Can you possibly capture a screenshot? Maybe your device is going through updates. I usually get these problems with my device every few months when Windows and other apps are being updated on my computer or phone.
Solved High Risk website blocked? "Count.IM"
- Thread starter paneubert
- Start date
Thanks for reporting this and for all the great details!
So, we'll look into it, but maybe there is a way for you to "whitelist" or "ok" that site in the short-term? We haven't had any reports of any other visitors having problems with that.
I'll be looking into what "count.im" might be, but my guess is that it's some ad-network partner of Google AdSense, or similar. Various anti-virus programs can sometimes call out a false-positive on a few ad-network codes / websites.
So, we'll look into it, but maybe there is a way for you to "whitelist" or "ok" that site in the short-term? We haven't had any reports of any other visitors having problems with that.
Unfortunately a known issue, but probably unrelated to paneubert's issue. More info on this popup / spam issue is here: https://www.backyardchickens.com/threads/keep-getting-a-pop-up.1204670/
- Thread starter
- #23
I actually tried to go the other direction by manually blocking that site with one of my "ad blockers" (I know, I know, you need ad revenue to survive...) but it still manages to get thru enough to anger the virus scanner. Haha. So who knows. I can see if I can convince Sophos to allow it. Or just ignore the messages. They aren't that intrusive. Here is how they look.
cjoffutt
Chirping
Sophos does this on my work PC as well for BYC. Not an issue for me, doesn't cause pages to not load etc.
As for it affecting ads.....what ads? Perks of running AdBlock Plus.
As for it affecting ads.....what ads? Perks of running AdBlock Plus.
Yup, thanks for being mindful of this! It's not cheap running this site!
I'm working with our advertising team to see if it's realted.
Every time I log into Backyard Chickens, I get the following alert:
First and foremost, don't try to go to this site! I'm pretty sure it's bad news.
From what I've been able to find out so far, it seems to be a "coin miner" but I'm not sure.
I've run both eSet Nod32 and Malwarebytes scans on my computer and they've found nothing on it; however, so far, I'm not able to figure out how to get rid of it either. I've even emptied my cache, but it's still there. I'm getting it in Firefox, Cyberfox and Edge browsers.
Two friends who aren't members have logged into BYC and haven't seen it. I'm flummoxed, because this is the only site it's shown up on.
First and foremost, don't try to go to this site! I'm pretty sure it's bad news.
From what I've been able to find out so far, it seems to be a "coin miner" but I'm not sure.
I've run both eSet Nod32 and Malwarebytes scans on my computer and they've found nothing on it; however, so far, I'm not able to figure out how to get rid of it either. I've even emptied my cache, but it's still there. I'm getting it in Firefox, Cyberfox and Edge browsers.
Two friends who aren't members have logged into BYC and haven't seen it. I'm flummoxed, because this is the only site it's shown up on.
Attachments
Thanks for the details, we're looking into it!
BTW, if anybody else is seeing this, please let us know.
I'm all bleary eyed, but I had a security guru from TenForums.com remote into my computer with TeamViewer and somehow she cleaned out whatever was hiding in my system.
That doesn't explain how it came to be here only, nor does it explain how I got it in the first place. I don't go to places I'm not familiar with. And, as I said, it popped up the first time I opened Backyard Chickens.
I don't know enough about what it was to point any fingers, but I do need to say, "Be on your toes, Nifty-Chicken!"
Good night. I'm going to bed way past my bedtime.
That doesn't explain how it came to be here only, nor does it explain how I got it in the first place. I don't go to places I'm not familiar with. And, as I said, it popped up the first time I opened Backyard Chickens.
I don't know enough about what it was to point any fingers, but I do need to say, "Be on your toes, Nifty-Chicken!"
Good night. I'm going to bed way past my bedtime.
Last night, I got a notification of a new post on a thread I am watching, and the count.im thing showed up again; however, when I logged in this morning with Firefox, it doesn't show up.
A group of us are on Skype trying to get to the bottom of this thing, and I see there are other threads on this from as early as March 2018.
Here are some other things I've found:
https://www.virustotal.com/#/url/81...44d7367852042555dd454e2c4aa97963088/detection
VirusTotal keeps track of nasties in the wild.
https://www.virustotal.com/ui-publi...b58c31dec0e9def623c3c4aeebaad5e71d1/detection
Just another direction to look at it.
--------------------------------------
HTTP Response
Final URL
http://www.google.com/
Serving IP address
104.28.4.122
Status code
200
Body length
45.04 KB
Body SHA-256
934a89353e8729bb8c0c8c0b15b667a74743306cada8035733cbec27712c035c
Headers
cache-control: private, max-age=0
content-length: 46122
content-type: text/html; charset=UTF-8
date: Tue, 19 Jun 2018 22:51:35 GMT
expires: -1
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: gws
set-cookie: 1P_JAR=2018-06-19-22; expires=Thu, 19-Jul-2018 22:51:35 GMT; path=/; domain=.google.com, NID=132=Qk3FeMDe6nrcwFkMgmNI0NIwiu6X-W1odUWdGr2qeyAi-rmQzBgZOPt8SnpbcA8M1lDcRwswoKrUPgi17RdmExZHCckLVAIegYCoywwhF_HyHP-h9xo_BxPl9OIqP_41; expires=Wed, 19-Dec-2018 22:51:35 GMT; path=/; domain=.google.com; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
Wow, does this say what I think it says? I don't know enough to understand what I'm reading and the security guru had to go to a meeting.
A group of us are on Skype trying to get to the bottom of this thing, and I see there are other threads on this from as early as March 2018.
Here are some other things I've found:
https://www.virustotal.com/#/url/81...44d7367852042555dd454e2c4aa97963088/detection
VirusTotal keeps track of nasties in the wild.
https://www.virustotal.com/ui-publi...b58c31dec0e9def623c3c4aeebaad5e71d1/detection
Just another direction to look at it.
--------------------------------------
HTTP Response
Final URL
http://www.google.com/
Serving IP address
104.28.4.122
Status code
200
Body length
45.04 KB
Body SHA-256
934a89353e8729bb8c0c8c0b15b667a74743306cada8035733cbec27712c035c
Headers
cache-control: private, max-age=0
content-length: 46122
content-type: text/html; charset=UTF-8
date: Tue, 19 Jun 2018 22:51:35 GMT
expires: -1
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: gws
set-cookie: 1P_JAR=2018-06-19-22; expires=Thu, 19-Jul-2018 22:51:35 GMT; path=/; domain=.google.com, NID=132=Qk3FeMDe6nrcwFkMgmNI0NIwiu6X-W1odUWdGr2qeyAi-rmQzBgZOPt8SnpbcA8M1lDcRwswoKrUPgi17RdmExZHCckLVAIegYCoywwhF_HyHP-h9xo_BxPl9OIqP_41; expires=Wed, 19-Dec-2018 22:51:35 GMT; path=/; domain=.google.com; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
Wow, does this say what I think it says? I don't know enough to understand what I'm reading and the security guru had to go to a meeting.
Similar threads
New posts New threads Active threads
-
Latest threads
-
How soon can you start the broody breaking process?
- Started by JenFid
- Replies: 0
-
Ivermectin on baby chicks?- Started by PioneerChicks
- Replies: 1
-
How do people free range in areas where poison hemlock is invasive/prolific?!
- Started by Ohsrsly
- Replies: 1
-
Hen with prolapsed vent- Started by ThisFeatherFamily
- Replies: 0
-
How do I determine if it's allergies or a respiratory infection?
- Started by GoatTraveler
- Replies: 0
-
-
Threads with more replies in the last 15 days
-
-
Ended Official BYC Poultry Caption Contest 04-25-25 Pic by Sally PB- Started by TwoCrows
- Replies: 78
-
-
-
Is this chick wheaten? How did this happen?
- Started by Sic
- Replies: 55
-
