Home > Paid Traffic Sources > Adult Traffic (NSFW)

---

HELP: TrafficJunky's Gone "Malware" Mad! (31)

---

This is driving me crazy.

Yesterday morning I woke up to find every single ad on every single campaign I was running on TrafficJunky had been retrospectively rejected.

Why? Well - apparently this:

or this or this

The first thing I did at this point was to check my campaigns and I immediately spotted a potential problem in that I had been using a catch-all non-Geo redirect to a global offer which apparently was no longer running. This offer was now redirecting to some kind of giveaway / prize page and since I'm guessing this is what the reviewer might have landed on if accessing from an untargeted Geo IP it could be the problem.

To solve this I painstakingly went through every single active and inactive TJ campaign in Voluum and turned off the that rule / offer. I also notified the network the offer was on that I thought the problem lay with their expired tracking link.

Outlining my problem to TJ in an email style dossier I apologised for not noticing what had been happening with my campaigns, assured that 99% of traffic would have been going to my targeted landing pages as opposed to this remnant offer and requested that all the rejections were reversed.

I live on the other side of the world to TJ HQ so it was a good 12 hours later before I saw my campaigns resumed. Still though, losing one day's worth of TJ campaign earnings isn't the end of the world and it's a lesson learnt providing the problem is solved...

... But apparently it wasn't solved!

Within an hour or two of my campaigns being approved I begin to get a plethora of TJ emails stating "Ads Rejected" again in my inbox.

At this point it's 1am in the morning and I'm pulling my hair out whilst sending off emails to support.

The thing is now I have absolutely no idea what's going on.

I cannot find any reference to these links / redirects anywhere and now I'm of the opinion that the giveaway offer as above probably wasn't even the problem at all!

Now it's worth saying here that this is not a gripe at TrafficJunky. I really like TJ. The quality is good. The support is good. I've never had a problem with them before this point. My sole agenda here is to get my campaigns back up and running.

From the rejection notices and email correspondence it's obvious that the approval guys are seeing something but what that something really is I just don't know how to find.

Things I have done:

• Check the tracking link itself with Geo specifc VPN and no VPN
• Check all campaigns are set-up correctly in the tracking platform
• Run the tracking link, LP address, offer click URL and offer itself through Google Safe Browsing. "Not suspicious" status given on all counts
• Recorded a screencast of me clicking from tracking link through to offer on a number of rejected TJ campaigns with no problems / no warnings and sent it to support

Now I'm at a loss because I simply cannot replicate what they're seeing.

I have asked for them to record a screencast themselves and send to me where these malware warnings are actually showing up so I can debug but so far nothing.

I got the impression from the numerous times I spoke to their support that they are extremely busy with this at the moment and my ads were not the exception. They have bucket loads of ads with the same problem and their priority is to make sure their sites themselves (Pornhub, YouPorn, Redtube etc) do not themselves get flagged with malware warnings because of advertisers.

So I guess my first question is am I alone here or is anybody else experiencing the same thing?

More importantly, does anybody have any idea how to fix it?

Has my server been compromised by some kind of injection attack? But - if this is the case why am I not getting the same warnings when using the same URLs? Is there some kind of server malware scanner somebody can advise?

My thinking at this point is to boot up a new server on a new domain for LPs and change the Voluum tracking URL too. But this is a pretty damn massive project to take on considering the number of LPs I'd have to port and changing all campaigns affected both in tracker and traffic source considering I still can't see the problem I'm trying to solve myself - and if I simply transfer them across wouldn't I transfer any presumed problem too?

Suffice to say: HELP!

---

Change up your domains / lp domains and / or create a new campaign from scratch to get past issues like this.

---

Are you geo-redirecting with Voluum to send all X country traffic to your aff link and all =/= X country traffic direct to the offer, or are you trusting that your affiliate link is doing exactly what you want?

Also, can you find TJ ISP/IP info from Voluum and create some rules to better protect the click flow?

---

I'm in processing of creating an alternate LP domain. But even if for whatever reason this works it doesn't identify why I am being labelled as linking to malware when I have never been able to replicate this myself. To change the tracking link as well becomes a nightmare because it effects every campaign running on alternate sources which have no problems.

Edit: Just realised I can set-up backup tracking domains in Voluum that would make this more manageable... I'll do this too - but still doesn't source to the root of the original issue.

Originally I had X Country > X LP > X offer. If user != X Country then send to Y offer. I have now completely eliminated this rule so all clicks go to the same LP/offer combo no matter what geo and I'm still getting campaigns rejected.

---

Hey Prof,

Please send me a private message with your user account.
I'll touch base with the validation team and check what might be happening there...

Anton

---

Thanks for your response Anton.

PM sent.

Hopefully we can get to the bottom of this soon.

---

Feeling pretty deflated with this now. It's been a few days now and despite best efforts on both sides it still feels like I'm constantly smashing against a wall.

I have some more info about what's going on that's worth sharing in case anyone else ever suffers a similar fate.

This is what TJ is seeing:



To explain further, they're not even getting to my Landing Page.

Here you can see the campaign as set-up in Voluum where it's clear they are being direct linked through the "IF Not 'Same As Campaign'" through a network to an offer which eventually ends up as being flagged for malware.



So I can see where TJ are coming from and it makes perfect sense for them to flag and reject my ads on this basis. I should just remove that rule and offer right?

Right.

This is the same campaign as it has stood for the last 24-48 hours now with the parts that were causing problems removed.



I can explode / expand my Campaign URL through any "WhereDoesThisLinkGo?" style service to confirm this:



But for whatever reason - I really suspect a caching / proxy or whatever fault on their end - they are STILL supposedly getting redirects to the "malware" page...

A URL which actually no longer even exists within my tracking platform. I've deleted the URL, archived the offer and removed the rule from every campaign it affected.

TJ have been working for hours and hours with me on this now and I understand their position: they can only act on what they are seeing. Unfortunately, what they're seeing doesn't align with what every other computer / network connection / VPN / redirect checking service I've tried thus far is seeing.

In attempts to solve the problem so far I've changed my tracking link domain, changed my LP domain, re-imaged my server onto a fresh IP address, and created new campaigns within TJ incorporating all these new additions. Same redirect called out. Same problem.

I'm running out of things to try but I'll keep you posted.

If anyone has any other suggestions please feel free. With the weekend looming its last chance saloon tonight.

---

It sounds like you've done everything possible on your end.

Have you checked the affiliate URL to make sure it doesn't have a GEO or IP redirect on it?

---

I agree.

There's no geo-redirect on the offers. And this isn't just one offer. This affects every campaign I'm running across about 4/5 Geos with the same number (+1 or 2) offers between them. I don't even think TJ are getting as far as the offer though. Or my LP.

The last thing I am doing which I'm carrying out right now is to create completely new Voluum campaigns. I've also deleted every creative I've ever uploaded from TJ and will be creating fresh campaigns again.

Fresh campaigns in both TJ and in Voluum + fresh creatives + fresh tracking link on another new tracking domain.

After this I literally have nowhere else to go.

---

Does your log file on your web server show any hits arriving at the supposed "malware" address? That would definitely be something worth checking.

Also, have TJ refreshed the cache on their web browser? You've probably thought of that, but worth checking.

Could you ask them to screen-share whilst they go through the link to the "malware" location? That might give some useful diagnostic info.

Sounds like an enormous pain in the ass of a problem - sorry to hear about it, and hope it gets resolved.

---

Hey,

I was the one working on this with prof yesterday...
What happens is likely not a cache issue (and certainly not browser cache), what happens is the following:
1 - prof submits the ads
2 - We review them and see nothing wrong - we approve the ads
3 - Some time later we receive an alert from our monitoring tool that SOME of the traffic goes to the malware page.
4 - We are then bound to reject the impacted ads.

Our read on this is that the issue is that SOME of the traffic is redirected away from the offer page after the redirection is done.
Since it's only a little share of the traffic, it's not detectable when reviewing the ads (one would need to click 100 times and get lucky - I don't know what the actual share is).

This is at least what the first screenshot shows.

Having said that, since is using several programs and unless all programs redirect some of the traffic they buy on a separate pages with malware, there must be something else at stake.

I'll validate the ads prof just uploaded and cross my fingers.

I keep a very close eye on this and hope it gets sorted out quickly. Believe me: we are not happy about this situation either...

---

This was one of the first things I checked because one of my initial thoughts was that my server has been infected.

There's no indication of anything suspicious in any of my server admin, nginx, php or any logs. I don't actually think TJ are ever actually getting to my server. The redirect was sent originally sent through Voluum as a direct link thus bypassing my server completely.

I'm confident my server is fine although part of me wishes it wasn't because that would have been much easier for me to solve! Ha.

This is where there's a bit of confusion.

Whenever I submit new ads they get approved. It's only after an hour or so that then then suddenly get retrospectively rejected.

Now what I'm imagining is happening - and I'm guessing here but I don't have anything else to go on - is that they have some kind of alert system that flags suspicious ads post approval. Maybe it's some kind of crawler bot which goes through and checks links? I'm not sure. But in any case it's when some kind of alert is received that they begin ripping my stuff down again.

So - if my theory is correct here - when the approvals take place they click through to my LP and see the same thing I do... No problems.

Then later on this alert starts popping up later they're under instruction to take down campaigns based on its notifications and put through the rejections based on the error its creating rather than what they're seeing themselves?

I think it's this second part of the approval process where the issue is - whether its some kind of outdating caching of my links or some marker on my account which is causing false flags? I've no idea. I don't know their approval process and I'm purely speculating.

But yes your right. If this really is a problem coming from me (which I'm really beginning to think it isn't!), to follow this up any further I need an actual video of what they're seeing so we can debug.

---

So.. why don't u go granular.. testing one thing at a time?

Upload just one camp, with one lander, with just one offer, not rules. If it goes well after 24 hours, then create another camp for another GEO, one lander, one offer.

Then start setting up one rule at a time.

If you keep uploading everything at once, it will be difficult to isolate the issue.

It might be some kind of redirect/rotation on the network end, or on the merchant end with one of the offers. Maybe something too specific.

Good luck!

---

So what I theorized was happening is pretty much correct.

In troubleshooting this for days now I've clicked my own links probably well over 200 times and never once seen a bad redirect so I really am wondering how an automated tool might be getting different results.

Topping this off I've just put one of my click URLs that's been rejected through "WhereDoesThisLinkGo?" another 50 times and it's always sending to the correct landing pages.

Furthermore, over the past 3 days I've likely submitted 200 ads or so for review in trying to sort this out. NONE of my ads have been rejected by ANY reviewer for malware. The rejection ALWAYS comes retrospectively.

This leads me to believe that the chances of coming across this malware manually by a human is actually pretty nigh impossible. Having studied the inside of my campaigns over and over again I'd actually stake money on it being impossible in fact...

... Yet the bot doesn't agree.

Now I'm not great with maths but if we can't find this mysterious redirect in between us 450-500 clicks then I can't help but think the bot is getting extremely lucky, extremely often.

---

Great service! Other traffic sources should learn from this level of support.

---

Yeah I back this up that the effort to get it superb. It's just extremely complicated to diagnose.

---

Same thing has happened to me today:


----
Hi [username]! We have reviewed 1 of your Ads, check it out:
Ad(s) Rejected
Please read the review note to understand why your ads were rejected

Review Note: Suspicious URL was identified after clicking on the banner in the path leading to the LP.

Phishing information

Phishing URL: http://all.celerybook.eu/GLImymailio...nications-giOS
----

As with prof, when I click my link it goes to the correct place...

Might indeed be something up with TJ

---

Update:
At TrafficJunky, we use an external verification tool.
This makes it more secure for our publishers.
Of course this only makes sense if we abide by what the external tool tells us.

I have been going through everything again with prof and internally.
We still haven't found any reason why this is happening.

I just sent an email to the ad monitoring tool challenging the flag.

I'll comment as soon as we have an answer from them.

---

Thanks for your proactive support TJ.

Here's what I go back from TJ support:

"We strongly suggest to get in touch with your affiliate program, maybe they can provide you with an entirely different URL, because even if it doesn’t happen each and every time you click it, as long as we are getting alerts about the links, we cannot allow the ad to run."

My aff network is A4D - speaking to them about it too

---

@trafficjunky - can you ask your malware detection tool to forward you the exact URL and IP that they're being sent to? That would help Prof and others determine exactly where it thinks the traffic is being sent.

@prof - I can't recall the answer to this, apologies - have you contacted Voluum support about this issue too? Sounds like there might be a redirection bug going on.

---

Well this is interesting.

I don't know the circumstances of your case but the link that caused all these problems for me was also from A4D.

Not an isolated case then for sure. They obviously have offers in their generic rotations which are problematic.

They have given me the problematic URL but not the IP. I'm not running that URL anymore which is why it's been strange there's still a redirect to it and their external verification tool people are now getting involved.

I have also just heard of a Voluum problem but my initial understanding right now is it affects Double Meta Refreshes which I'm not using. That also wouldn't explain I think why nobody can replicate what the bot is seeing.

I got in touch with Voluum actually earlier in the day and they are also monitoring this thread so if they think there's involvement (and pending the result of TJs investigations) I'm sure they'll pipe up!

---

The links were sent (see screenshot at the end of page 1 of this thread)
prof is pretty sure that it is no longer on his server, so we escalated this to the ad monitoring tool.

Fingers crossed.

Anton

---

I have see the page on the screen shot a few times, trying to follow preview links from one of my networks. I will try to replicate when I'm back to my desktop. It might be based on user agent string or something similar(java/flash version).

---

Not much to add here, just congrats to TJ for being so responsive and trying to solve the issue.

---

Just heard back from the external tool, they will investigate this on Sunday (their office is closed tomorrow).
I'll post an update as soon as I hear back from them.

Anton

---

My a4d aff manager got back to me.

The thread:

Aff manager:

"Sandip,

We reached out to the Advertiser and the [offer] link should be good to go now. Everything is working fine now, go ahead run traffic to the offer and let me know if you have any other issues.

Thanks"

Me:

"OK thanks. So did you detect a fault?"

Aff manager:

"Yes, it looks like it may have been the Advertiser, you should be all good to run now."

---

Yeah sometimes it comes from the bottom line. I figure I waste 10-15% of my time each week to fix or find bugs from either the publisher, the tracking, the traffic source or my servers.

---

Hi guys,
Just heard back from the external monitoring tool:

--------
The cause was indeed cache - "lp click optimization". We copied the LP information from similar ad instead of clicking on the ad.
We updated the code to prevent copying malware info. If the LP is marked as malware, it will be crawled again.
--------

prof's account will be unfrozen right away and his pending ads approved so his campaign delivery can resume today.

Thank you all for your words of encouragement to both prof and us, I'm happy we had this sorted .

---

Happy it worked out for you guys. Awesome support TJ.

---

Ouch.. And suddenly it all makes perfect sense.

Thank you for helping during your out of office hours to get this sorted and I'm pleased come the end of this that there is a definitive resolution which will help ensure other advertisers don't share similar frustrations.

As I mentioned before privately one of the biggest problems with a scenario like this is not only making sense of the problem yourself but actually relaying that information in a way that can be interpreted by a support desk. I can pretty confidently say that if it had been 75% of other traffic sources out there that I'd had this problem then this saga could have continued for a lot lot longer.

To any networks reading this I'd really urge that you routinely monitor your geo/generic redirects. The cost of attempting to monetize that stray click from India or wherever has cost $xxxx between myself and the networks I was running through. This is an exceptional circumstance but also one that has been beyond my control.

I've got a lot of catching up to do. A few days off the ball can mean a lot in this business. But for those of you enjoying riding those long-term placements in my absence... HELLO! I'M BACK!

---

Damn I'm late to this. I knew what the issue was second I saw that img.

I prefer to disable the networks geo-redirects and do it myself using YTZ directly + Voluum's redirect rules. And then ask them to disable downloads and things like entry-alerts if need be on the link.

---

Home > Paid Traffic Sources > Adult Traffic (NSFW)