Computing desk
< April 29	<< Mar \| April \| May >>	Current desk >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is a transcluded archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

April 30[edit]

Whataprizesyouwant[edit]

About once a week the page I'm viewing is suddenly replaced by one claiming to be from whataprizesyouwant.stream/?isp=Virgin%20Media%20Limited&td=track.tastyfoodcombos.com&<<long random string>>. It correctly identifies my isp and urges me to click to claim my prize.
Obviously I don't. My antivirus is up to date, and malwarebytes doesn't report any problems, so I'm intrigued as to where this is coming from. I'm surprised that that domain doesn't get any matches on Google. Using Chrome on a fully patched Win10 PC. Rojomoke (talk) 07:19, 30 April 2018 (UTC)[reply]

Where does this happen? If it happens on free porn sites, dodgy (i.e. copyrighted content without copyright holder's permission) streaming sites, and some dodgier torrent sites or other sites which provide links to or access to copyrighted content without the copyright holder's permission, what you're doing seeing likely coming from some ad on the site itself and is expected behaviour and nothing to worry about, except for the fact that it does demonstrate you could be at risk from other dodgy practices, in particular browser or plugin exploits to at least in part compromise your browser. (They could also run a miner.) At a minimum, keep your browser up to date. (Running something like Noscript will greatly reduce your risk as well as stopping a lot of stuff like this albeit at the expense of also affecting stuff you make care about.)

On the other hand if you're seeing this on the actual BBC or iPlayer, on Google itself, Wikipedia, Amazon and other such sites what you're describing is much more concerning and suggests maybe something isn't right probably on your computer's OS or browser or very slightly possibly on your router's settings. To be fair, for any site which allows complex ads, especially if they allow Javascript, it's possible they will accidental let such a dodgy ad through, so really only Wikipedia and probably the main Google site of those can you be fairly certain it's not coming from the site. Most sites like that are fairly good though, so it's fairly rare you'll see it on places like the BBC or Amazon. In particular, if you've been seeing this for months, from sites which are very careful with their ads I'd be concerned that it's been happening for so long. (However it can come and go, so if you saw it 5 months ago a few times and recently a few times, that's less surprising.)

BTW if you search for track.tastyfoodcombos.com you find a bunch of results. I'm not actually seeing it associated with compromised devices. More likely ads, although the source isn't always identified. [1] [2] (eBay is one you wouldn't expect it to occur for that long) [3] [4]. Due to blocking etc, the URLs used to serve the content is often only used for a short time or even if it is used for longer, so many are used that it can easily be missed.

The 'correctly identified my ISP' is not surprising, any site you visit without going through a proxy or VPN which hides your IP will be able to do so, this includes sites which are only part of the page e.g. ad sites.

Nil Einne (talk) 10:12, 30 April 2018 (UTC)[reply]

Thanks Nil Einne. Today's instance occurred while I was on pogo.com, so a reasonably reputable site. Once a week was probably overstating things. I've had it happen three or four times over the last few months. I'll keep track of where it happens in the future. Rojomoke (talk) 17:58, 30 April 2018 (UTC)[reply]

The whatprizesyouwant.stream domain was registered on 4/29 so there wasn't time for anyone to complain about it. There are too many pages that allow ads which go full screen. I think some sites let it happen, especially when they sell an "ad-free" option. StrayBolt (talk) 08:23, 2 May 2018 (UTC)[reply]