Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

DU Community Help

justaprogressive

(6,378 posts) Sun Jan 11, 2026, 10:47 AM Jan 11

0

Whois: eoperfops12.qcloudteo.com

Suspicious attempts at connection to, on multiple DU pages.

Doesn't act like an advertiser. TIA

11 replies

= new reply since forum marked as read

Highlight:

Whois: eoperfops12.qcloudteo.com (Original Post) justaprogressive Jan 11 OP

Do you have any of their posts? surfered Jan 11 #1

Sorry these are not associated with a user justaprogressive Jan 11 #2

Send a screenshot if you see it again surfered Jan 11 #3

here ya go justaprogressive Jan 11 #4

Brave.exe belongs to the brave browser sboatcar Jan 11 #6

No the pages are linking to that website! justaprogressive Jan 11 #8

Ahhh gotcha sboatcar Jan 11 #9

DNS lookup says its registered in china, names redacted sboatcar Jan 11 #5

yeah like I said ODD! justaprogressive Jan 11 #7

Send DU email to EarlG surfered Jan 11 #11

Here's one theory surfered Jan 11 #10

surfered

(12,018 posts)

1. Do you have any of their posts?

Reply to justaprogressive (Original post)

Sun Jan 11, 2026, 11:02 AM

Jan 11

justaprogressive

(6,378 posts)

2. Sorry these are not associated with a user

Reply to surfered (Reply #1)

Sun Jan 11, 2026, 11:17 AM

Jan 11

it's on the pages themselves.

A whois tells me VERY little about this ip address...

surfered

(12,018 posts)

3. Send a screenshot if you see it again

Reply to justaprogressive (Reply #2)

Sun Jan 11, 2026, 11:43 AM

Jan 11

justaprogressive

(6,378 posts)

4. here ya go

Reply to surfered (Reply #3)

Sun Jan 11, 2026, 11:49 AM

Jan 11

To be clear this ONLY happens on DU PAGES.

sboatcar

(763 posts)

6. Brave.exe belongs to the brave browser

Reply to justaprogressive (Reply #4)

Sun Jan 11, 2026, 12:17 PM

Jan 11

I've also seen brave.exe spoofed as other things, but it looks like someone is trying to do some kind of an exploit from a brave browser coming from that IP address (I'll provide it if you'd like it, but I'd rather not post in here)

justaprogressive

(6,378 posts)

8. No the pages are linking to that website!

Reply to sboatcar (Reply #6)

Sun Jan 11, 2026, 12:54 PM

Jan 11

I'm using Brave. The page is trying to direct the browser to connect to this suspect website.

sboatcar

(763 posts)

9. Ahhh gotcha

Reply to justaprogressive (Reply #8)

Sun Jan 11, 2026, 12:54 PM

Jan 11

Likely its one of the ads.

sboatcar

(763 posts)

5. DNS lookup says its registered in china, names redacted

Reply to justaprogressive (Original post)

Sun Jan 11, 2026, 12:16 PM

Jan 11

The IP address geolocates to Brazil. Odd.

justaprogressive

(6,378 posts)

7. yeah like I said ODD!

Reply to sboatcar (Reply #5)

Sun Jan 11, 2026, 12:52 PM

Jan 11

Who do I contact in Admin to report this?

surfered

(12,018 posts)

11. Send DU email to EarlG

Reply to justaprogressive (Reply #7)

Sun Jan 11, 2026, 03:35 PM

Jan 11

surfered

(12,018 posts)

10. Here's one theory

Reply to justaprogressive (Original post)

Sun Jan 11, 2026, 03:32 PM

Jan 11

1. Perhaps it's an embedded gif from a non secure server...
Ie: http vs https at the beginning of the embedded image URL

Reply to this discussion

Latest Discussions»Help & Search»DU Community Help»Whois: eoperfops12.qcloud...