Assessment:  Small uptick in redirect activity originating from the Avazu platform targeting iOS users on iPhone and iPad Safari.

Additional Details:  Signature has been identified and blocked across 30+% of  Ad Lightning's clients.

Assessment:  Two additional active threats have been identified and blocked. 

• Campaign #1:  Two separate creatives have been hijacked by what appears to be a fraudulent Appnexus "reseller", causing redirects across various Publishers.  Campaigns are heavily targeted towards iPad/Safari and are utilizing the images below.
• Campaign #2:  Three new malicious signatures have been identified that follow similar patterns of obfuscated code attached to legit creative payloads, driving unwanted behaviors for iPhone users.  Originating DSP for this campaign has primarily been identified as AdMixer.

Additional Details:  To date, 1M ads have been impacted across Ad Lightning's partners.

Assessment:  Emerging redirect campaign detected and blocked.  The ads are loading a malicious cloudfront script that subsequently loads fingerprinting logic to determine if the user is on a mobile device, and will perform a redirect if it's an iPhone.  If not, it's loading the hijacked ad campaign below.

Additional Details:  Campaign has been targeted to US residents only.  Primarily one SSP appears to be impacted.  Originating DSP is PocketMath.

Assessment:  Currently blocking an increase in malicious activity in the US & UK impacting over 360 domains and 60% of Ad Lightning publishers.  

Additional Details:  Campaign is targeted specifically to mobile, primarily iPhone and at least 3 major SSPs.  As of 6/27 this signature has been blocked across ADL partners almost 1M times.

Assessment: Emerging redirect threat impacting over 40% of Publisher clients.  Spiked on 6/22, continuing through the weekend.  Accounted for 10% of weekend blocks.

Additional Details: Multiple SSPs have been impacted.  Originated with The Trade Desk DSP.