Site Issue Announcements

moocher on 14/04/2014 - 20:12
Last edited 15/04/2014 - 09:09

This forum topic will contain announcements from the team about any issues that are occuring for the OzBargain website and/or related services.

Site Discussion

Comments

  • eug on 22/03/2025 - 14:54

    Has anyone experienced malvertising while browsing OzB?
    It has happened to me twice in the past few weeks, only on OzB. Just this morning I clicked on this link in my email notifications, the page loaded normally, then a few seconds later, I got redirected to this page (screen capture).

    Malwarebytes didn't find anything on my system.

    • Moderatorscotty on 22/03/2025 - 14:57

      Yes it has been happening for a few days on our NZ site. We've been in contact of our upstream ad provider. They claimed that they have narrowed down the cause but maybe they haven't…

      • eug on 22/03/2025 - 15:09

        Phew, good to know. If it happens again is there anything users can do to help track it?

        • Moderatorscotty on 22/03/2025 - 15:18

          The URL that you get redirects to, i.e. the web page that contains the payload. Also when you hit Back button it will go back to a different URL (instead of going back to OzBargain). We had seen URLs such as

          hxxps://adspredictiv[dot]com/jump/next.php…
          hxxps://dexchangegenius[dot]com/jump/next.php…

          Both of those .com domains are hosted on CloudFlare, and act as redirection to malware sites. Just google "adspredictiv" or "dexchangegenius" you'll see many pages describing them as malware. We have reported to CloudFlare but unfortunately the actual malwares aren't hosted there (they are only the redirector) so not sufficient evidence to get them taken offline.

          Unfortunately there's not much else we can do. However do report them and comment about it here so we can put more pressure to the upstream to have those purged from the ad network.

          • eug on 22/03/2025 - 15:21

            @scotty: Will do, thanks!

          • eug on 25/03/2025 - 00:14

            @scotty: Just dropping another report, it just happened again. I got redirected to the same mcafee screen, this time at

            hxxps://tnmc6xr71o[dot]sbs/?ldq4j54s=U2FsdGVkX18t7nncPmVD6BHRb3ASR47fCVtJygOmfXdw%2BbFcAEIkFAiZ4Ocpi4YhobEB9YivC3eXfZ7oS8cFYxIg26sU0eWSNHdkP27iBkn3HXjdkYMfgqJXyqsuuOGRaxp3S6Fyhx7XWUJEH3QUTQuBaIv5gkyqzbYfjmKXHjTpsh61SJTKN9N0Of9hoajHVcw1znvdc%2FP1Jzgoqfkia0%2Fhrr3BdAtj1DL6X2aonfUgHDshTcCshxr%2FMXCue0MlYsLZKQeD%2FNi88OrZ1rfhkg%3D%3D

            When I hit back I got redirected twice and I'm quite sure I saw both adspredictiv and dexchange in the address bar, and ended up on an aliexpress page:

            hxxps://best.aliexpress[dot]com/?af=ctm7DaSX3ymm&dp=9635f1b708b011f09a5b9c6b004e89bf5d50cb840d&aff_fcid=b5af40d67aa0476eb7e66cf1c288e978-1742821499105-04037-_DCkzDSx&tt=CPS_NORMAL&aff_fsk=_DCkzDSx&aff_platform=portals-tool&sk=_DCkzDSx&aff_trace_key=b5af40d67aa0476eb7e66cf1c288e978-1742821499105-04037-_DCkzDSx&terminal_id=81b1596defec4af88838274d6c29ef53

      • eug on 22/03/2025 - 15:08
        +1

        These aren't popup notifications, they're page redirects.

Login or Join to leave a comment
Login Join