You are here

Phishing-like URLs on PAc's News Pages

5 posts / 0 new
Last post
MiK
Offline
Last seen: 2 days 2 hours ago
Joined: 2008-08-14 18:25
Phishing-like URLs on PAc's News Pages

Today, on at least three different occasions, when navigating News pages, I've encountered this phishing-like behavior, where addresses where changed as shown below.

Recorded URLs:

http:// >>

portableapps.com/news/2008-07-06_-_klerykalny.pl_portable_2.4.1?page=1

portableapps.com/news/2010-02-25_-_uprzykrzony.pl_portable_3.2?page=1

portableapps.com/news/2008-07-06_-_umiarkowany.pl_portable_2.4.1?page=1
portableapps.com/news/2008-07-06_-_umiarkowany.pl_portable_2.4.1?page=4

portableapps.com/news/2008-12-18_-_wzbronienie.pl_portable_3.0

portableapps.com/news/2008-07-06_-_http%3A//www.vermiycem.com/_portable_2.4.1?page=1
portableapps.com/news/2008-07-06_-_http%3A//www.vermiycem.com/_portable_2.4.1?page=3
portableapps.com/news/2008-07-06_-_http%3A//www.vermiycem.com/_portable_2.4.1?page=4

portableapps.com/news/2008-12-18_-_treatingmesothelioma.net_portable_3.0?page=4

My system appears to be clean - scanned with Malwarebytes Anti-Malware, quick scan, plus major components.

Noticed this behavior in two different browsers - Firefox PE, and Pale Moon PE.

Otherwise, functionality of the portableapps.com/news/ pages is not affected.

I've checked one of the above pl domains, using Nirsoft's DomainHostingView:

Domain report for klerykalny.pl

Summary Information

Domain is registered with dns.pl
Domain is registered to premium.pl Sp. z o.o.
Web site is hosted by Hetzner Online AG, Germany
Mail Server is hosted by Hetzner Online AG, Germany
Domain Name Server (DNS) is hosted by Hetzner Online AG, Germany
Domain was created on 2016.12.14 Wed
Domain was last updated on 2015.02.04 Wed
Domain expires on 2017.12.14 Thu
Web server string: Apache
FTP server string: 220 ProFTPD 1.3.4d Server ready.

So, is anyone else experiencing this or is it just me?

If it's not something malevolent, could it be just a misbehaving ads injector?

Added by edit:
This new captcha barrier is not anti-robot but anti-human, really.

John T. Haller
John T. Haller's picture
Online
Last seen: 17 min 14 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
No Such Links

There are no such links within our pages themselves. There could be something on your system or network. Or an extension in your browser.

What specific web page are you on when you notice a link like this? Can you give me a specific news story where you see this (there are 10s of thousands of news pages).

Sometimes, the impossible can become possible, if you're awesome!

MiK
Offline
Last seen: 2 days 2 hours ago
Joined: 2008-08-14 18:25
To clarify ...

To clarify, it's not the news pages themselves but the pages navigation links at the bottom:

https://portableapps.com/news?page=1
https://portableapps.com/news?page=2
etc.

But it does not happen every time. Whatever it is, on my system or not, could be even for some time, since, normally, I don't have a need for those pages navigation links, and only discovered this today after the latest updates dump.

I'll need to check my PC more, plus one of another user's who connects to my modem-router, in a bridged mode, only for a short time, once a day, thus I didn't think of checking it as well.

John T. Haller
John T. Haller's picture
Online
Last seen: 17 min 14 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Extensions?

Do you use any specific extensions or plugins across both browsers? Do you use an ad blocker?

Sometimes, the impossible can become possible, if you're awesome!

MiK
Offline
Last seen: 2 days 2 hours ago
Joined: 2008-08-14 18:25
Across both browsers ...

Across both browsers, I use the following:

Plugins: Shockwave Flash 25.0.0.127

Extensions: Double Click Closes Tab, Grab and Drag, Restartless Restart, Right Links, Toolbar Button Page Bottom-Top, UnMHT, and Zoom Page.

And, in Pale Moon, I don't use anything else than listed above - it's not my primary browser, yet.

Adblockers are different: Adblock Latitude in Pale Moon, and Adblock Edge in Firefox.

Plus, here is the latest link, I got it just before logging in:
portableapps.com/news/2008-12-18_-_https%3A//www.nyxcable.com/product/twisted-pair/_portable_3.0?page=1

In the meantime, I've had also a couple more of the pl series.

Log in or register to post comments