UPDATE: As of August 2021, the behaviors described in the article are no longer occurring, and the sites have been clean of popups for over 90 days. We are continuing to host the article for historical documentation purposes.
Voice Media Group, a Denver based media & technology company, manages the web-design & advertising operations for several large digital news sites across the USA.
After changes made in mid-January, users who attempt to click articles have their browsers hijacked by AdSupply pop-under scripts, and are directed to scam sites that amplify misleading & untrue claims.
The publications in question are:
- The Houston Press / houstonpress.com; claims 2.5 million monthly active users
- Miami New Times / miaminewtimes.com; claims 2.2 million monthly active users
- Westword / westword.com; claims 1.6 million monthly active users
- Dallas Observer / dallasobserver.com; claims a million monthly active users
- Phoenix New Times / phoenixnewtimes.com; claims a million monthly active users
- Broward Palm Beach New Times / browardpalmbeach.com; claims 700k monthly active users
Unpacking the Pop-Under Problem
Since the beginning of the year, we’ve been taking to our twitter feed to highlight publishers who try to monetize with Google Ads, while also breaking Google’s policies on sites with pop-unders. (Spoiler alert: “Publishers are not permitted to place Google ads on sites that contain or trigger pop-unders.”) Voice Media Group’s sites monetize heavily using programmatic ads, including Google Ads.
We scan & interact with millions of sites a day, and on Jan 14th we detected the presence of AdSupply pop-under scripts on the Voice Media Group’s news sites.
In a previous post, we did a deep dive into how AdSupply code is used to launder traffic from one site to another, but this case results in traffic being sent to different destinations. From our tests in the past 24 hours, there is not a significant difference in the destination of a user within the USA (the likely audience of these publications), though this does not imply that the total list of destinations is known.
To find metadata about the AdSupply adsystem’s operations on a page, you can type “g367CB268B1094004A3689751E7AC568F.Media” into the chrome console, and get a dump of many relevant parameters, for example:
Some relevant information contained within this Media object:
- MediaType: PopUnder in this case
- RedirtectUrl: the actual destination of traffic cannot be unpacked until you follow these redirect URLs; luckily the tools are available here for us to do just that. Normally this URL is loaded into a new window that is generated by a link click
- PublisherRevenuePerView: we saw an average of about 1/3 of 1 cent per view for this value
This “g367CB268B1094004A3689751E7AC568F” object also contains many of the same client side parameters (not shown for privacy) that fraud detection companies take into account when making their IVT decisions. This makes sense, because a full fraud scan is part of their process when determining whether or not to show an ad.
Pop traffic vendors often employ fingerprinting techniques to reach only specific users, a practice known as Cloaking. If you are not in their narrow interest group, you may be served a placeholder creative, and we are not ruling out the possibility that this is what we’ve measured as the destination.
Still, considering that a majority of users may be served the placeholder creative, and that these publishers claim millions of unique monthly visitors, traffic to placeholder sites represents a signification manipulation in traffic patterns & site rankings.
Destinations of Traffic & Misleading Claims
The following video shows an example of how users from Voice Media Group sites arrive at suspicious affiliate marketing pages:
Based on our recent measurements, traffic created from Voice Media Group news pages arrives at:
healthynews.group (Alexa rank has risen from ~1mil -> 250k in the past 90 days). Poses as a publisher known as “The Right Wing Health”
cogniv-boosters.com (Alexa rank has risen from 750k -> 275k in the past 90 days). Poses as a publisher known as “Neuro Times”
yourrealupdates.com (Alexa rank has risen from ~1mil -> 129k in the past 60 days). Poses as Health.com; same font as the official site, but with a different color.
dailymedjournal.com (Alexa rank has risen from ~1mil -> 380k in the past 2.5 weeks). Poses as Business Insider.
Why does it matter?
- These shady health scams put visitors at financial risk, because they rarely are accountable for the quality of goods sold. These business can start & shutter in the span of months, or weeks.
- Pop-unders / forced navigation are explicitly banned by Google & other quality publisher networks. The continuing Google advertising activity by Voice Media Group represents both a breach of their contract with Google, and puts their relationships with resellers / other ad-networks at risk (not to mention their employees’ well-being).
- Thirdly, and perhaps most importantly, this represents a breach of trust with the readers of Voice Media Group’s publications. They already aggressively monetize the space on their pages, and now they are responsible for an increasingly negative user experience which puts readers at risk
If you’re interested in staying up to date on these, and other sites that create hidden pop-under & force navigation on users, reach out to use at firstname.lastname@example.org to discuss data-feed options. Also, feel free to try out our tools at a free level by visiting dashboard.deepsee.io.