Forum rules
Under no circumstances is spamming or advertising of any kind allowed. Do not post any abusive, obscene, vulgar, slanderous, hateful, threatening, sexually-orientated or any other material that may violate others security. Profanity or any kind of insolent behavior to other members (regardless of rank) will not be tolerated. Remember, what you don’t find offensive can be offensive to other members. Please treat each other with the kind of reverence you’d expect from other members.
Failure to comply with any of the above will result in users being banned without notice. If any further details are needed, contact: “The team” using the link at the bottom of the forum page. Thank you.

cdeOS
Posts: 7
Joined: Thu Jan 20, 2022 12:04 pm

MOVED FROM: We have been HACKED

Fri Jan 21, 2022 2:11 pm

Hi @oss,
Any news about optyruntchan.com still presents on https://www.opensubtitles.org/en/search/subs when not authenticated?

cdeOS
Posts: 7
Joined: Thu Jan 20, 2022 12:04 pm

Re: OpenSubtitles redirects to in-page-push.com

Fri Jan 21, 2022 4:52 pm

I'm reopening this thread because I'm quite sure your website is still infected by some malicious script. in-page-push.com is just replaced by optyruntchan.com, which is malicious according to many website. The malicious script is currently disabled and only print "console.log('0x49013')" but it can be enabled again and only for targeted people.

The call to https://cdn.pushmaster-cdn.xyz/ seems malicious too.
Please post that in: viewtopic.php?f=1&t=17548
I'm not getting anything like that on my system. For now try incognito mode/private window and see if that helps.
Especially on another browser. Firstly clear your OS cookies/cache and reload page.
If not, then post in above linked topic. Don't think anyone's going to respond to debug info in here. This not the topic for it.
I thought the thread talking about the August 2021 database hack was appropriate to talk about a malicious script added to the website in August 2021...

I got the malicious script in private mode and with curl (on my workstation and on a remote server). Have you tried without being authenticated to the site, as I explained in my initial message?
$> curl 'www.opensubtitles.org/en/search/subs' | grep optyruntchan

<REDACTED>try{(document.body||document.documentElement).appendChild(s)}catch(e){}})('optyruntchan.com',3519719, <REDACTED>

cdeOS
Posts: 7
Joined: Thu Jan 20, 2022 12:04 pm

Re: OpenSubtitles redirects to in-page-push.com

Fri Jan 21, 2022 7:43 pm

My bad, the suspicious scripts were added before August 2021. If we look at the site on the Wayback Machine (web.archive.org), we can see:

January 2, 2020 (https://web.archive.org/web/20200102121 ... earch/subs), the site looks clean. There's just a weird block of scripts:

Image

January 5, 2020 (https://web.archive.org/web/20200105231 ... earch/subs), the script block is modified and a call to http://dc5k8fg5ioc8s.cloudfront.net appears:

Image

http://dc5k8fg5ioc8s.cloudfront.net is rated as malicious (Threat Score: 86/100) :

https://hybrid-analysis.com/sample/c6d9 ... 03564cf132
https://hybrid-analysis.com/sample/c6d9 ... 537025b985

6 security vendors flagged this domain as malicious:
https://www.virustotal.com/gui/domain/d ... dfront.net

September 4, 2020 (https://web.archive.org/web/20200904131 ... earch/subs), the script block is cleaned to have only:

Image

But inpagepush.com appears:

Image

8 security vendors flagged this domain as malicious:
https://www.virustotal.com/gui/domain/inpagepush.com

In October 2020 (https://web.archive.org/web/20201004110 ... earch/subs), inpagepush.com is replaced by in-page-push.com.

Image

7 security vendors flagged this domain as malicious:
https://www.virustotal.com/gui/domain/in-page-push.com
In-page-push.com is a malicious site that displays fake error messages to trick you into subscribing to its browser notifications.
On August 4, 2021, @RadicallyHip writes this thread to warn about his antivirus detecting a problem with in-page-push.com presents on the opensubtitles website. The Wayback Machine confirms the presence of this domain: https://web.archive.org/web/20210804105 ... earch/subs

On August 12, 2021, @oss announces that the problem is fixed. Indeed, on August 14, in-page-push.com is replaced by optyruntchan.com: https://web.archive.org/web/20210814033 ... earch/subs

8 security vendors flagged this domain as malicious:
https://www.virustotal.com/gui/domain/optyruntchan.com
Optyruntchan.com is a site that tries to trick you into subscribing to its browser notifications so that it can send notification spam directly to your desktop or phone.
Optyruntchan.com is a browser redirect malware that is owned and operated by cyber crooks and is being utilized to serve malicious advertisements. This kind of unwelcome website can control browser application if associated adware is installed. While most Optyruntchan.com redirect instances are caused by adware, some users may bump into this website when they visit hacked sites and web pages dedicated to Optyruntchan.com.It is annoying to experience the redirects and some victims consider it as virus attack.

My questions are simple: is it just a very very bad choice of advertising services, or has the site been hacked? does @oss know about all this, and if so, why didn't he just answer me "it's our advertising system, we are not hacked" when he read my previous message, or in this topic in August?

I'm not here to accuse anyone of using a bad ad service, I just want to make sure your system hasn't been hacked in years.

Thank you.
Last edited by cdeOS on Fri Jan 21, 2022 10:34 pm, edited 1 time in total.

cdeOS
Posts: 7
Joined: Thu Jan 20, 2022 12:04 pm

Re: OpenSubtitles redirects to in-page-push.com

Fri Jan 21, 2022 7:48 pm

Just to be clear: if all this is known by the webmasters of this site, then no problem, we are good!
On the other hand, if that doesn't tell them anything, you have to worry and start thinking that these ads have been added by a hacker.
Last edited by cdeOS on Fri Jan 21, 2022 8:18 pm, edited 1 time in total.

User avatar
oss
Site Admin
Posts: 5879
Joined: Sat Feb 25, 2006 11:26 pm
Contact: Website

Re: OpenSubtitles redirects to in-page-push.com

Sat Jan 22, 2022 11:50 am

thanks for this. I didnt know, thanks a lot for this, updating site. It is very hard to get normal advertiser, probably not possible for our site.

User avatar
scooby007
Site Admin
Posts: 837
Joined: Thu Mar 05, 2009 10:49 pm
Location: Scandalous

Re: OpenSubtitles redirects to in-page-push.com

Sat Jan 22, 2022 1:36 pm

My questions are simple: is it just a very very bad choice of advertising services, or has the site been hacked? does @oss know about all this, and if so, why didn't he just answer me "it's our advertising system, we are not hacked" when he read my previous message, or in this topic in August?

I'm not here to accuse anyone of using a bad ad service, I just want to make sure your system hasn't been hacked in years.

Thank you.
Sorry, as I didn't explain fully in the other topic when I redirected you here (lack of time and avoiding writing essays). I thought saying "it's off topic" would be good enough.

Yes, you're right, nothing to worry about and it's NOT an issue since August. It's a "very very bad choice of advertising services."
There is another topic about this in the forum somewhere where it was fully investigated before.
Strange thing about it is it only shows itself randomly to some people. I've personally never seen or come across it.

Leave it with oss and report back here when it disappears.

Cheers
Nowadays a VPN is a must for everyone. A VPN allows you safe surfing and protects you against spying governments and companies who collect your data. Click below image for more details and reduce your online digital footprint.

Image

Return to “General talk”

Who is online

Users browsing this forum: Google [Bot] and 37 guests