same stupid habit.

V
Vadim Priluzkiy, 2020-02-14
@Oxyd

The provider sucks.

G
granty, 2020-02-14
@granty

Technically, there are 3 options for the appearance of such advertising:
1. provider
Usually inserts on http-pages. Ads appear in all browsers of the computer.
Check if there are ads on https pages, maybe your ISP has also got MItM SSL .
You can check the provider by installing a VPN - the provider will not be able to interfere with it.
2. Browser plugins and extensions
Insert ads even on https pages, and on any VPN, so they work from an already decrypted page in the browser.
Ads appear only in the browser with the plugin installed.
Particularly dirty (such as mail.ru agent) are installed at the operating system level and crap in all browsers at the same time.
3. Virus
It can also insert ads in all browsers.
Judging by the fact that you have shown decent advertising, these are the tricks of the provider. Viruses and browser plug-ins would show you something obscene.

K
Kostushko, 2020-02-22
@Kostushko

This is Rostelecom, I have the same thing. The first js script from the domain redirects to r.analytic.press and loads ads and the original script from there.

B
Bodrosh, 2020-12-23
@Bodrosh

Faced the same problem, as a result, the router became the culprit, tk. directly without it, this ad does not appear. Router Rostelecom, and how it got into it (or was originally supplied with it) - has so far remained a mystery.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question