i think this might have been done purposely to deceive in to thinking gox is coming back.
Yes, though this thread has been entertaining, this is not what I'm seeing for HTML source.
In all seriousness, there's a fair chance your web requests are being redirected by malware or a malicious DNS server if you're not seeing that. What are you seeing? It has the SSL certification icon when you connect? (my troll hat's genuinely off)
Haha! You caused me to have a good freak out there, but I've figured out what's going on.
The first clue was that this was only happening to me in Chrome. (I have Chrome in super locked down mode with cookies and javascript disabled by default)
This is what I was seeing:
<html><head><title>MtGox.com loading</title></head><body><p>Please wait...</p><script>function xdec(data){var o="[bunch of random text]=";var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,dec="",tmp_arr=[];if(!data){return data}data+='';do{h1=o.indexOf(data.charAt(i++));h2=o.indexOf(data.charAt(i++));h3=o.indexOf(data.charAt(i++));h4=o.indexOf(data.charAt(i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){tmp_arr[ac++]=String.fromCharCode(o1)}else if(h4==64){tmp_arr[ac++]=String.fromCharCode(o1,o2)}else{tmp_arr[ac++]=String.fromCharCode(o1,o2,o3)}}while(i<data.length);dec=tmp_arr.join('');return dec};document.cookie=xdec('[More Random Text]').replace(String.fromCharCode(0),'').split('').reverse().join(''); location.href='/';</script></body></html>
So you see, they set a cookie before refreshing the page.
End panic mode.
Seriously though, thanks for the heads up. Everything checks out SSL and DNS-wise.
Correct me if I'm wrong, but DNS attacks couldn't actually forge data under SSL, could they?
(Unless of course Gox's server keys were compromised)
