Recently I have observed strange behaviour. At certain times, on certain web pages, if I click anywhere in the page a tab/popup opens with ads.
First I thought some Chrome extension might be doing it. Then I observed the same behaviour once or twice in the iPhone Safari browser, connected to the same WiFi network.
I couldn't figure out what might be the source of this malware.
Following is the screenshot of such an adware. I am one of the developers of this site and there is no code which pops up this ad! I have also observed the same adware on the https://underscorejs.org/ website few months ago.
EDIT 10 Aug 2018:
I found a few more details. I observed chrome dev tools that some special cookies are being set which tracks of add details.
Here are cookies details
Name: GL_GI2
Content: eJw9i80KgkAYRafRLI2CC75GhiG67mcjymx8AJn0Q4bEGdRFvn2Z0e6ew7mMMe574MpgH4ZJcI6SIIyDKIbVkAZPBZyeGqU78OyC3bLLSteEdSqOH2dXapywyWT%2FlK2EO%2BMSeHPw05YaDOxrIXK4HY3lYIhquDf5aOl0L3Ic%2FvZ7dlbYqqE0vX5NDnsDnrkt2g%3D%3D
Domain: decademical.com
Expire: 2018-08-11T10:54:54.734Z
Name: GL_UI
Content: eJw9jb1ugzAYRYkJhDYK0pV4AB4hiesGxqpz1aFLN%2FSB7YQW%2BCLb%2FXv7Wh263HuGI50kSUS1RfpBCvWpsaRlK4%2BtHqy06mibZuhJ3Slr5EG1uBl9F6ifTFgj6x0teodsZm2mHTa94y9vXJVivdBskD9eHMfPZnpjB3F%2FijguEVd7CPZVWuYonmion1%2Fq17KAOOzL27gS2%2BtEwbKbu1HnAtnZkTZYPaAYKJgzux9stPHvga8AT7r79%2F%2FKKftv5Np8jkPMc7gY9wvOET7Q
Domain: decademical.com
Name: glx_pp_6922_201813106
Content: {"unload_time":1533898446,"loaded_time":1533898494,"click_num":1,"last_fired_time":1533898502,"last_fired_click_num":1,"pop_count":1}
Domain: actual server
On second ad run
{"unload_time":1533898845,"loaded_time":1533898494,"click_num":2,"last_fired_time":1533898811,"last_fired_click_num":2,"pop_count":2}