Unusual adgear.com references in wordpress site

Today I was running my site through the GT Metrix page scanner when I saw some unusual references under the “Leverage Browser Caching” section. I didn’t have any adverts running, so to see acs.adgear.com in there was worrying. I have Wordfence installed and this wasn’t picking anything unusual up. The actual files reported by GT Metrix are:

  • https://h5.adgear.com/v1/js/html5.min.js (expiration not specified)
  • http://m.addthisedge.com/live/boost?pub=ra-57fe984808dcc05c&callback=_ate.track.config_resp (1 minute)
  • https://acs.adgear.com/clients/telus/4399/Peacock160x600_Internet_50/txt2.svg (8 minutes 45 seconds)
  • https://acs.adgear.com/clients/telus/4399/Peacock160x600_Internet_50/script.js (8 minutes 48 seconds)
  • https://acs.adgear.com/clients/telus/4399/Peacock160x600_Internet_50/logo.svg (9 minutes 24 seconds)
  • https://acs.adgear.com/clients/telus/4399/Peacock160x600_Internet_50/style.css (20 minutes 54 seconds)
  • https://acs.adgear.com/clients/telus/4399/Peacock160x600_Internet_50/legal.svg (40 minutes 29 seconds)
  • https://acs.adgear.com/clients/telus/4399/Peacock160x600_Internet_50/peacock.jpg (41 minutes 50 seconds)
  • https://acs.adgear.com/clients/telus/4399/Peacock160x600_Internet_50/txt1.svg (53 minutes 38 seconds)
  • https://acs.adgear.com/clients/telus/4399/Peacock160x600_Internet_50/cta.svg (55 minutes 7 seconds)
  • https://i.r1-cdn.net/static/css/r1oba.min.css (2 hours)
  • https://i.r1-cdn.net/static/img/ach-bg-clr.png (2 hours)
  • https://i.r1-cdn.net/static/img/ach-ico-small.png (2 hours)
  • https://i.r1-cdn.net/static/js/obac.js (2 hours)

gtmetrix-weird-javascript-and-css-references

Even after I disabled all my plugins it was still there. I changed my theme, re-ran GT Metrix and the adcode had vanished!! Result. However when I ran it again, it reappeared. It seems there’s some malicious code somewhere which when the site is called it would inject again.

What causes adgear.com references?

After HOURS of testing – I am 96% sure I found the solution. It’s the google adsense code which is on the page. When I removed the ads, the code vanished and the PageSpeed score was back up! (I know, there’s still a few things to improve on!)

gtmetrix-fixed

I have run GT Metrix several times after removing the adverts and it’s always coming back clean. What’s weird is that the adsense code seems to inject the Peacock reference several times. Not sure what that is, so I will keep digging.

Leave a Reply

Be the First to Comment!

Notify of
avatar
wpDiscuz