Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

DU Community Help

justaprogressive

(6,971 posts) Sun Jan 11, 2026, 11:47 AM Jan 2026

0

Whois: eoperfops12.qcloudteo.com

Suspicious attempts at connection to, on multiple DU pages.

Doesn't act like an advertiser. TIA

11 replies

= new reply since forum marked as read

Highlight:

Whois: eoperfops12.qcloudteo.com (Original Post) justaprogressive Jan 2026 OP

Do you have any of their posts? surfered Jan 2026 #1

Sorry these are not associated with a user justaprogressive Jan 2026 #2

Send a screenshot if you see it again surfered Jan 2026 #3

here ya go justaprogressive Jan 2026 #4

Brave.exe belongs to the brave browser sboatcar Jan 2026 #6

No the pages are linking to that website! justaprogressive Jan 2026 #8

Ahhh gotcha sboatcar Jan 2026 #9

DNS lookup says its registered in china, names redacted sboatcar Jan 2026 #5

yeah like I said ODD! justaprogressive Jan 2026 #7

Send DU email to EarlG surfered Jan 2026 #11

Here's one theory surfered Jan 2026 #10

surfered

(13,690 posts)

1. Do you have any of their posts?

Reply to justaprogressive (Original post)

Sun Jan 11, 2026, 12:02 PM

Jan 2026

justaprogressive

(6,971 posts)

2. Sorry these are not associated with a user

Reply to surfered (Reply #1)

Sun Jan 11, 2026, 12:17 PM

Jan 2026

it's on the pages themselves.

A whois tells me VERY little about this ip address...

surfered

(13,690 posts)

3. Send a screenshot if you see it again

Reply to justaprogressive (Reply #2)

Sun Jan 11, 2026, 12:43 PM

Jan 2026

justaprogressive

(6,971 posts)

4. here ya go

Reply to surfered (Reply #3)

Sun Jan 11, 2026, 12:49 PM

Jan 2026

To be clear this ONLY happens on DU PAGES.

sboatcar

(853 posts)

6. Brave.exe belongs to the brave browser

Reply to justaprogressive (Reply #4)

Sun Jan 11, 2026, 01:17 PM

Jan 2026

I've also seen brave.exe spoofed as other things, but it looks like someone is trying to do some kind of an exploit from a brave browser coming from that IP address (I'll provide it if you'd like it, but I'd rather not post in here)

justaprogressive

(6,971 posts)

8. No the pages are linking to that website!

Reply to sboatcar (Reply #6)

Sun Jan 11, 2026, 01:54 PM

Jan 2026

I'm using Brave. The page is trying to direct the browser to connect to this suspect website.

sboatcar

(853 posts)

9. Ahhh gotcha

Reply to justaprogressive (Reply #8)

Sun Jan 11, 2026, 01:54 PM

Jan 2026

Likely its one of the ads.

sboatcar

(853 posts)

5. DNS lookup says its registered in china, names redacted

Reply to justaprogressive (Original post)

Sun Jan 11, 2026, 01:16 PM

Jan 2026

The IP address geolocates to Brazil. Odd.

justaprogressive

(6,971 posts)

7. yeah like I said ODD!

Reply to sboatcar (Reply #5)

Sun Jan 11, 2026, 01:52 PM

Jan 2026

Who do I contact in Admin to report this?

surfered

(13,690 posts)

11. Send DU email to EarlG

Reply to justaprogressive (Reply #7)

Sun Jan 11, 2026, 04:35 PM

Jan 2026

surfered

(13,690 posts)

10. Here's one theory

Reply to justaprogressive (Original post)

Sun Jan 11, 2026, 04:32 PM

Jan 2026

1. Perhaps it's an embedded gif from a non secure server...
Ie: http vs https at the beginning of the embedded image URL

Reply to this discussion

Latest Discussions»Help & Search»DU Community Help»Whois: eoperfops12.qcloud...