Q: mobfree.click re-direct- do I have malware?

A full reset of all settings and content DIDN'T resolve the issue. I chose to setup as a new phone with default apps and settings only. I didn't connect to wifi and only used cellular data and the redirect occurred straight away. After this, I went to the sites in question and did recieve the redirect on several occasions.

From this, now that I've ruled apps/settings out and network related issues such as DNS/profiles out, I think the only remaining culprit is the websites themselves. The 2 websites in question that give me issues are http://consequenceofsound.net/ and http://questionablecontent.net/ and both seem to have banner ads. I am thinking that perhaps both sites have a particular malicious banner ad that loads with some java script that includes a redirect to mobfree.click when iOS is detected. This is supported by the fact that the redirect doens't happen every time and that pretty much all other causes have been ruled out.

I do wonder that perhaps I've visited a website that has caused a particular malicious ad to follow me around several sites, which would also support why some users receive this issue more often then others.

I'm now in the process of restoring my iPhone to it's previous state as there isn't much else I can think to test.

I'm not sure I'm following your comment...

As mentioned in the earlier posts, clearing history/website data and even a full reset of the phone didn't resolve this issue. I suspect this is some kind of redirect javascript being loaded by ads on a few websites that redirect the page to a spam site. I have already confirmed the redirect also occurred in Chrome on iOS, so I'd be fairly confident that it would also occur on HTC and LG so moving away from an iPhone isn't going to solve this one...

This happened on my 5s and a couple days ago I Got a brand new iPhone 6s+ and I still have the issue. Someone please come up with something to stop this disgusting annoyance

Contact the system administrator of the site where you are running into it. Or turn off javascript.

I Spent three hours on the phone with AppleCare. We tried everything to get rid of this redirect

and ended up doing a factory reset and set up as new phone. We are in the process of downloading my items from Icloud one at a time to locate the malwares hiding place.

m

The "malware" hiding place is in javascript in whatever website you picked it up at. It is not in one of your apps. Did you try what several people here have suggested?

Hello! I had this exact same problem and finally just called apple support. They had me do a refresh by pressing the home and lock button at the same time for ten seconds. You can release as soon as the apple sign appears. This does not erase any of your information or apps. It is what is done when the phone freezes. This is the only thing that worked! Give it a shot and see if it works for you too.

I installed ad block plus for iOS and it appeared to resolve my issue. This seems to confirm that it is indeed a malicious ad that injects a javascript page redirects when it detects mobile devices. (it also confirms that resetting your phone or removing profiles will not resolve this issue as it is server side.)

You can download Ad Block Plus for iOS here.

https://itunes.apple.com/app/adblock-plus-abp/id1028871868

I would however recommend contacting the owner of any websites that give you this issue so they can raise it with the ad provider and have the malicious ads removed.

it first happened when I was surfing around random websites(cant remember, p0rn maybe?) on my iPad.  The very next time I used my iPhone, it happened on there too.  What was strange was that it was happening on mainstream websites that I frequent(I don't surf anything crazy on the phone) so I decided to clear the history on both devices and also reset the wireless router. Problem gone.

I know absolutely nothing about computers, so please forgive me.  The following may make no sense at all.

Hypothesis (guesses)

1. Apple has its own sub-network that all Apple devices talk on? This was somehow corrupted with some kind of a redirect for Apple devices.

2. The DNS at the router level was compromised.  Forcing redirects.

THe the one thing that I'm fairly certain about is that it can spread between Apple devices on a local network.

iPad os 9.2

iPhone 5s os 9.2

U-Verse wireless router

No, it happens on all devices and no Apple does not have a sub-network that all devices talk on. I have had this occur twice on Sports Illustrated's website so it is not limited to iffy sites. It is a javascript browser hijack. If you can ascertain where you picked it up from be kind enough to notify the site admin, otherwise move on and follow the steps you took. If you have continuity set up on your devices you may have opened the same website on your iPhone that was on your iPad.

You misunderstood me.  I don't actually have the issue anymore and I was not saying it was limited to iffy sites,  but those are the sites where it seems one can contract the "bug".  If you read my post I clearly state that it started on my iPad, then "jumped" to my phone, a device that is NEVER used for iffy sites.  Yes, it was an iffy site on my iPad(probably sports streaming, I don't actually watch p0rn, that was just an attempt to be funny) but, immediately after this first occurred, when I used my iPhone to go to yahoo.com, I was redirected to the mobfree site.  In your case, I would bet you $1000 the SI.com site is fine and you picked it up somewhere else. Or maybe someone else in your household was surfing iffy sites. Once the bug is active, it can spread and can also occur on almost any website.

I am here cause my friend asked me about it yesterday.  It only happened to me once and has not happened since.  I am not looking how to fix my devices, they are fine, only trying to get to the bottom of this.

Maybe it has something to do with javascript, but there is certainly more to it as it can spread on a network.

And yes Apple does have a type of sub-network or network configuration protocol, it's called AppleTalk, Bonjour, or whatever they call it now.  Apple devices use it to talk to each other.  I bring it up, as well as my wireless router, and a possible DNS hijacking, cause this can definitely spread between devices.

Also, many people on here have done a full reset of their device and it still happens, which tells me the bug is still resident somewhere in their environment outside of the device that has been reset.

I'm assuming you found information about the specifics of the mobfree.click javascript hacking from another location.  If you would please direct me to the information so I can educate myself further.  Thank you!

Apple quit supporting AppleTalk in 2009 and did switch to Bonjour. Bonjour is not only for Macs it can run on other OS's and is for quickly identifying devices and setting up networks. It is not a sub-network.

You should also read this: Use Continuity to connect your iPhone, iPad, iPod touch, and Mac - Apple Support

No, I specifically picked up the hijack from the si.com site. There is no one else in the household and the hijack is not specific to "iffy" websites. Others have picked it up from other reputable sites.

http://www.macissues.com/2015/03/24/how-to-overcome-safari-hijacked-by-a-javascr ipt-warning/

ive been have the same issues took down from reading yall post it seem to have something to do with the JavaScript in the ads on different websites because I don't go to Walmart website and I always seem to get this mobclick mess 1st on mocospace website real heavily then it just start on tagged website  but once I did this     so far the best way to fix it is downloading a ad blocker for the App Store preferably one with a whitelist feature I've not had the issue I hope this really helps

TThe same thing is happening to me on my IPad Air On www.zerohedge.com.  I blocked the web site in settings and at least I can just back arrow to get back to my article.  Apple was a stalwart for years in blocking the hackers and malware and bugs but I think those days are over.  I just hope they develop some effective software to beat these crooks.

As has been said before this is a javascript hijack and affects any device that runs javascript. Apple does not control javascript.