Today, on at least three different occasions, when navigating News pages, I've encountered this phishing-like behavior, where addresses where changed as shown below.
Recorded URLs:
http:// >>
portableapps.com/news/2008-07-06_-_klerykalny.pl_portable_2.4.1?page=1
portableapps.com/news/2010-02-25_-_uprzykrzony.pl_portable_3.2?page=1
portableapps.com/news/2008-07-06_-_umiarkowany.pl_portable_2.4.1?page=1
portableapps.com/news/2008-07-06_-_umiarkowany.pl_portable_2.4.1?page=4
portableapps.com/news/2008-12-18_-_wzbronienie.pl_portable_3.0
portableapps.com/news/2008-07-06_-_http%3A//www.vermiycem.com/_portable_2.4.1?page=1
portableapps.com/news/2008-07-06_-_http%3A//www.vermiycem.com/_portable_2.4.1?page=3
portableapps.com/news/2008-07-06_-_http%3A//www.vermiycem.com/_portable_2.4.1?page=4
portableapps.com/news/2008-12-18_-_treatingmesothelioma.net_portable_3.0?page=4
My system appears to be clean - scanned with Malwarebytes Anti-Malware, quick scan, plus major components.
Noticed this behavior in two different browsers - Firefox PE, and Pale Moon PE.
Otherwise, functionality of the portableapps.com/news/ pages is not affected.
I've checked one of the above pl domains, using Nirsoft's DomainHostingView:
Domain report for klerykalny.pl
Summary Information
Domain is registered with dns.pl
Domain is registered to premium.pl Sp. z o.o.
Web site is hosted by Hetzner Online AG, Germany
Mail Server is hosted by Hetzner Online AG, Germany
Domain Name Server (DNS) is hosted by Hetzner Online AG, Germany
Domain was created on 2016.12.14 Wed
Domain was last updated on 2015.02.04 Wed
Domain expires on 2017.12.14 Thu
Web server string: Apache
FTP server string: 220 ProFTPD 1.3.4d Server ready.
So, is anyone else experiencing this or is it just me?
If it's not something malevolent, could it be just a misbehaving ads injector?
Added by edit:
This new captcha barrier is not anti-robot but anti-human, really.
There are no such links within our pages themselves. There could be something on your system or network. Or an extension in your browser.
What specific web page are you on when you notice a link like this? Can you give me a specific news story where you see this (there are 10s of thousands of news pages).
Sometimes, the impossible can become possible, if you're awesome!
To clarify, it's not the news pages themselves but the pages navigation links at the bottom:
https://portableapps.com/news?page=1
https://portableapps.com/news?page=2
etc.
But it does not happen every time. Whatever it is, on my system or not, could be even for some time, since, normally, I don't have a need for those pages navigation links, and only discovered this today after the latest updates dump.
I'll need to check my PC more, plus one of another user's who connects to my modem-router, in a bridged mode, only for a short time, once a day, thus I didn't think of checking it as well.
Do you use any specific extensions or plugins across both browsers? Do you use an ad blocker?
Sometimes, the impossible can become possible, if you're awesome!
Across both browsers, I use the following:
Plugins: Shockwave Flash 25.0.0.127
Extensions: Double Click Closes Tab, Grab and Drag, Restartless Restart, Right Links, Toolbar Button Page Bottom-Top, UnMHT, and Zoom Page.
And, in Pale Moon, I don't use anything else than listed above - it's not my primary browser, yet.
Adblockers are different: Adblock Latitude in Pale Moon, and Adblock Edge in Firefox.
Plus, here is the latest link, I got it just before logging in:
portableapps.com/news/2008-12-18_-_https%3A//www.nyxcable.com/product/twisted-pair/_portable_3.0?page=1
In the meantime, I've had also a couple more of the pl series.