Thanks for the reply! This isn't very clear to me. I actually opened the link in a new tab with Firefox for Android, had Firefox ask me for permission to access my camera and mike(?), denied those and closed the tab as I read pascalmemories' comment i.e. I never actually saw the content, so "you would have to download the app they spammed with vibrates" doesn't mean anything to me. Perhaps that's a good thing? :)
I've turned off the phone for now, and it's not 6.0, rather it's 6.x (up to date with August 2016 patches IIRC), not sure if that makes a difference. I'm mostly worried about the malware being a drive-by download/infection.
I was browsing in Chrome with a brand new phone which thankfully did not have anything on it. Despite clearing all the app data (which normally cleans out browse-by if it's just annoying page javascript in my experience) the damn vibrate, play noises and throw multiple pop-ups just kept on coming and would not let me close them.
I had to resort to a factory wipe to clean it; it was not a great deal since it was a phone I'd literally today just taken out the box, but if it had been something I had data on and used for a while, it would have been a serious PITA.
I suspect the ad network malware pumper saw the visit spike and decided the traffic volume warranted an exploit delivery instead of their usual junk ad content.
So, if I start my phone and browse normally, and don't see, hear, or feel any popups, noises, or vibrations, I'm good? And perhaps I should clear out my Firefox app data? I shut it down because you mentioned root and malware, and if the malware can root a device, it probably can hide itself pretty well and make it impossible to get it out.
I've turned off the phone for now, and it's not 6.0, rather it's 6.x (up to date with August 2016 patches IIRC), not sure if that makes a difference. I'm mostly worried about the malware being a drive-by download/infection.