whenever I inspect any page from any website with my google chrome, I get this script in the page header always:
<script type="text/javascript" src="//js.ktwt.ru/main_en.js?guid=340fbe57eb2704a03d7e55d47615754e0c00e51f&s=%5B%22youtube%22%2C%22noads%22%2C%22lang_en%22%2C%22youtube_downloader_ext%22%5D" charset="utf8"></script>
and this Iframe in the body:
<iframe src="//s.ktbt.ru/t.html?d=www.google.com&preload=%5B%22youtube%22%2C%22noads%22%2C%22lang_en%22%2C%22youtube_downloader_ext%22%5D" scrolling="no" style="width: 1px; height: 1px; margin: 0px; padding: 0px; overflow: hidden; display: none;"></iframe>
I'm just curious to know if this is a malware or might affect my PC, I don't see any of the above when View Page Source.
My Bitdefender and Malwarebytes are not detecting anything wrong.
Do you have an Idea? I am sure something ending with .ru is not authentic!
::UPDATE:: -<ktbt.ru>- ::SOLVED:: (shortened explanation Uninstall HISTORY TRENDS UNLIMTED)
READ on to learn what this is all about!
[SUBJECT: ktbt.ru, js.ktbt.ru, s.ktbt.ru]
Picture explains a bit to the investigation multiple photos combined!
I've got this bazaar cookie that i can't get rid of. FUnny statement! Most of you generally would have a clue what i'm talking about! LOL
Simple location to remove the extention
%USERDATA%\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pnmchffiealhkdloeffcdnbgdnedheme_0
or simply remove from within chrome! Like in the picture provided
No seriously though i have a residing cookie from this Russian site. i recommend not clicking the link im only posting for informational sharing and gathering to see if like minded folk have similar problem or even a solution
If i had Linux i would just use grep!
grep -iR "js.ktwt.ru"
grep -iR "s.ktwt.ru"
grep -iR ".ktwt.ru"
THis is being blocked now by my router and parental controls and website/DNS Blocking
js.ktbt.ru/main_en.js?guid=A5A5a2b3b77efi2d2b13994227a8cb24G934258ea17dcc&s=%5B%22noads%22%2C%22lang_en%22%2C%22voice_input%22%2C%22v_fb%22%5D
Look at the GUID that bothers me!
I did insert bogus random digits into the GID seemed to much like a violation and collection and personal identifier which would say something to someone that created it in there hands! to the average and mostly all lamaans or Neanderthal Like myself! =-)
cookies always trying to checking here
s.ktbt.ru
js.ktbt.ru
[*.]ktbt.ru
frustrating though im pretty silly smart when it comes to reversing data! This has proven to be a bugger!
Justin Cram (DyingJedi) solution with image & Link back address
https://plus.google.com/109698160122468898362/posts/5VAG6oyLVX2
#Chrome #chromeextension #ktbt.ru #s.ktbt.ru #js.ktbt.ru #cookies #chrome bug #History Trends Unlimited
#pnmchffiealhkdloeffcdnbgdnedheme #%USERDATA%\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pnmchffiealhkdloeffcdnbgdnedheme_0
Please share or plus one if you found this helpful!
HI5
DJ
https://lh5.googleusercontent.com/-OGUIu0gXg3s/UkO_kw5Cv6I/AAAAAAAAuxc/y2xkRhap8rQ/w1578-h691-no/KTBT.ru_SOLVED_Found_culprit+to+my+crappy+chrome+running+terrible+always+trying+to+get+to+ktbt.ru.png
After two weeks of :
Internet investigations about AdsOffers, OfferWizard
Hard drive scanning ... none of the antivirus have detected something bad !?!
-> almost nothing to get rid of that invasive attack on web scouting.
SOLUCE :
I have simply used AdBlock extension of Chrome browser.
I had a look at the "show the resource list" of your attacked webpage. You can then detect some suspicious URL traffic.
Then :
I went to the AdBlock Options
Added to my filter list :
||js.ktbt.ru
||jso.donediv.net
||pub.adk2.co
for more info, how to add filter url https://adblockplus.org/en/filters
Things looks more under control, now !!!
Problem solved.
Related
I'm using Whatsapp Click-to-chat functionality, without a phone number. It previously worked but with the new Chrome version 76.0.3809.132, both on iOS and Android is not working anymore. On Android, it's showing a Toast with Couldn't open link. Tried contacting Whatsapp Support but no answer as of yet. With the latest update their own documentation example is not working, link to docs. Any suggestions or experiences?
Link example:
<a target="_blank" href="https://wa.me/?text=Villa%20stone%20road%20piece%2015%20meters%20from%20the%20asphalt%20street" title="Share on WhatsApp">
Error picture Imgur: picture
A table with my tested devices and versions on Imgur
If you use https://api.whatsapp.com/send instead of https://wa.me/ you don't need to specify a phone number.
e.g
https://api.whatsapp.com/send?text=Your%20Custom%20Text
It seems that chrome does not accept click to chat without a number specified. Once there's a number in the URL it works just fine.
Unfortunately I did not find a hack to get around it. Neither of this worked:
https://wa.me//?text=Hello%20World
https://wa.me/0/?text=Hello%20World
only if a proper number is specified it will open WhatsApp, but has the recipient already pre selected (the number we provide).
I tested it for a client about 2 weeks ago, when it still worked. So the last update of Chrome (from Aug 26) seems to be the problem...
The best is to use the custom url scheme format. Universal links do not work well with native clients
whatsapp://send/?phone=&text&source&data
It will work without phone number also.
My issue on a recent breaking-change: Universal links stopped working
There was a great blog post about the issue, however it is already outdated and proposes a php specific solution (nevertheless might gives you a good idea, how to think about the problem)
const text = "Hello..."
const phoneNumber = "23400000000000"
Linking.openURL(`whatsapp://send?text=${text}&phone=${phoneNumber}`)
First: Official Whatsapp Sharing Documentation. One of the following URLs is recommended for WEB use...
https://api.whatsapp.com/send?text=YourShareTextHere
https://api.whatsapp.com/send?text=YourShareTextHere&phone=123
And these for MOBILE use...
whatsapp://send?text=YourShareTextHere
whatsapp://send?text=YourShareTextHere&phone=123
If you are interested in watching a project that keeps track of these URLs, then check us out!: https://github.com/bradvin/social-share-urls#whatsapp
I've got a product that embeds into websites similarly to Paypal (customers add my button to their website, users click on this button and once the service is complete I redirect them back to the original website).
I'd like to demo my technology to customers without actually modifying their live website. To that end, is it possible to configure http://stackoverflow.myserver.com/ so it mirrors http://www.stackoverflow.com/ while seamlessly injecting my button?
Meaning, I want to demo the experience of using my button on the live website without actually re-hosting the customer's database on my server.
I know there are security concerns here, so feel free to mention them so long as we meet the requirements. I do not need to demo this for website that uses HTTPS.
More specifically, I would like to demonstrate the idea of financial bounties on Stackoverflow questions by injecting a Paypal button into the page. How would I demo this off http://stackoverflow.myserver.com/ without modifying https://stackoverflow.com/?
REQUEST TO REOPEN: I have reworded the question to be more specific per your request. If you still believe it is too broad, please help me understand your reasoning by posting a comment below.
UPDATE: I posted a follow-up challenge at How to rewrite URLs referenced by Javascript code?
UPDATE2: I discarded the idea of bookmarklets and Greasemonkey because they require customer-side installation/modification. We need to make the process as seamless as possible, otherwise many of get turned off by the process and won't let us pitch.
I would suggest to create a proxy using a HTTP handler.
In the ProcessRequest you can do a HttpWebRequest to get the content on the other side, alter it and return the adjusted html to the browser. You can rewrite the urls inside to allow the loading of images, etc from the original source.
public void ProcessRequest(HttpContext context)
{
// get the content using HttpWebRequest
string html = ...
// alter it
// write back the adjusted html
context.Response.Write(html);
}
If you're demoing on the client-side and looking to just hack it in quickly, you could pull it off with some jQuery. I slapped the button after the SO logo just for a demo. You could type this into your console:
$('head').append('<script src="https://www.paypalobjects.com/js/external/dg.js" type="text/javascript"></script>')
$('#hlogo').append('<form action="https://www.sandbox.paypal.com/webapps/adaptivepayment/flow/pay" target="PPDGFrame" class="standard"><label for="buy">Buy Now:</label><input type="image" id="submitBtn" value="Pay with PayPal" src="https://www.paypalobjects.com/en_US/i/btn/btn_paynowCC_LG.gif"><input id="type" type="hidden" name="expType" value="light"><input id="paykey" type="hidden" name="paykey" value="insert_pay_key">')
var embeddedPPFlow = new PAYPAL.apps.DGFlow({trigger: 'submitBtn'});
Now, I'm not sure if I did something wrong or not because I got this error on the last part:
Expected 'none' or URL but found 'alpha('. Error in parsing value for 'filter'. Declaration dropped.
But at any rate if you are demoing you could just do this, maybe as a plan B. (You could also write a userscript for this so you don't have to open the console, I guess?)
After playing with this for a very long time I ended up doing the following:
Rewrite the HTML and JS files on the fly. All other resources are hosted by the original website.
For HTML files, inject a <base> tag, pointing to the website being redirected. This will cause the browser to automatically redirect relative links (in the HTML file, CSS files, and even Flash!) to the original website.
For the JS files, apply a regular expression to patch specific sections of code that point to the wrote URL. I load up the redirected page in a browser, look for broken links, and figure out which section of JS needs to be patched to correct the problem.
This sounds a lot harder than it actually is. On average, patching each page takes less than 5 minutes of work.
The big discovery was the <base> tag! It corrected the vast majority of links on my behalf.
I have a difficult problem: I always get a Nullpointer exception on my webpace, when I
rapidly click on the same link. Or when I reload the page rapidly.
This is the error I get:
java.lang.NullPointerException
com.ibm.xsp.webapp.FacesServlet.acquireSyncToken(FacesServlet.java:285)
com.ibm.xsp.webapp.FacesServletEx.serviceView(FacesServletEx.java:161)
com.ibm.xsp.webapp.FacesServlet.service(FacesServlet.java:160)
com.ibm.xsp.webapp.FacesServletEx.service(FacesServletEx.java:138)
com.ibm.xsp.webapp.DesignerFacesServlet.service(DesignerFacesServlet.java:103)
com.ibm.designer.runtime.domino.adapter.ComponentModule.invokeServlet(ComponentModule.java:576)
com.ibm.domino.xsp.module.nsf.NSFComponentModule.invokeServlet(NSFComponentModule.java:1281)
com.ibm.designer.runtime.domino.adapter.ComponentModule$AdapterInvoker.invokeServlet(ComponentModule.java:847)
com.ibm.designer.runtime.domino.adapter.ComponentModule$ServletInvoker.doService(ComponentModule.java:796)
com.ibm.designer.runtime.domino.adapter.ComponentModule.doService(ComponentModule.java:565)
com.ibm.domino.xsp.module.nsf.NSFComponentModule.doService(NSFComponentModule.java:1265)
com.ibm.domino.xsp.module.nsf.NSFService.doServiceInternal(NSFService.java:653)
com.ibm.domino.xsp.module.nsf.NSFService.doService(NSFService.java:476)
com.ibm.designer.runtime.domino.adapter.LCDEnvironment.doService(LCDEnvironment.java:341)
com.ibm.designer.runtime.domino.adapter.LCDEnvironment.service(LCDEnvironment.java:297)
com.ibm.domino.xsp.bridge.http.engine.XspCmdManager.service(XspCmdManager.java:272)
Question: Can someone explain in detail what this acquireSyncToken does? Maybe then I can find the bug...
In my XPages I use
sessionScope.get(key) // same with applicationScope
sessionScope.put(key, value) // same with applicationScope
a LOT ;)
I tried very much, e.g. to wrap my lookups within
synchronize(applicationScope){
// lookups and so on...
}
and stuff like that, but that only made it worse, so I removed the synchronize-stuff...
Environment:
Domino Server 8.5.3 FP1
XPages
testing on modern Browsers like FF, Chrome
MacOS / Win7
Architecture:
I have one BIG xPage, where I basically add some CustomControls and due to the current URL embed another XPage.
Inside the CustomControls and XPages I have more Custom Controls and I added some Views as Datasources and did the wildest things with "repeat controls" and SSJS inside Computed Fields.
The heavy-weight DB-Lookups are cached in the applicationScope.
For more Info, please ask!
Thanks in advance!
This is a known issue. IBM advises to downgrade from FP1 or FP2 to 8.5.3 or UP1.
See Dojo xhrGet with sync:false issue with xe:viewJsonLegacyService and Domino 8.5.3 SP1 or http://www-01.ibm.com/support/docview.wss?uid=swg1LO71603
In an attempt to fudge a workaround for the weird "viewers cannot leave comments" issue in google sites*, I wrote the following silly test script:
function addComment(e) {
var currentPage = SitesApp.getActivePage();
var pageHTML = currentPage.getHtmlContent();
var newHTML = pageHTML.replace("BEGIN", "BEGIN "+Session.getActiveUser().getEmail());
currentPage.setHtmlContent(newHTML);
};
When the user presses the button, the current page content should be changed to include the current user's email address right after the word BEGIN (which I manually inserted- if this works I can just stick in a comment tag thingamabob.
This more or less works. The problem is that the setHtmlContent call does all sorts of weird things to the apps script gadget that contains the button in the first place. Here's the gadget before:
<img src="https://www.google.com/chart?chc=sites&cht=d&chdp=sites&chl=%5B%5BGoogle+Apps+Script'%3D20'f%5Cv'a%5C%3D0'10'%3D499'0'dim'%5Cbox1'b%5CF6F6F6'fC%5CF6F6F6'eC%5C0'sk'%5C%5B%22Apps+Script+Gadget%22'%5D'a%5CV%5C%3D12'f%5C%5DV%5Cta%5C%3D10'%3D0'%3D500'%3D197'dim'%5C%3D10'%3D10'%3D500'%3D197'vdim'%5Cbox1'b%5Cva%5CF6F6F6'fC%5CC8C8C8'eC%5C'a%5C%5Do%5CLauto'f%5C&sig=TbGPi2pnqyuhJ_BfSq_CO5U6FOI" data-origsrc="https://sites.google.com/a/macros/kstf.org/s/AKfycbzEsLBQucXCZZJwEh9c3RYhn81uJucvz3R5vHeJ2w/exec" data-type="maestro" data-props="align:left;borderTitle:Apps Script Gadget;height:200;showBorder:false;showBorderTitle:false;" width="500" height="200" style="display:block;text-align:left;margin-right:auto;"></div>
and here it is after:
<img src="https://www.google.com/chart?chc=sites&cht=d&chdp=sites&chl=%5B%5BGoogle+Gadget'%3D20'f%5Cv'a%5C%3D0'10'%3D499'0'dim'%5Cbox1'b%5CF6F6F6'fC%5CF6F6F6'eC%5C0'sk'%5C%5B%22Include+gadget+(iframe)%22'%5D'a%5CV%5C%3D12'f%5C%5DV%5Cta%5C%3D10'%3D0'%3D500'%3D197'dim'%5C%3D10'%3D10'%3D500'%3D197'vdim'%5Cbox1'b%5Cva%5CF6F6F6'fC%5CC8C8C8'eC%5C'a%5C%5Do%5CLauto'f%5C&sig=CvjXRgodwYVKPvmsyZR7EbHx2uM" data-igsrc="http://0.gmodules.com/ig/ifr?mid=0&synd=trogedit&url=http%3A%2F%2Fwww.gstatic.com%2Fsites-gadgets%2Fiframe%2Fiframe.xml&up_iframeURL=%2Fa%2Fmacros%2Fkstf.org%2Fs%2FAKfycbzEsLBQucXCZZJwEh9c3RYhn81uJucvz3R5vHeJ2w%2Fexec%3Fmid%3DACjPJvFOqF88RUUrqDeapp1PHF_lI3Xc3g5Hd3euTifzUYeaILmTTlMfBQ13yI_6%26bc%3Dtransparent%26f%3DArial%2C%2BVerdana%2C%2Bsans-serif%26tc%3D%2523444444%26lc%3D%25230033cc&up_scroll=no&w=100%&h=200" data-type="ggs-gadget" data-props="height:200;igsrc:http#58//0.gmodules.com/ig/ifr?mid=0&synd=trogedit&url=http%3A%2F%2Fwww.gstatic.com%2Fsites-gadgets%2Fiframe%2Fiframe.xml&up_iframeURL=%2Fa%2Fmacros%2Fkstf.org%2Fs%2FAKfycbzEsLBQucXCZZJwEh9c3RYhn81uJucvz3R5vHeJ2w%2Fexec%3Fmid%3DACjPJvFOqF88RUUrqDeapp1PHF_lI3Xc3g5Hd3euTifzUYeaILmTTlMfBQ13yI_6%26bc%3Dtransparent%26f%3DArial%2C%2BVerdana%2C%2Bsans-serif%26tc%3D%2523444444%26lc%3D%25230033cc&up_scroll=no&w=100%&h=200;mid:0;spec:http#58//www.gstatic.com/sites-gadgets/iframe/iframe.xml;up_iframeURL:/a/macros/kstf.org/s/AKfycbzEsLBQucXCZZJwEh9c3RYhn81uJucvz3R5vHeJ2w/exec?mid=ACjPJvFOqF88RUUrqDeapp1PHF_lI3Xc3g5Hd3euTifzUYeaILmTTlMfBQ13yI_6&bc=transparent&f=Arial,+Verdana,+sans-serif&tc=%23444444&lc=%230033cc;up_scroll:no;width:100%;" width="500" height="200" style="display:block;text-align:left;margin-right:auto;" class="igm"></div>
As best as I can tell, the "hey please set this as your HTML" method seems to be doing some chicanery to make certain that the document is properly parsed, but it's getting caught up in a tail-chasing effect of the iframe redirect. If I could hand in some DOM or something similar, this wouldn't be an issue.
Any advice? This was just a kind of exercise to see if I could finesse the visitor comment system anyway, so I'll probably just take another approach.
*: I know about several other ways to handle visitor comments, but this system needs to be able to work on many site pages, for many site authors in an apps domain, without needing complicated setup on the part of the site author. Eventually, I'll use something else (probably a variation on one of the two app engine forum systems I found this morning), but this was a quick stab at an interim solution. Next interim step is to save these data to the site DB and lay out the comments in the gadget itself. Gadget sizing is unsatisfying, however - I'd rather have the comments right in the page instead of in a separate iframe that has its own scroll bars.
First of all, the getEmail() method doesn't work with consumer accounts or when people outside your domain visit the site (unless your script runs as the user accessing the app)
Next, when you change the HTML of a page, it doesn't make the change immediately, but should happen on the next refresh.
Having said that, what you could do is have your script display the comments as well. You can have labels in your script that display previous comments.
I was asked to assist with troubleshooting a problem. Functionality on a site "stopped working" and I was asked to figure out what is wrong. The following is the error:
FrontPage Error.
User: please report details to this site's webmaster.
Webmaster: please see the server's application event log for more details.
On the page I'm seeing the following:
<!--webbot BOT="GeneratedScript" endspan --><form method="POST" action="../_vti_bin/shtml.dll/index.html" name="FrontPage_Form1" onsubmit="return FrontPage_Form1_Validator(this)" language="JavaScript" webbot-action="--WEBBOT-SELF--">
<!--webbot bot="SaveResults" startspan
U-File="/results.csv" S-Format="TEXT/CSV"
S-Label-Fields="FALSE" B-Reverse-Chronology="FALSE" S-Builtin-Fields
S-Form-Fields="TYPE NAME ADDRESS CITY STATE ZIP "
U-Confirmation-Url="confirmation.html" --><input TYPE="hidden" NAME="VTI-GROUP" VALUE="0"><!--webbot
bot="SaveResults" endspan i-checksum="43374" -->
<div align="center">
...
I look at the directory structure and find that even after forcing display of hidden directories/files, _vti_bin is GONE. It's nonexistent. After a little research this leads me to believe that this code is using frontpage extensions, and they have apparently been removed. Does that look accurate?
I'm completely inexperienced with frontpage extensions. Is what this is doing is it's using another file called shtml.dll and calling it on the path /index.html, basically just doing a postback?
I'm looking at the webbot part which seems to be what it's trying to accomplish. Is it merely appending the form results to a CSV and that is all?
I see a few other bits like this but they all refer to validators which I should be able to handle in javascript just fine.
I ended up looking at the server configuration and finding that as far as the server was concerned, frontpage extensions were still installed. I then told it to re-install and in the morning it was working again.