Solved High Risk website blocked? "Count.IM"

[paneubert]

Hello;

I have not been on the site for a while, so maybe this was addressed sometime over the past 6-12 months and I missed it. Now that I am back, every time I view a new page, I get a pop-up from Windows letting me know it blocked a high risk website called "Count.IM". Any insight into this? I assume Count.IM is the site for one of the banner ads that backyardchickens allows, but it is sort of concerning (and annoying) that it pops up every single time I click a link, hit the back button, make a post, etc... Happens both at work and at home on different computers, so this isnt some sort of infection of my computer or anything like that. Also only get it on backyardchickens. Nowhere else.

 

[paneubert]

Huh....the plot thickens.....Russians! Haha. Are they influencing our chicken choices as well as our presidential elections? But seriously.....what is going on?

Domain Name: count.im
Domain Managers
Name: Dynadot LLC
Address
PO Box 345
San Mateo
California
94401
United States
Domain Owners / Registrant
Name: Abbas
Address
st.petersburg no 1
st.petersburg/st.petersburg
st.petersburg
3313131
Russian Federation
Administrative Contact
Name: Abbas
Address
st.petersburg no 1
st.petersburg/st.petersburg
st.petersburg
3313131
Russian Federation
Billing Contact
Name: Abbas
Address
st.petersburg no 1
st.petersburg/st.petersburg
st.petersburg
3313131
Russian Federation
Technical Contact
Name: Abbas
Address
st.petersburg no 1
st.petersburg/st.petersburg
st.petersburg
3313131
Russian Federation
Domain Details
Expiry Date: 05/02/2019 00:59:55
Name Server: may.ns.cloudflare.com.
Name Server: noah.ns.cloudflare.com.

 

[paneubert]

The California folks are a domain name registrar, so that is legit. But the rest is all Russian.

 

[PirateGirl]

Some days I get weird pop-ups, spam type ads that won't go away and I have to exit the browser, on my IPhone, but never when I use Chrome on a desktop. Hmm.

 

[paneubert]

Some days I get weird pop-ups, spam type ads that won't go away and I have to exit the browser, on my IPhone, but never when I use Chrome on a desktop. Hmm.

Well the thing is I don't ever get pop-ups or actual ads. It is just a Windows based little notification that it blocked the high risk site. Down where you get your other system notices near the clock, etc.... So it is actually the operating system/Microsoft blocking it. That is actually the most concerning since it means Microsoft has decided that site is bad. Not some third party anti-virus company or Firefox/Chrome, etc..

 

[paneubert]

Ah.....so I was slightly mistaken. The notice looks like it is coming right from Windows, but it is actually coming from my enterprise version of Sophos. Sophos uses Windows to deliver its messaging versus using its own software to issue notices, so I had to dig to find the actual information.

****************** Sophos Anti-Virus Log - 3/13/2018 3:08:12 PM **************
20180313 150656 Blocked web request to "count.im" for user "not gonna tell you my real name". 'Mal/HTMLGen-A' has been found at this website, reference ID 985341703.
****************** Sophos Anti-Virus Log - 3/13/2018 3:08:12 PM **************

"Mal/HTMLGen-A is the threat name associated with web content blocked by Sophos products using the reputation filtering functionality.


Note: Mal/HTMLGen-A is not detection of a malware payload on an infected machine. Instead it indicates a Sophos product blocking access to a remote website we believe to be either malicious (a site whose sole purpose is to infect users with malware) or compromised (a legitimate site, but one that has been hacked in order to infect or redirect users)."

So.......there is a site that is hosting malware that is also somehow hooked into backyardchickens.com. I assume via an advertisement. Would love to hear from the moderators of backyardchickens.com about if there is anyone who could look into this?

 

[Kiki]

Have you tried clearing your cache and browsers history yet?

 

[paneubert]

Have you tried clearing your cache and browsers history yet?

Yeah, but that did not help. And it is across different computers. The only common element is the website (www.backyardchickens.com) and the Sophos Enterprise virus protection being on both computers.

The site is being blocked (count.im) is claimed to be hosting malware, so I think that is what might need to be taken a look at with whoever manages the advertising for www.backyardchickens.com. That person probably needs to then talk with whoever they are selling ad placements to, since I am sure the bad site is not directly buying ad space. It is probably being served up by some advertising broker or middle man. My post is more of a "heads up" to the owners of www.backyardchickens.com that their advertisers might be letting in some bad folks without knowing it.

 

[sourland]

Ah.....so I was slightly mistaken. The notice looks like it is coming right from Windows, but it is actually coming from my enterprise version of Sophos. Sophos uses Windows to deliver its messaging versus using its own software to issue notices, so I had to dig to find the actual information.

****************** Sophos Anti-Virus Log - 3/13/2018 3:08:12 PM **************
20180313 150656 Blocked web request to "count.im" for user "not gonna tell you my real name". 'Mal/HTMLGen-A' has been found at this website, reference ID 985341703.
****************** Sophos Anti-Virus Log - 3/13/2018 3:08:12 PM **************

"Mal/HTMLGen-A is the threat name associated with web content blocked by Sophos products using the reputation filtering functionality.


Note: Mal/HTMLGen-A is not detection of a malware payload on an infected machine. Instead it indicates a Sophos product blocking access to a remote website we believe to be either malicious (a site whose sole purpose is to infect users with malware) or compromised (a legitimate site, but one that has been hacked in order to infect or redirect users)."

So.......there is a site that is hosting malware that is also somehow hooked into backyardchickens.com. I assume via an advertisement. Would love to hear from the moderators of backyardchickens.com about if there is anyone who could look into this?

@Nifty-Chicken

 

[Kiki]

BYC land....Is anyone else having this problem?

I wonder is this has something to do with your Sophos software.