Seems a consortium of fake ad companies has been built up, cultivating relationships with legitimate ad platforms, and then carefully inserting forced redirects in a proportion of the ads they serve, to trick unwitting viewers into installing malware on their machines. Various checks are first applied, to try to ensure that the machines being redirected don’t happen to be run by security researchers, for example. Each member of the consortium is activated for serving this malware in turn; then when it is exposed, it is abandoned and the operators move on to the next one. <https://arstechnica.com/information-technology/2018/01/malvertising-factory-with-28-fake-agencies-delivered-1-billion-ads-in-2017/>