This malicious campaign has two methods of triggering the redirect. They attempt to load a script by writing a script call to a jquery file from
The ad that is loaded along with this malicious payload is a simple image (either a logo, or a stolen Amazon Fire TV Stick ad) that actually takes a user to an Amazon listing for a firetv stick.
There seem to be two different campaigns active at the moment - one leading to healthnotetoday(dot)com and the other leading to various giftcard scam pages.
Affected Platforms: GumGum (buyer has been blocked) & Between Digital