"usnc" file auto-downloading from forum

[IronWing]

With each page load, I'm seeing a file called uscn downloading (using Chrome). The file contents are:

<img src="//sync.c1exchange.com/sync/user?k=ffuid&v= a number&pid=p17&s= session number %3D" width="1" height="1" style="visibility:hidden;display:none"/>
where red indicates a number I removed in the example.

 

[Malogeek]

I just got this on my phone as well. Usnc file download.

 

[Rifter]

Im getting them too, i think im done with the fourms, now they are actively trying to hack us? lol

 

[ElFenix]

and just as suddenly, it's stopped doing it.

 

[Ranulf]

I got the same thing about an hour ago, running Firefox.

 

[jsimenhoff]

Hey everyone, thanks for reporting this. That file is a cookie. I'm checking with our web development team to see if there is any cause for alarm, but my gut reaction is that this is just your standard cookie.

 

[jsimenhoff]

Are you all still having these errors?

 

[IronWing]

Not today.

 

[Ranulf]

No errors since yesterday afternoon. Forum was back to normal about an hour after I noticed it.

 

[sandorski]

4 times now opening threads, including starting this thread, I have gotten a Popup Save To for the file "USNC". "which is: application/octet-stream.....from: https//cs.ffbtas.com"

update: It is happening everytime I open a thread on Anandtech now.

 

[Ancalagon44]

Getting this issue too. Malware? Mods please investigate.

 

[Crono]

It's some type of video file being served by an ad that your browser doesn't know how to open.

EDIT: disabled AdAway/uBlock Origin to see it, I think it's coming from the CFP Professionals banner ad at the top. Poorly implemented ad, don't think it's malware.

EDIT #2: Not sure it's that specific ad, but it's coming from an ad. 0 byte file download with no extension.

 

[Runamok81]

This is happening again. Anandtech homepage. What is this usnc file download?

 

[Ancalagon44]

Still happening everywhere across the entire site.

 

[Dyxade Pendragon]

Still happening everywhere across the entire site.

No need to be alarmed. It appears it's a broken advertisement - a kind of harmless cookie that, if things were set up correctly on the advertisement's site, wouldn't exist as a "download" for your downloads folder. Think about the advertisement videos that randomly play in random sites - this USNC file is the product of a broken ad video. Harmless. In fact, this is not the only forum site that this is happening with. Other sites, like XDA, or some sites that have this will give this to you. The site in question belongs down below:
http://whois.domaintools.com/ffbtas.com

 

[Dyxade Pendragon]

To help with your case, as stated in another thread, I'll inform you a bit more clearly. As Crono said, it is a product of a broken "ad video" that the advertiser's broken link gives to your computer - made by Feature Forward. It's practically harmless and any more information is down below:
http://whois.domaintools.com/ffbtas.com

 

[allisolm]

I notified CommManagerJ that this problem has resurfaced. Hopefully the Purch guys can make it go away.

 

[sandorski]

I notified CommManagerJ that this problem has resurfaced. Hopefully the Purch guys can make it go away.

Gone for me now.