It appears to originate from https://whjre.com/v2/click
The full url I was redirected through is https://whjre.com/v2/click-B4p4G-KzV5r-PDdND-29b15744?tl=1&sa=3CeljYTWLUoJI0WPmXAf3ROdBG5R5V&sa2=S98SlTGSNTqghh05&smc3=251654
Which appeared when i was trying to load a financial site I frequently use and is perfectly legitimate.
I have not installed any add-ons, and it started about a month ago, i first dismissed as a one off, but then realised it seems a little odd to be attaching itself to the suggested popups - it seems to use the pretence that a user will be lazy and click the first thing that appears when they type in a frequented site.
I have cleared cache, cookies, even done a complete wipe of the browser itself, I've signed out of opera and signed back in...
It still attaches itself within a few hours / days of use.
I'm reasonably technically minded on internet gibberish, but this is baffling me on how to resolve and I have resorted to manually blocking redirects to that domain. But it will presumably use another at some point and catch me out.
Happy to be emailed by developers for further info, love the browser and have never previously had an issue.
This is occurring on OperaGX for me, but I am aware of instances where this is a more broad browser issue. See: https://www.reddit.com/r/brave_browser/comments/1dd8g1v/issues_with_redirects_to_tatrackcom_in_brave/
In that thread, they are suggesting it is caused by a set of malware embedded extensions, but as I say, I have none, other than Opera default extensions which I would doubt are infected since I haven't updated them in the last month, in order to get any infected script.
It seems the extensions are adding a background.js script which runs and hijacks certain types of url's to forward them through a proxy.
