I've looked through the network inspector on redirects like these and it's actually pretty interesting. Usually they start with a parked domain on a service like Sedo, or other ad services like PropellerAds, then you're redirected through sites that buy (potentially low quality) traffic, detect bots, and resell the now bot-free traffic for more than they bought it for. One company that does this is Intango. (They own forwrdnow.com, clksite.com, mybetterdl.com, 7proof.com, etc) The adware extensions and tech support scams and Capital One Shopping then buy that traffic and do their thing.
It’s crazy how Capital One Shopping fits into that sentence so nicely. The first time I got a Capital One popunder I googled for minutes in shock that it was actually Capital One and not a scam using their brand without permission.
