X
Tap here to go to the mobile version of the site.
Scheduled maintenance: Monday, March 30, between 3:30pm and 5:30pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

Support Forum

Some links being hijacked when clicked from DuckDuckGo search results, pop up appears "Congratulations device user! "

Posted

The full text of the pop-up is "Some links being hijacked, pop up "Congratulations device user! You are selected by our sponsor to be among the first few persons to win a Galaxy S10 or other"

The URL starts http://sweeps7668.bunnyvhyk7.live/4368084763/ and takes me to some false Survey about Google. This has happened a couple of times now with different websites. The link I clicked thsi time ( from DuckDuckGo search ) is https://www.topgadgetreviews.co.uk/finish-line-ceramic-wet-lubricant-120ml-bottle-review/ and after about 5 to 10 minutes when I click the link it is OK.

The full hijack link is as follows:

http://sweeps7668.bunnyvhyk7.live/7473237783/?utm_campaign=QPF8euu28II5lw7O2iHhCugVqK5RzfdNsTpLaMM91qY1&t=main9_143c3be8f9c3026d0802410a6e756e26fe6b&f=1&fp=Gd01tvRj7I3hp%2BtzBojF2df6dT2XPxwD3PBBik14iO6NEXxo2WZWGJn1mjKhbos3iparC0Cv57B5mkVoBG938KaII12RCB7g4YVnIl9W1WaR3L5J8ZTIVTbaIT65FzZzFh23zvjxCDsvkzugJFc%2FH%2FG2XEYkBU4Xi0xr6qdPjaf4HbWAwVB2cbrYGyDHLizpEkcuIjdlbyXjB5YTrWXDtpUlhDW3KgiTiUMT1qoC36SRh0XGua3WaLIJjGKBj%2FD1o2LW0OAFfoxBcfMcLL0%2BN6fb8DerOYIwsT4HhE8jZvHi4S2zPaBpkd7DjLJe6FUaTq%2FKtW7U3hFvZTlHFaNq96LRYZrsVUUzA58ahXs7e%2FeJHZBNR%2B2beJt%2BCi4x3t6UgcYnlB4NGmFDBdarzOdn9JYfXO0QgHTf6ogROTBtABZH5Sw7bDmncOXSt4hUHAJ54cC%2Ffvi7M8iVvsutu9ah7phnlAScs7S%2BpBPn0PP2kvAogB19R94UBz0r2R%2BVvhEkA6lV6VuY00ObvH6QdMVE3z1gs9EXI%2BKd1oVePD4cOVCdA7XlHg0Eoe%2BC4FMCkpSI0V6Pk0QVnk1yID5IMqZAZapLm9txeAiLHMhoGZPaLPNpMqVPMaTDVKBRmpFpjLRySFviZzqLyz15MdzEMcoqPDMrJ2X9j3GVsmFlkJB2%2FOzLw6TS0a3Pv6SDYeZjSaFUxjcaAwpDQiEQ1FJHxhoBdWPJyKIBmamJYZtbhHaYi8MXslHeHGTl1yYapyYtahezKVqE0PJF5eME6P%2BgAwfAxuMqbG54rTLPeE28gsk5SoGFm5bhKaIiDiWBCZyx58jHI9Atb%2BS8rX0mdhi14gZTOlZf%2FgwfoalXTJ5qlTIIbKl22bnFNpeCV3XibJtOthb6kgST%2FY4o32yurDZoKHFUWTRoBv3IJL5BjRF9lSaObC9x66B97IH2eW9wd%2F28wpilc6xmO9MRFJumhiXTNr8IhCSwLnRabV%2Fae%2F4GvKrckk26WJIpVaFQ3gvP1rsBDbBnNNXedKZw%2FOLmgnqjLE53Ud0khhDTXYdSCorTPbadqGPJ4h3KQbtZoPZ0JaBmwmPFOOPti2Cv2LYFuNctIzz9VKrMn5hQlY2j3lgvl1hGNAIKPycDpSZF%2F5SOaP2bLrwJLZKdO79WXWv38bW0q%2FyF5iADvyKJKnTOa7NZwPXgok5qVfslRl%2BSMLsOnJNE0I%2Ftywasy94ELGBTpnHi0gIZ4QCzfT3gqweNhnON7b5eA7sc6QAEqivlb86wTvW25U0qvQWVTeheGRyQygzsTM34PZ7UMaiLqtTG5Q4EpXZ9u1%2F%2FSXZtuqsNg0mS375BUOTEW8IsxqHw89SZL1PpTlSF03TJKCM1VyuCYOhmRq5bFlWZxeRBAHlXm2dQnrQpuWqm

The full text of the pop-up is "Some links being hijacked, pop up "Congratulations device user! You are selected by our sponsor to be among the first few persons to win a Galaxy S10 or other" The URL starts http://sweeps7668.bunnyvhyk7.live/4368084763/ and takes me to some false Survey about Google. This has happened a couple of times now with different websites. The link I clicked thsi time ( from DuckDuckGo search ) is https://www.topgadgetreviews.co.uk/finish-line-ceramic-wet-lubricant-120ml-bottle-review/ and after about 5 to 10 minutes when I click the link it is OK. The full hijack link is as follows: http://sweeps7668.bunnyvhyk7.live/7473237783/?utm_campaign=QPF8euu28II5lw7O2iHhCugVqK5RzfdNsTpLaMM91qY1&t=main9_143c3be8f9c3026d0802410a6e756e26fe6b&f=1&fp=Gd01tvRj7I3hp%2BtzBojF2df6dT2XPxwD3PBBik14iO6NEXxo2WZWGJn1mjKhbos3iparC0Cv57B5mkVoBG938KaII12RCB7g4YVnIl9W1WaR3L5J8ZTIVTbaIT65FzZzFh23zvjxCDsvkzugJFc%2FH%2FG2XEYkBU4Xi0xr6qdPjaf4HbWAwVB2cbrYGyDHLizpEkcuIjdlbyXjB5YTrWXDtpUlhDW3KgiTiUMT1qoC36SRh0XGua3WaLIJjGKBj%2FD1o2LW0OAFfoxBcfMcLL0%2BN6fb8DerOYIwsT4HhE8jZvHi4S2zPaBpkd7DjLJe6FUaTq%2FKtW7U3hFvZTlHFaNq96LRYZrsVUUzA58ahXs7e%2FeJHZBNR%2B2beJt%2BCi4x3t6UgcYnlB4NGmFDBdarzOdn9JYfXO0QgHTf6ogROTBtABZH5Sw7bDmncOXSt4hUHAJ54cC%2Ffvi7M8iVvsutu9ah7phnlAScs7S%2BpBPn0PP2kvAogB19R94UBz0r2R%2BVvhEkA6lV6VuY00ObvH6QdMVE3z1gs9EXI%2BKd1oVePD4cOVCdA7XlHg0Eoe%2BC4FMCkpSI0V6Pk0QVnk1yID5IMqZAZapLm9txeAiLHMhoGZPaLPNpMqVPMaTDVKBRmpFpjLRySFviZzqLyz15MdzEMcoqPDMrJ2X9j3GVsmFlkJB2%2FOzLw6TS0a3Pv6SDYeZjSaFUxjcaAwpDQiEQ1FJHxhoBdWPJyKIBmamJYZtbhHaYi8MXslHeHGTl1yYapyYtahezKVqE0PJF5eME6P%2BgAwfAxuMqbG54rTLPeE28gsk5SoGFm5bhKaIiDiWBCZyx58jHI9Atb%2BS8rX0mdhi14gZTOlZf%2FgwfoalXTJ5qlTIIbKl22bnFNpeCV3XibJtOthb6kgST%2FY4o32yurDZoKHFUWTRoBv3IJL5BjRF9lSaObC9x66B97IH2eW9wd%2F28wpilc6xmO9MRFJumhiXTNr8IhCSwLnRabV%2Fae%2F4GvKrckk26WJIpVaFQ3gvP1rsBDbBnNNXedKZw%2FOLmgnqjLE53Ud0khhDTXYdSCorTPbadqGPJ4h3KQbtZoPZ0JaBmwmPFOOPti2Cv2LYFuNctIzz9VKrMn5hQlY2j3lgvl1hGNAIKPycDpSZF%2F5SOaP2bLrwJLZKdO79WXWv38bW0q%2FyF5iADvyKJKnTOa7NZwPXgok5qVfslRl%2BSMLsOnJNE0I%2Ftywasy94ELGBTpnHi0gIZ4QCzfT3gqweNhnON7b5eA7sc6QAEqivlb86wTvW25U0qvQWVTeheGRyQygzsTM34PZ7UMaiLqtTG5Q4EpXZ9u1%2F%2FSXZtuqsNg0mS375BUOTEW8IsxqHw89SZL1PpTlSF03TJKCM1VyuCYOhmRq5bFlWZxeRBAHlXm2dQnrQpuWqm
Quote

Additional System Details

Installed Plug-ins

  • Shockwave Flash 32.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0

More Information

Standard8 39 solutions 217 answers

You should check your computer for malware - it is likely there's something that has accidentally been installed that is causing this.

MalwareBytes seems to be a popular one.

You should check your computer for malware - it is likely there's something that has accidentally been installed that is causing this. MalwareBytes seems to be a popular one.
Was this helpful to you? 0
Quote

Question owner

I have run malware scans, it isn't my computer that is hijacked, it is the link. It might be your problem but you have a better chance of finding the source of the problem and notifying the affected sites.

I have run malware scans, it isn't my computer that is hijacked, it is the link. It might be your problem but you have a better chance of finding the source of the problem and notifying the affected sites.
Was this helpful to you?
Quote
McCoy
  • Top 10 Contributor
625 solutions 5995 answers

Chosen Solution

Standard8 is right. See : https://malwaretips.com/blogs/remove-dear-user-congratulations/ And also [https://www.google.nl/search?authuser=1&sxsrf=ALeKk02rMDNDyCBc5LqeGVMDTBsN5nOocQ%3A1584973171276&ei=c8V4XqW2EI2dsAf9_I-4DQ&q=Congratulations+device+user!+You+are+selected+by+our+sponsor+to+be+among+the+first+few+persons+to+win+a+Galaxy+S10+or+other&oq=Congratulations+device+user!+You+are+selected+by+our+sponsor+to+be+among+the+first+few+persons+to+win+a+Galaxy+S10+or+other&gs_l=psy-ab.3..0i71l8.8062.10454..11504...0.2..0.0.0.......3....1..gws-wiz.7myCgsWLHgY&ved=0ahUKEwjlu-iW5bDoAhWNDuwKHX3-A9cQ4dUDCAo&uact=5 see these search results]
Was this helpful to you? 1
Quote

Question owner

OK thanks, Bitdefender didn't spot it.

OK thanks, Bitdefender didn't spot it.
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.