Quote Originally Posted by pinzgauer View Post
While I still think the problem ads are in the gunbroker ad carousel, it appears to be via a fourth party ad network in the mix causing the problem. It's the non-firearm related ads with the yellow star in the lower right. (Yashi network?)

It might take 20-30 reloads to get the bad ad, but if you are patient it can be duplicated. I've duplicated on android and windows directly via the ox-gunbroker link. (OX is openX, gunbroker's hosting provider)

The ads are either "flash player out of date" malware, or similar for java on desktop browsers. On android they are the "you have a virus" or playstore redirects. pubmatic is a common one, and is a known mal-ad provider.

They also do not occur if you are forcing use of https via an extension, as that bad ad content do not have valid certificates. (another reason you may not be able to duplicate) The legit ads do not have an issue with https. (I use httpsanywhere, but similar is not available for most mobile devices)

There is also a clear difference between the gunbroker placed ads and the ones served via the 4th party ad network (Yashi? pubmatic? eyecyou?) in behavior and structure.

My recommendation would be to disable the gunbroker iframe in the vbulletin code until their ad carousel is only serving their native ads and any 4th party providers are disabled.

That will not effect the native m4c sponsor ads, and hopefully the site is not dependent on click through revenue from thirdparty ad networks. You don't want to risk ill will from ad hijacks rolling onto your native site sponsors as users cannot differentiate.
Yep the yellow star is a hyperlink to the Yashi network and embedded into the banner iframe. Yashi is known to introduce popups, redirects and are apparently the source of the banners erroneously claiming your system needs to be updated or has a virus.