Solved High Risk website blocked? "Count.IM"

Discussion in 'Website Announcements, Feedback, Issues, & Guides' started by paneubert, Mar 13, 2018.

  1. Hello;

    I have not been on the site for a while, so maybe this was addressed sometime over the past 6-12 months and I missed it. Now that I am back, every time I view a new page, I get a pop-up from Windows letting me know it blocked a high risk website called "Count.IM". Any insight into this? I assume Count.IM is the site for one of the banner ads that backyardchickens allows, but it is sort of concerning (and annoying) that it pops up every single time I click a link, hit the back button, make a post, etc... Happens both at work and at home on different computers, so this isnt some sort of infection of my computer or anything like that. Also only get it on backyardchickens. Nowhere else.
     

  2. Huh....the plot thickens.....Russians! Haha. Are they influencing our chicken choices as well as our presidential elections? But seriously.....what is going on?

    Domain Name: count.im
    Domain Managers
    Name: Dynadot LLC
    Address
    PO Box 345
    San Mateo
    California
    94401
    United States
    Domain Owners / Registrant
    Name: Abbas
    Address
    st.petersburg no 1
    st.petersburg/st.petersburg
    st.petersburg
    3313131
    Russian Federation
    Administrative Contact
    Name: Abbas
    Address
    st.petersburg no 1
    st.petersburg/st.petersburg
    st.petersburg
    3313131
    Russian Federation
    Billing Contact
    Name: Abbas
    Address
    st.petersburg no 1
    st.petersburg/st.petersburg
    st.petersburg
    3313131
    Russian Federation
    Technical Contact
    Name: Abbas
    Address
    st.petersburg no 1
    st.petersburg/st.petersburg
    st.petersburg
    3313131
    Russian Federation
    Domain Details
    Expiry Date: 05/02/2019 00:59:55
    Name Server: may.ns.cloudflare.com.
    Name Server: noah.ns.cloudflare.com.
     
    sourland likes this.
  3. The California folks are a domain name registrar, so that is legit. But the rest is all Russian.
     
  4. PirateGirl

    PirateGirl Chicken Lover, Duck Therapist Premium Member

    3,197
    7,247
    421
    Mar 11, 2017
    South Park, Colorado, USA
    Some days I get weird pop-ups, spam type ads that won't go away and I have to exit the browser, on my IPhone, but never when I use Chrome on a desktop. Hmm.
     

  5. Well the thing is I don't ever get pop-ups or actual ads. It is just a Windows based little notification that it blocked the high risk site. Down where you get your other system notices near the clock, etc.... So it is actually the operating system/Microsoft blocking it. That is actually the most concerning since it means Microsoft has decided that site is bad. Not some third party anti-virus company or Firefox/Chrome, etc..
     
  6. Ah.....so I was slightly mistaken. The notice looks like it is coming right from Windows, but it is actually coming from my enterprise version of Sophos. Sophos uses Windows to deliver its messaging versus using its own software to issue notices, so I had to dig to find the actual information.

    ****************** Sophos Anti-Virus Log - 3/13/2018 3:08:12 PM **************
    20180313 150656 Blocked web request to "count.im" for user "not gonna tell you my real name". 'Mal/HTMLGen-A' has been found at this website, reference ID 985341703.
    ****************** Sophos Anti-Virus Log - 3/13/2018 3:08:12 PM **************

    "Mal/HTMLGen-A is the threat name associated with web content blocked by Sophos products using the reputation filtering functionality.


    Note: Mal/HTMLGen-A is not detection of a malware payload on an infected machine. Instead it indicates a Sophos product blocking access to a remote website we believe to be either malicious (a site whose sole purpose is to infect users with malware) or compromised (a legitimate site, but one that has been hacked in order to infect or redirect users)."


    So.......there is a site that is hosting malware that is also somehow hooked into backyardchickens.com. I assume via an advertisement. Would love to hear from the moderators of backyardchickens.com about if there is anyone who could look into this?
     
  7. KikisGirls

    KikisGirls Must hatch more Premium Member Project Manager

    45,232
    114,680
    1,787
    Jul 31, 2015
    Houston, TX
    My Coop
    Have you tried clearing your cache and browsers history yet?
     

  8. Yeah, but that did not help. And it is across different computers. The only common element is the website (www.backyardchickens.com) and the Sophos Enterprise virus protection being on both computers.

    The site is being blocked (count.im) is claimed to be hosting malware, so I think that is what might need to be taken a look at with whoever manages the advertising for www.backyardchickens.com. That person probably needs to then talk with whoever they are selling ad placements to, since I am sure the bad site is not directly buying ad space. It is probably being served up by some advertising broker or middle man. My post is more of a "heads up" to the owners of www.backyardchickens.com that their advertisers might be letting in some bad folks without knowing it.
     
    KikisGirls likes this.
  9. sourland

    sourland Broody Magician Premium Member 9 Years

    73,525
    46,709
    1,407
    May 3, 2009
    New Jersey
    @Nifty-Chicken
     
    KikisGirls likes this.

  10. KikisGirls

    KikisGirls Must hatch more Premium Member Project Manager

    45,232
    114,680
    1,787
    Jul 31, 2015
    Houston, TX
    My Coop
    BYC land....Is anyone else having this problem?

    I wonder is this has something to do with your Sophos software.
     

BackYard Chickens is proudly sponsored by