First things first, if you’re getting redirect or malware complaints, do you have blocking implemented? If not, reach out to your Account Manager to sync on next steps regarding implementation. If protecting your site against malicious ads is your main concern, our blocking solution offers the most comprehensive coverage.
If you already have blocking implemented and your site is the target of a new malicious threat, below are the next steps you and your team can take to help track down the offending ad.
1. Add the destination URL to your denylist in Ad Lightning’s dashboard. (Navigate to 'Settings' in the upper right-hand corner of our UI and click on the third tab, labeled 'Denylist.')
2. Alert the Boltive team to the issue and provide as much detail as possible:
HAR file <-- this is the gold standard and will help us most efficiently track down the issue
Screenshot
Landing page
Article URL the issue stemmed from
Destination URL (only provide this if you happen to have it; never click on a malicious ad!)
Location where the ad was observed (city/state)
Date/time
User's external IP address (a service like https://iplocation.net/ can make it easy to get the reporter's IP address)
Connection type (WiFi or data)
Browser and browser version
Device type (ex. laptop, iPhone 16, etc.)
Operating system (ex. Windows 10, Mac OS Sequoia 15.5, etc.)
Once the Boltive team is made aware of the issue, we’ll spring into action on our end by:
Temporarily bumping up the scan frequency for your site (if applicable)
Attempting to reproduce the issue and identify samples using the details provided to us by your team
Keep in mind:
The bad actors are constantly evolving and finding new ways to spread their malvertising efforts and it’s rare that the final destination URL of a malicious ad will effectively block a redirect, since they typically aren't present in the ad markup.
Our redirect blocking tech leverages the ability to detect and block specific malicious behaviors, as well as the items on our denylist. Our denylist is constantly being updated by our security research team, and is derived from a combination of manual threat research, industry partners via data sharing, and an AI-backed automated detection/response system.
Common Questions
I'm not seeing any of the new URLs we've added show up in the UI. Should they be?
Most of these redirect blocks will appear under Wrapper > GAM > filtered by 'Potential Redirect'. These are ads that we've detected specific behaviors present in redirects and blocked them.
Does blocking a URL signature on a redirect attack do anything? Isn't the whole point of a redirect attack that it's really hard to block using the URL?
This depends on how the redirect is being loaded. We have seen instances where the redirect landing page is in the markup, however the more sophisticated threat actors do not typically do this. That said, the full redirect landing page URL does help us gather more details on the threat.