r.srvtrck.com removal? Linux

[P38Usul]

I am using Firefox 68.0.1 (64-bit) on Kubuntu 18.04

On a few book marks that I go to (not all and really not many) I get a redirect when I click on the bookmark.
It does a countdown and then goes to the correct address.
Looking around on the net I guess this is a piece of malware that wants to take you to a place with a bunch of pop up ads. It has NOT been successful at doing this so far, just the countdown part.
There seems to be a few remedies for windows and apple OSs but nothing I can find for Kubuntu/linux.

Is this something that resides in Firefox or is it a OS curse?
How can I get rid of it?

I was able to make a copy of the complete address for the redirect if that is helpful.
Thank you
G

[Grumpus]

You can try blocking the IP range in your firewall. You'll nedd to determine whether the first connect is coming from you or the errant IP.
You can also use your "hosts.deny" file by adding the IP and the Url.
You can Place the url in NoScript.
There are a number of hits from 34.x.x.x and also 35.x.x.x which are less than desirable which are working under cover of Amazon's cloud system.
Unfortunately Amazon does not identify the true source, providing only their identity.

The url you posted comes up under the auspice of but appears off of the Amazon Cloud
Source TTL Address Type Record Type1 Resolution
r.srvtrck.com. 300 IN CNAME click-srvtrck.eu-west-1.elasticbeanstalk.com.
click-srvtrck.eu-west-1.elasticbeanstalk.com. 60 IN A 34.242.20.202
click-srvtrck.eu-west-1.elasticbeanstalk.com. 60 IN A 34.247.62.129
eu-west-1.elasticbeanstalk.com. 57947 IN NS ns-402.awsdns-50.com.
eu-west-1.elasticbeanstalk.com. 57947 IN NS ns-1100.awsdns-09.org.
eu-west-1.elasticbeanstalk.com. 57947 IN NS ns-1693.awsdns-19.co.uk.
eu-west-1.elasticbeanstalk.com. 57947 IN NS ns-778.awsdns-33.net.

[Brummelchen]

not firefox but adware extensions could cause this. please post about:support (text, not raw)

[dickvl]

How did you create these bookmarks?

Pages might include GET data in the URL and pages that were requested by sending POST data can also have side effects if you bookmark such a page.

[therube]

I was able to make a copy of the complete address for the redirect if that is helpful.

Is that the URL you have bookmarked?
If so post it.
If not, post the URL of your bookmark.

[P38Usul]

This is where it took me and did the countdown.

http:// r.srvtrck .com/v2/ go?ai=4ea3cc71e931b9e233fdd8af&t=4t8p7%2Fewfw2t6qehde0c9mfcbi4k2738760301024336v-d5s0080670603%3F4i1%3D70309030-8133b83-7c2la%2F4o4.cc8l5kd.fwf%2F6%3A9teh&u=https%3A%2F%2Fwww.fedex.com%2Fapps%2Ffedextrack%2F%3Ftracknumbers%3D61290100124343325494%26locale%3Den_US&w=4&s=http%3A%2F%2Fcashalot.org%2Fredir%2F1psCRK08VNEo5NGWxhCU4h3O307MFojBpT7yXvODUjUptUN2x0nhYZpqlLMbAlMRo8dA1bQ2GgZo5We1M7
XQBjZwQD1C5BZkgnGMjulbbGyffbg5SOFi1x1nJHyXvUIz76dRrAveBkThnDdkSzhcRPMNdBPpQAliPgt9qwfPMcMrAoSOJ9zW5I9cAhWBe
OKIYw5Vin3Ihc6CHrsqbfgthTf2Xo2UfAr59q9YpmO6S7Trylu6_tUiDG5pWAbyradH-lxqWb6E4dqLBpUuIAP2z5AlId6XRPonUU_WNwPeLswayd77GLEeIUkdPWpIONH1gABNE4weLyejDh_RAhCjW2TFeX3gHYFdXen
Hd1AUVB9d6LqxZCf8xm6mJRfab6OzVak-5FWL3Jcgfwe7M3slQIYm8G60u54ksgauQIi9nLl7sGzJygNILBIdIp--eLTuEyOQzMQQfQVTtOHt-nFfqTcn9R-u4gNFi_wW6Oy8DhMjRcVpnu11Rp_gZ0G-

It was supposed to be going to a FedEx tracking number. After the countdown it did go to the FedEx site with the correct tracking number.
I got the above location by double clicking the address bar and then hitting <Ctrl C> very quickly while it was doing the countdown.

Although I pasted the entire address above, it has reduced it down to the link you see. The actual address was 8 lines long

[malliz]

So you posted a possible dangerous live link to an open forum?

[P38Usul]

Thanks LIMPET235 for fixing that.

[therube]

r.srvtrck.com looks to be malware related.

Still not clear "how" you're getting that link; from a bookmark, from a link on a page somewhere, or is just being "interactively" generated when you click an otherwise "OK" link?

In any case, assuming it's malware, you need to start your investigations on that end.

Are other browsers similarly affected?
Does the issue persist if you restart FF in Safe Mode?