Assessment: Redirect attack originally detected on Oct 11th is redirecting users to variations of “(today)bestgift(s).space/host/xyz/site”
The attackers leverage their malicious payload via Amazon AWS CDNs using random file names and various methods to evade detection (eg. encoding parameter values, breaking up urls into chucks and recombining). The payload they deliver is highly obfuscated. The attack first loads an alert that a user has to click to close and then loads a variation of an Walmart Giftcard Sweepstakes page targeting various ISPs.
Affected Platforms: Pubmatic, Index, SOVRN