421 replies to this topic

[Infset]

Redirected when reading http://vatoto.com/read/_/333606/minna-esper-dayo_v1_ch3_by_golden-roze/15.

Ad page :

https://flirchi.com/sign/inter2?fb=1&gm=1&ht=1&fr=1&p=7877&pc=7877_inter&param=1&adwpl=3542&sid=15101716_07_43694_56226118ec8968

Another at http://vatoto.com/read/_/344405/minna-esper-dayo_v2_ch8_by_golden-roze/4:

http://www.secondlove.pt/?idev_id=1227 

Popup at http://vatoto.com/read/_/177260/gorudiosu-no-musubime_v1_ch3_by_agrypnia-scans/18

zeqzz.supergiftland.giir.info/?sov=1061655310&hid=bpjfbrlnnhblfb&nodl=nodl&redid=9502&gsid=428&id=XNSX.wVCQT099BM5JFOSNG8P7GMGE%3A%3Asweepstake3-r9502-t428

At http://vatoto.com/read/_/200095/gorudiosu-no-musubime_v2_ch5_by_agrypnia-scans/23:

http://fitgame.biz/track2.php?geo=PT&target=romeo-max-E5dmRWPp

Using Win7 32bit and Chrome.

Attached Files

•  Popup.JPG   124.41KB   0 downloads

Edited by Infset, 17 October 2015 - 04:28 PM.

[misrasce]

It repeatedly tries to get me to nagvigate to *.security-alert-browser-call-now.com

 

I took a look at the page source and it seems to be coming from the link:

http://ax-d.pixfuture.net/w/1.0/afr?auid=338511&cb=INSERT_RANDOM_NUMBER_HERE

 

visually it is a garbage iframe that has scrollbars so it's probably just too large that is flashing red and white. It's also apparently playing noise, probably trying to emulate some windows sound.

 

It's located in the ad on the top of the page of the reader.

 

Hope that helps in banning a malicious ad provider.

 

The page it came from was http://vatoto.com/read/_/350551/shokugeki-no-soma_ch139_by_casanova/7 .

Edited by misrasce, 17 October 2015 - 05:31 PM.

[CrazyYanmega]

I keep getting a weird "Not Quite A Popup" that states my computer is being hacked and I need to call a phone number. Is this something I should actually be worried about, or is it just a trap? This "Popup locks my browser and doesn't let me do anything, by the way."

[Natureboy]

Not sure, but it sounds similar to ransom-ware. Much better to clean/disinfect than call some weird number that's not associated directly with your security (anti-virus/anti-rootkit) software.

 

see next response

Edited by Natureboy, 17 October 2015 - 11:38 PM.

[Grumpy]

I keep getting a weird "Not Quite A Popup" that states my computer is being hacked and I need to call a phone number. Is this something I should actually be worried about, or is it just a trap? This "Popup locks my browser and doesn't let me do anything, by the way."

That is definitely a trap. Ignore it / try to get more details so I can report it.

 

-----------------

 

Since I'm replying already... I tried to confirm all three reports from today, unfortunately could not. I still sent the report as is, but usually takes longer to resolve when I can't confirm as I tend to provide them HAR data (see first post).

[Fadamor]

Bringing up a page of a manga was interrupted by my anti-malware, flagging a banner for lp.uplander.xyz as having "been reported to contain unwanted software and has been blocked based on your security preferences." You need to police what's being included in your ad packages better. Seriously, how could you trust ANY "site" that felt .xyz was the best domain extension for it?

 

Edit: Merged with already existing thread to deal with such ads, as a note: please follow the steps given in the first page to help us take care of these ads. Thank you.

Edited by Makiavel, 17 October 2015 - 11:59 PM.

[Thiron]

Got a text popup (congratulations you won) from the right-side ad in reader (Screenshot 1, Screenshot 2)

From frame info:

Address:

http://bowzz.prize-o-rama.giir.info/?sov=1188946499&hid=gmiwmgkgkwiokqkg&redid=9995&gsid=68&id=XNSX.wNC33N6N4DOUM0TN0TIRRPLE%3A%3ADAARonv-r9995-t68

Referring URL:

http://www.liveadexchanger.com/a/display.php?k=5622e51a3196a5765675.10858470&h=6e3ef40c60677a18dfe0de05297999b210dcd33d&ban=5765675&r=943205&iid=1445127450315624526156315597294890&exp=prpd&ci=%3D%3DwiLasxAXMzU%2F4laOpkUrtxGLMwOzM1PWJmTO4hTSIkUr9zP%2F8zPzM1PK4nCi5lDeI1NyM10St2LaMzU%2F4laOpkUrtxGLMwOzM1PWJmTO4hTSIkUr9zP%2F8zPzM1PK4nCi5lDeI1NyM11St2LaMzU%2F4laOpkUrtxGLMwOzM1PWJmTO4hTSIkUr9zP%2F8zPzM1PK4nCi5lDeI1NyM1sSdj&pm=%3D%3DA1aeJhTi5kRmakQWJ1&pabt=%3D%3DA1Fj9xmyaqHbI1&pc=PX8zAXMwFPMxCf8zOHsxGjtx&id=5765675&crr=1addbd0fe1acb9dd49f524ibzR2es4WdoBmaeh3YeRzLyMTai5FZqRXZupGdv5CN5IzNxMjLe5SZgR2cu4Wdv4WdgNmLusTc1VXa35667dd25c23b94432c1

[Fruitfish]

This pop up

Spoiler

on this page:

http://vatoto.com/read/_/350925/madan-no-ou-to-vanadis_v5_ch26_by_fallen-angels/3

 

and it just kept loading. It didn't actually redirect me or anything, but maybe clicking "OK" would've downloaded something. (The text says "Don't forget to clean up your Mac.")

 

(Mac OS X 10.10.5, Opera version 32.0.1948.69)

 

Edit: Another one just a few pages later in the same chapter, asking me whether I really want to leave this page and some french gibberish about something like "with this method you can earn a lot of money without risks bla bla".

Spoiler

Edited by Fruitfish, 19 October 2015 - 09:33 AM.

[Seiris21]

Not sure if this counts as an ad, but this has happened 2-3 times for me already. I thought it was just something I picked up on another website and reset Chrome, but it occurred again on this site. 

 

Page(can be seen in screenshot 000.jpg): http://vatoto.com/read/_/183803/gakkou-gurashi_v1_ch6_by_norway-scan/9

 

OS/Browser: Windows 7, Chrome

 

Seems like Fake malware popup, not really an ad.

The popup appears under the address bar and prevents scrolling on the page.  It seems like the popup also has the address of the page that is calling it, which can be seen in the screenshot.

 

After struggling a bit with the popup, it appears that the ad right above the comic image was also replaced with something similar to the popup. Chrome tab also indicated that the page was playing a sound.

 

Clicking ok removes the ad for roughly 2 seconds before it pops up again. Attempting to navigate away from the page in that time asks for confirmation to leave the page. There is also an option to "prevent further pop-ups on this page" which may just be a Chrome option.

 

 

Edit:

Happened again on http://vatoto.com/read/_/220147/gakkou-gurashi_v4_ch20_by_deeltl/18

Seen in images 001.jpg and 002.jpg

 

This time I also took a screenshot of the ad that I think caused it. It has a blue screen of death sort of color and a scroll bar. Looks like the text also mimics what you might see when you get a blue screen of death. It also plays sound.

 

Edit 2: 

This "ad" may just be malware on my computer.

With the help of Google-fu, I found this: http://malwaretips.com/blogs/remove-tech-support-scam-popups/

so it may just be something I picked up on my own, and not part of this site. However, I don't think it explains why an ad on this site would change as well.

Attached Files

•  000.jpg   148.47KB   0 downloads
•  001.jpg   119.11KB   0 downloads
•  002.jpg   165.64KB   0 downloads

Edited by Seiris21, 22 October 2015 - 09:16 PM.

[Fruitfish]

An ad started making sound with some guy talking. On this page:

http://vatoto.com/read/_/164687/himouto-umaru-chan_ch00--v2-_by_no-group/19

 

It's meant to take a lot more space, it's even possible to scroll down in the small ad window. The ad looks like this:

 

It also led to this popping up when I tried to get to the next page:

Edited by Fruitfish, 23 October 2015 - 12:14 PM.

[sexykoala]

http://puu.sh/kV6i0/d36754ff35.jpg

got me this one multiple times, asks me if I want to stay on the page or leave the page.
winning money (language is dutch

http://puu.sh/kV6ss/8cb4848b91.jpg

also this one

/ads/komoona160.html"

/ads/komoona728.html

maybe this helps I dunno

Edited by sexykoala, 23 October 2015 - 09:46 PM.

[Pseudocatfish]

I got a " call this number because my computer is at risk" ad with a repeating voice message.

http://vatoto.com/reader#6c3fec571eda9420_

 

Also this pop up message 

http://vatoto.com/reader#d8bab5411e8d9194_15

 

google chrome.

Attached Files

•  ad2.png   544.38KB   0 downloads

[Grumpy]

google chrome.

Oh. Make sure your chrome is updated. I added something that's only available in latest chrome (and other chromium based) version that at least should block those annoying alert/confirm/etc boxes. It's not fool-proof. but should cover like 90% cases.

 

Report itself is welcome. Thanks.

[Nolonar]

Annoying alert message.

www。reduxmediia。com/apu。php?n=&zoneid=11869&cb=${CACHE_BUSTER}&popunder=1&direct=1&${CACHE_BUSTER}

Dots replaced to break url.
 
By the way, I had a look at the iframe's Javascript and found this:

function doDownload()
{
        trigger_dl(false, 328, 1242, 'True', 'setup.exe');
}
window.onload = function ()
{
    var msg = 'UPDATE RECOMMENDED! Your version may be outdated. It is recommended to update your plugin now. To learn more click OK.';
    if (msg == undefined || msg == "") return;
 
    switch (1)
    {
        case 1:
            alert(msg);
            break;
        case 2:
            if (confirm(msg) == true)
            {
                doDownload(true, 328);
            }
            break;                   
        case 3:
            alert(msg);
            doDownload(true, 328);
            break;
    }
};
 
$(document).ready(function ()
{
    window.onbeforeunload = function (e)
    {
        if (!downloaded)
        {
            var msg = 'This window will close once the security update has been installed. ';
 
            var e = e || window.event;
 
            // For IE and Firefox prior to version 4
            if (e)
            {
                e.returnValue = msg;
            }
 
            // For Safari
            return msg;
        }
    };
});

 
It looks harmless from what I can tell. Not sure what the point behind this is.
 
Better take it seriously while it's still harmless, though.

Edited by Nolonar, 24 October 2015 - 05:51 PM.

[Cdpierson5]

I was going to report about the virus/security warning popup, but it seems a number of people already have, so I'll just add a few things I've noticed.  First, it seems to be harmless unless you do what it wants.  Multiple scans using different anti-virus/malware programs report that there is no virus/malware.  It's very persistent once it starts, appearing in one form or another on almost every page in the reader.  Getting it to go away gets progressively more difficult, eventually resulting in using task manager to close the browser.  I first noticed it about a month ago.  It started showing up about once a week, then once or twice a day.  With the reader change, it's become nearly constant...which makes reading anything virtually impossible.  Researching how to get rid of it has, so far, had little merit.  Most suggestions involve buying additional security programs which do nothing because there's nothing for them to do or reducing your internet security settings (medium to high settings seem to be what triggers it).  Don't know about anyone else, but to me lowering security to address a security problem is just a tad self-defeating. 

 

Edit:  I've checked it in Chrome, Firefox, and IE.  It occurs in all three.

Edited by Cdpierson5, 24 October 2015 - 06:36 PM.

[zel]

1.  Page I was viewing: http://vatoto.com/reader#51737d49d1294de9_5
2. 
3. When visiting the page a low warning tone sounded followed by the page being covered by a dark overlay and the message which only gave an option to download.
4. I am using a Mac OSX 10.6.8 and Firefox 41.0.2
5. Name of the advertiser: MACKEEPER SOFTWARE/system-protection.6offers.com

[KingofSushi]

I've been holding off on reading anything on here ever since I originally heard that the ads in the reader were shadier recently, but I'd just like to know if these ads are those rare ones that actually get past Adblock. If not, I'll just have that active until this whole shitstorm tides over.

[Samhill]

http://vatoto.com/reader#e3d3e2fb00248f69_10

 

 

Avast! Blocked the ad and gave me an alert saying it stopped an infection.

 

Mac 10.9.5 Chrome 46.0.2490.71 (64-bit)

 

The Avast! pop-up gave me a URL of PC E r r o r fixed . com/login . p h p

 

EDIT: The next page gives me this:

 

 

Page: http://vatoto.com/reader#e3d3e2fb00248f69_11

 

EDIT 2: Again:

 

 

http://vatoto.com/reader#8c45f7721da0e792_23

 

Have HAR if you need.

Edited by Samhill, 25 October 2015 - 08:44 AM.

[Fadamor]

Browser Hijack apparently from "hxxp://pcerrorfixed.com":

 

The screen after the hijack is in this screencap: https://dl.dropboxusercontent.com/u/59191044/aaaa.PNG

 

The last part of the HTTP log from Firefox is in this screencap: https://dl.dropboxusercontent.com/u/59191044/aaab.PNG

 

Please do something about all these bogus warnings. Rather than people leaving because you want to make them register on Batoto, they're going to leave because the ad service you subscribe to makes no effort to police their content and you are apparently unable to choose a different service.

 

P.S. The page the ad came-up on was http://vatoto.com/reader#b0a35fc7b4865ad9_13

Edited by Fadamor, 25 October 2015 - 05:37 AM.

[Fruitfish]

Again, an ad with a guy talking, this time in french. On this page: http://vatoto.com/reader#4da0fde9eff3f665_15

 

The ad linked to this website, but I didn't click it:

http://axp.zedo.com/asw/ads4/c?a=2396797;x=3725;g=29;c=1468002097,1468002097;i=0;n=1468;s=767;1=8;2=2;tg=1445775185;vr=4;m=4095;w=5;os=9;ct=0;u=AVjb9TjfS9i-Jkun6Nd3qA**~092415;z=0.19247183781463184;ainfo=;csv=1;dct=2067;dmf=;dvm=;dsr=;djs=;dhs=;q=;ctg=;pu=http%3A%2F%2Fbato.to%2Fads%2Fkomoona728.html;k=http://www.tapigy.com

At least this time it didn't stop me from going to the next page with a popup.