How does this redirect work and how can I avoid it?

  • 🇵🇦 Nuestro primer dominio localizado está en español en kiwifarms.pa. Our first localized domain is on Spanish on kiwifarms.pa.
  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
Destacado
Hentai-Semitism

Hentai-Semitism

Shoot videos horizontally, you dunce.
kiwifarms.net
Registrado
16 de Abr, 2025
I've experienced this with a few torrent description pages on 1337x.to and I can't figure out what's going on.

Go here, click the "files" tab and scroll down. It instantly loads a site called Film Companion.

fc.jpg


I can't find the URL in source view and it isn't in any of the .js files as far as I can tell. Maybe I missed something, I dunno. Network log (F12) doesn't tell me much, but I'm not knowledgeable about networking.

I'm on Win 10, Firefox 140 with lots of add-ons and ViolentMonkey scripts, and a VPN.

P.S. One of the thread suggestions that popped up when I was typing the thread title was "How do I avoid cumming in my pants at a Hatsune Miku concert?"
 
Tried it with Brave, no redirect. What browser you using and are you sure you don't have malicious plugins etc

Edit: sorry didn't read properly, tried in firefox, no redirect. I assume its a bad addon or violentmonkey script
 
Install an adblocker nigga, I just tested it with and without my adblocker running and it only happens without. The reason you can't find that specific URL in the javascript is because it's most likely taking you to a different URL when you click the file tab and then redirecting you there.
 
Hentai-Semitism dijo:
I'm on Win 10, Firefox 140 with lots of add-ons and ViolentMonkey scripts, and a VPN.
Presiona para expandir...
Post your addons list so we can see what you have. If you've got a lot, then it seems reasonable to assume that you've got ublock origin, which should mitigate the problem. Addons will often be disabled when you are in a private/incognito browsing window if you didn't give them permissions upon install, so check that too. Other than that, I can only imagine that it's some sort of addon conflict allowing javascript ad redirects to resolve.

Alternatively, if you'd like to troubleshoot a bit, try installing a browser like brave or librewolf, which I believe manage this sort of bullshit out of the box. See if you can reproduce the problem, and if not, then it's probably your browser/addon setup.
 
My guess is ippg.js, its contents are obfuscated and it is included in adblock lists including for example Brave and Easylist. Though loading the page with adblock disabled on Brave did not cause a redirect for me.
 
sum ting wong dijo:
Install an adblocker nigga, I just tested it with and without my adbloc
Presiona para expandir...
BunsAkimbo dijo:
Post your addons list so we can see what you have. If you've got a lot, then it seems reasonable to assume that you've got ublock origin, which should mitigate the problem.
Presiona para expandir...
I've been using uBlock Origin since the dawn of time. I found the culprit by disabling add-ons one by one and reloading the site every time. It was Google Redirects Fixer & Tracking Remover.

Thanks for the replies. I keep forgetting that what I did is the best way to troubleshoot these kinds of problems. 💀 💀 💀
 
Just one more thing. I took a closer look at the add-on. Other than signatures, manifest etc., the only thing this worth mentioning is http-interceptor.js in background folder (content below). How does it conjure up the Film Companion site when interacting with 1337x.to pages?

const GOOGLE_REGEXP = /http(s)?:\/\/((www|encrypted|news|images)\.)?google\.(.*?)\/url\?/;
const GOOGLE_IMGRES_REGEXP = /http(s)?:\/\/(.*?\.)?google\.(.*?)\/imgres\?/;
const GOOGLE_PLUS_REGEXP = /http(s)?:\/\/plus.url.google.com\/url\?/;

function isValidURI(url) {
try {
new URL(url);
return true;
} catch (err) {
return false;
}
}

function logURL(requestDetails) {
const url = requestDetails.url;
let isSearchResult = GOOGLE_REGEXP.test(url);
let isImageSearchResult = GOOGLE_IMGRES_REGEXP.test(url);
let isGooglePlusRedirect = GOOGLE_PLUS_REGEXP.test(url);
let aggresiveWithImageUrls = true; // TODO

if (isSearchResult || (isImageSearchResult && aggresiveWithImageUrls) || isGooglePlusRedirect) {
console.log("Canceling: " + requestDetails.url);

// get the query string part of the url
let position = url.indexOf("?") + 1;
let qs = url.slice(position);
let parsed_qs = new URLSearchParams(qs);

let to_url;

if (isSearchResult || isGooglePlusRedirect) {
if (parsed_qs.has("q")) {
// On custom embedded searches Google uses q params instead of url
// See for instance: http://www.google.com/cse/publicurl?cx=005900015654567331363:65whwnpnkim
if (isValidURI(parsed_qs.get("q"))) {
to_url = parsed_qs.get("q");
}
}

if (parsed_qs.has("url")) {
if (isValidURI(parsed_qs.get("url"))) {
to_url = parsed_qs.get("url");
}
}
} else {
// isImageSearchResult is true
console.log("Image!");
if (parsed_qs.has("imgurl")) {
if (isValidURI(parsed_qs.get("imgurl"))) {
to_url = parsed_qs.get("imgurl");
}
}
}

console.log("Opening: " + to_url);

browser.tabs.update(requestDetails.tabId, {url: to_url});
return {cancel: true};
}

}

browser.webRequest.onBeforeRequest.addListener(
logURL,
{
urls: ["<all_urls>"]
},
["blocking"]
);
Presiona para expandir...
 
Destacado
Debes iniciar sesión o registrarte para responder aquí.
Atrás
Top Abajo