Forum rules
Under no circumstances is spamming or advertising of any kind allowed. Do not post any abusive, obscene, vulgar, slanderous, hateful, threatening, sexually-orientated or any other material that may violate others security. Profanity or any kind of insolent behavior to other members (regardless of rank) will not be tolerated. Remember, what you don’t find offensive can be offensive to other members. Please treat each other with the kind of reverence you’d expect from other members.
Failure to comply with any of the above will result in users being banned without notice. If any further details are needed, contact: “The team” using the link at the bottom of the forum page. Thank you.
mike2017mike
Posts: 17
Joined: Sun Oct 14, 2018 5:46 pm

redirects to malware sites

Sun Oct 14, 2018 6:03 pm

Hi everybody

I joined the forum specifically to find out how to deal with the redirects to malware and scam sites that I have started getting with OpenSubtitles.

One in prticular, a scam site telling me the usual rubbish, in the usual bad translation from Hindi, that Microsoft has detected a virus on my machine and is 'blocking' me, is a pain in the butt as it has a sound track that requires 'end task' from Task Manager

It happens every time when I acces OS with Firebird, but not with Chrome, so I guess it is Firebird specific

I have swept my system for viruses and malware but can't find any problems

Is there a Firebird expert who can tell me how to stop this please


Thanks in advance

mike2017mike
Posts: 17
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Mon Oct 15, 2018 10:17 pm

Update.............

Now doing this every time I try to access Opensubtitles. NO OTHER SITES

latest redirct is :-

[link memoved by SmallBrother for obvious reasons, this is a pretty fucking nasty one]

which lands on the scam Microsoft report site which requires that the browser is forced closed with Task Manager

For me, Opensubtitles is now completely unuseable

Any help? Any comments ?

Edit SmallBrother:
For the record, anybody who want to follow the intended link, and oss for informational and educational purposes, here is the - BEWARE !!! - NORMAL USERS, DO NOT DO IT !!! - VERY FUCKING NASTY - link:

Code: Select all

https://d1gn6vzfz08c5l.cloudfront.net/assests/eng_ff_auth.html?mid=8741&number=020-3936-8741&rb=JSc983dae71d904d478be5df6e0bcaf4fe&click_id=5bc4f1f9edbf3a20bf7c1099&subid=105021_1983476&url=&browser=Firefox&os=windows&geo=GB&p_num=020%203868%209712

User avatar
SmallBrother
Site Admin
Posts: 2600
Joined: Sun Mar 04, 2012 12:59 pm
Location: Somewhere on this globe

Re: redirects to malware sites

Mon Oct 15, 2018 10:56 pm

mike2017mike wrote:Any help? Any comments ?

This is not good AT ALL.
Thanks for the notification.
We are working on it.

mike2017mike
Posts: 17
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Tue Oct 16, 2018 1:53 pm

Thanks for investigating

It would appear that opensubtitles.org is continuously trying to open a new tab at cobalten.com

a google of cobalten.com shows that it is described variouly as malware, virus, PUP

Fortunately, cobalten.com is, for now obvious reasons, on just about every blaclist in existence

Malwarebytes blocks access to this site as a PUP site and I have also added it to my blacklist on Firefox

As I can not believe that a site such as Opensubtitles.org would be deliberately redirecting users to dangerous sites, I have to assume that Opensubtitles.org has been hacked or infected with a virus (it is still doing it as at time and date of this message)

the following is reported by Malwarebytes while blocking cobalten.com

Website blocked due to PUP

Domains: cobalten.com
IP Address: 188.42.162.184 (changes each visit)
Port: 52964 (changes each occurence)
Type: Outbound
File: ....\firefox.exe

User avatar
SmallBrother
Site Admin
Posts: 2600
Joined: Sun Mar 04, 2012 12:59 pm
Location: Somewhere on this globe

Re: redirects to malware sites

Wed Oct 17, 2018 10:08 am

I cannot reproduce it here for myself.

But that link, what is actually happening is a htaccess login system looping forever. This login dialog screen prevents us from controlling the browser (closing the tab, closing the browser, whatever) and that login screen will only disappear with the correct credentials - in reality never. I guess the PUP stands for Potentially Unwanted Program, but this is a bit vague. I think that infinite login dialogue is unwanted, but so is ransomware and nuclear attacks. For as far as I can see, that infinite login dialogue is the (only) nasty part. As soon as the browser is closed, the problem is gone.

This is my theory:
OpenSubtitles displays advertisements. This is done through an advertising agency and they get their content from their customers. Not everybody on this world is as nice as we are, so things can go wrong here. I think one of the advertisements is opening that bad page.

BUT
The advertisements are 'rotating'. I mean after a page refresh (and especially a browser restart) you should get other ads. So it is strange that it is hapening with you EVERY time. Have you tried clearing cache? Can you confirm that is is still happening again - and again every single time?

Btw, I have also reported this to the superadmin. I dont know what he is gonna do with it, maybe change advertising agency, maybe reporting it so the advertising agency can do something.

AlexP88
Posts: 8
Joined: Wed Oct 17, 2018 10:46 am

Re: redirects to malware sites

Wed Oct 17, 2018 12:46 pm

Hello everyone,

This is Alex and on behalf of my ad network company that holds cobalten ad server,
I would like to thank you for taking the effort to write on forum and inform us on the current issue. User experience is very important to us and we would never jeopardize our cooperation with our partners and our reputation with users.

Therefore, our ad network shows zero tolerance to advertisers that try to promote “bad” ad content. We make sure to eliminate such content and ban the advertisers from the network.

Based on the evidence you provided we have made sure to sort this issue immediately. However, for future reference, I strongly recommend users, to provide some sort of evidence: screenshots, link of the ad or a video would be more than helpful.

We are sorry for any inconvenience caused and we guarantee you that we are doing everything that is possible to have a safe ad serving experience.

mike2017mike
Posts: 17
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Wed Oct 17, 2018 1:46 pm

11 a.m GMT

I have installed Chromium on to my Linux pc. So it is a fresh, unused browser on a different pc

Trying to access a subtitle on Opensubtitles.org automatically opened a second tab which accesses cobalten.com.

The following are the first 10 tabs that Propeller Ads Media (cobalten.com)opened on my pc

I have not shown the complete link to avoid accidental openings

Bitcoin Trader - SCAM site
https://cobalten.com/afu.php?zoneid=1407888&var=1983476 SCAM
https://c.audienceline.com............................. SCAM
http://mmofreegames.online................... - League of Angels - PORN GAME
Android APK for 'Fortnite' ...... attempt to bypass Epic Games security, probable MALWARE, posssible VIRUS
audienceline.com...... POPUP redirect – Fake SCAM Web Page
pushedwebnews.com..... MALWARE (browser redirector)
e.audianceline.com..... MALWARE (browser redirector)
winniphone.net......... MALWARE (browser redirector)

WARNING *************WARNING This last one is graphic hard-core pornography WARNING *************WARNING


http://mmoframes.com/general/test/08/in ... 7909902265


Do you want your kids to automatically see this when they are looking for subtitles ?


While I think Opensubtitles.org is an excellent site and I fully understand the need for advertising revenue I just can not allow the sort of things that they are clearly condoning onto my PC.

Alex from Propeller said in his post "We are sorry for any inconvenience caused and we guarantee you that we are doing everything that is possible to have a safe ad serving experience." Why then, if I google cobalten.com , is there page after page of advice on how to get rid of cobalten.com redirects from your PC? and why are you redirecting my browser to porn, scam and virus sites

My advice to all users is to do as I have done and block cobalten.com from their browsers. It is a known bad site. Or find an alternative site for subtitles

AlexP88
Posts: 8
Joined: Wed Oct 17, 2018 10:46 am

Re: redirects to malware sites

Wed Oct 17, 2018 2:38 pm

Hello mike2017mike,

Can you please provide me with your OS version , browser version and your GEO ?

According to the links you have provided , only the first works which redirects to ad content that is not related to any porn or malware.

As i mentioned we are not serving any adult content. Is it possible to provide us with a video so we can see how it redirects from cobalten?

Although you mentioned that you fresh installed your browser. Is there any chance that you have you installed accidentally any extension/addon that promotes other on click ads?

mike2017mike
Posts: 17
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Wed Oct 17, 2018 6:11 pm

Oh Come On !!!!!!!!!!!!!!!!!

You know what you are doing

but, just for the record...............

-----------------------------------------------

"Can you please provide me with your OS version , browser version and your GEO ?"

Linux Mint 18
Windows 10 build 16299
macOS 10.14 Mojave
Firefox (latest version for each platform)
Chrome (latest for each platform)
Chromium (latest for Linux Mint)
Internet Explorer 11.726.16299.0
Safari 12

My VPN has me variously in USA, England, Australia, Netherlands, Eire and Sweden

IT DOESN'T MATTER -

This is what happens (and you know it does) in any browser on any platform at any location

1) type opensubtitles.org in browser
2) as soon as you place curser in search bar then a tab is opened at cobalten.com
3) new tab opens at whichever scam, porn or virus site cobalten.com redirects to

cobalten.com nearly always redirects to virus, scam and malware sites

Out of interest I just went to Opensubtitles.org in Safari on my Ipad and guess what? no surprise... straight into cobalt.com which imediately redirected me to a scam site.

----------------------------

"According to the links you have provided , only the first works which redirects to ad content that is not related to any porn or malware."


Yes it does (it changes each time)

And....read my post properly. Quote "I have not shown the complete link to avoid accidental openings"

----------------

"As i mentioned we are not serving any adult content. Is it possible to provide us with a video so we can see how it redirects from cobalten?"

I gave the complete link to the graphic hard core pornography that you provide in my last post

-----------------
"Although you mentioned that you fresh installed your browser. Is there any chance that you have you installed accidentally any extension/addon that promotes other on click ads?"

OK, for clarity
I installed a clean version of Linux Mint. I then opened Firebird. I then typed opensubtitles.org. When I placed my curser on the search bar, a tab opened at cobalten.com which immediately redirected to a scam site.

Please do not treat me like an idiot, I can see what is happening
Opensubtitles has a deal with Propeller Ads Media such that when a user searches on Opensubtitles a tab is opened for cobalten.com which then redirects to whichever scam, virus or porn site is the bigger payer.

Either that or Propeller Ads Media has hacked the Opensubtitles site or dropped a virus on them

Incidently, this is the link to see what Malwarebytes have to say about cobalten.com https://blog.malwarebytes.com/detections/cobalten-com/
and here https://www.maltiverse.com/hostname/cobalten.com
and here https://quttera.com/detailed_report/cobalten.com

But this is taking up too much of my time

Can somebody push this to the top of Opensubtitles please?

It was originally meant as a heads-up for Opensubtitles, but if they chose to ignore it I don't realy care as I have now blocked all advertising on Opensubtitles and specifically blocked cobalten.org from all of the browsers in all of our PCs and added them to the host files

so.................................. If opensubtitles.org don't care that their users, of whatever age, are being redirected to porn, viruses, scams and other malware ....then ..... Good-night and God Bless

AlexP88
Posts: 8
Joined: Wed Oct 17, 2018 10:46 am

Re: redirects to malware sites

Wed Oct 17, 2018 6:37 pm

mike2017mike,

"Please do not treat me like an idiot, I can see what is happening"

We are trying to investigate the issue and I do not have any intentions to treat you like idiot. I respect that you are taking the effort to write down to forums and I am also trying to find out the problem that is causing you this experience.

"Either that or Propeller Ads Media has hacked the Opensubtitles site or dropped a virus on them
Incidently, this is the link to see what Malwarebytes have to say about cobalten.com https://blog.malwarebytes.com/detections/cobalten-com/
and here https://www.maltiverse.com/hostname/cobalten.com
and here https://quttera.com/detailed_report/cobalten.com"

A lot of antivirus,malware tools , could possibly "spot" a server as threat. This is not necessarily true.
They have so much strict filtering for many reasons that i cannot really expand here.
Add also the fact that they are companies that try to promote their own anti malware tools for their own benefit.

I believe we have all experience in the past , where we download some files , ( crack files , subs etc ) and our antivirus finds it as a threat and potentially unwanted . This doesnt mean necessarily that is a threat or hack or virus or anything related to it.

I am not trying to put a debate here but to solve the issue. And this is what I am going to do.So kindly , lets skip all those things about hacking etc.

Opensubtitles.org is a respectful site running for a long period time and nobody disputes this. They are so far the best.
Propeller Ads is a multinational company covering 80% of the pop under industry.
As i have stated on previous post, we would never jeopardize our partnerships or cause bad experience to any user, period!

"But this is taking up too much of my time
Can somebody push this to the top of Opensubtitles please?
It was originally meant as a heads-up for Opensubtitles, but if they chose to ignore it I don't realy care as I have now blocked all advertising on Opensubtitles and specifically blocked cobalten.org from all of the browsers in all of our PCs and added them to the host files"

We are actually trying to help on your issue from both ends, and it takes all the attention that is necessary. Nobody is ignoring you or devalues you or any user.

I will keep you updated.

mike2017mike
Posts: 17
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Wed Oct 17, 2018 10:40 pm

Thank you Alex

But it is simple

stop taking money from the fraudsters for redirecting to these bad sites

maybe you can send me your family's email addresses so I can send them the porn that you are showing to my family.

I will apolagise if you are not doing it intentionally, but if you are not, then employ somebody who knows what they are doing or get out of this business.

It is so very telling that the answers and the defence are coming from the advertiser and no comments at all from anybody at Opensubtitles

I will assume that Opensubtitles management just do not care as long as the scammers are paying Propeller ads and Propeller Ads are paying Opensubtitles

User avatar
oss
Site Admin
Posts: 4514
Joined: Sat Feb 25, 2006 11:26 pm
Contact: Website

Re: redirects to malware sites

Thu Oct 18, 2018 7:51 am

@mike2017mike if you think we dont care about this, first of all I would not tell to Alex to register here and reply. We care what is happening and everybody want to solve it, so please calm down.

AlexP88
Posts: 8
Joined: Wed Oct 17, 2018 10:46 am

Re: redirects to malware sites

Thu Oct 18, 2018 10:19 am

@mike2017mike

As I have stated , we are not working with any advertiser that promotes porn content.

We are talking about a platform where thousands of advertisers promote their content through an automatic system that show ads through ad server. This system of course, has mechanisms that filter and ban anything related to unwanted content.

There are very very small and minor occasions , where some advertisers can somehow "cheat" and show a "valid" ad but then they redirect it to an unwanted pop .. This is why I told you to provide us with details, so we can investigate it and eliminate it.

Kindly erase your cache and let us know if you still have any unwanted content. So far, we have done all tests from several GEOS , and with different devices and OS and we havent seen anything related to porn.

User avatar
oss
Site Admin
Posts: 4514
Joined: Sat Feb 25, 2006 11:26 pm
Contact: Website

Re: redirects to malware sites

Thu Oct 18, 2018 10:32 am

is here anybody else who can experience bad adverts, same like @mike2017mike ?

User avatar
SmallBrother
Site Admin
Posts: 2600
Joined: Sun Mar 04, 2012 12:59 pm
Location: Somewhere on this globe

Re: redirects to malware sites

Thu Oct 18, 2018 6:40 pm

@mike2017mike

First of all, be assured that I really appreciate your efforts to notify us and providing details. I understand you are upset - I would be, if I would find what you are saying.

mike2017mike wrote:I will assume that Opensubtitles management just do not care as long as the scammers are paying Propeller ads and Propeller Ads are paying Opensubtitles

Please note that as soon as I saw your post, I reacted instantly by replying, supporting your complaint and I notified the big boss of OpenSubtitles. As a result from his actions AlexP88 is here.
Also note that, although my title "Site Admin" looks 'important', I am just an unpaid volunteer, with no financial interest whatsoever. I am here for fun, and trying to support others who are also here for fun.

I am, and I think we are taking you seriously. But that doesn't mean we should instantly hang the advertiser from the highest tree. Unless we find otherwise, AlexP88 deserves at least the benefit of the doubt, that's only fair. So, let's get back to the problem.

I checked the links you gave. For example:
- audienceline.com: This is listed as web site with uncertain reputation or potentially unwanted content.
- pushedwebnews.com: Flagged for potentially dangerous content, to be specific: JS/Adware.Agent.AA application.
- And yeah, that HD video on mmoframes.com is not really something I would want to serve my kids while searching for the latest subs for Donald Duck.

Personally, I cannot reproduce these sites being triggered by OpenSubtitles.org or cobalten.com - but that's maybe because my computer has a bunch of protection layers. I have tried on an old XP computer with an old browser, but also there I see no problem.
But
- I DO get very regular red flags mentioning "go.onclasrv.com" (= cobalten.com) on my protected machine as potential risk, with the same JS/Adware.Agent.AA application underneath. No need to do anything with the mouse, just opening a page.
- I have asked a friend to check with Mac + Safari and there was some trouble: a tab opening with a web page and a javascript "OK" popup saying something like "3 VIRUSES FOUND !!!" and an offer to clean. God knows what would happen when clicking the OK button. Obviously a scam or maybe even malware/virus site. It is not clear what triggered it. Not the cursor in the search field. I THINK it was moving the mouse over the main advertising area (not left/right, but the center), or maybe no user action is needed at all.

My wet-finger-conclusion is that the ads are not completely clean, but I don't see things as severe as mike2017mike is saying.

@AlexP88

I understand about false positives and about companies (falsely) promoting their own anti-malware products. A red flag doesn't necessarily mean something is actually a threat. But it surely could be.

Have you searched in your database if any of the domains mentioned by mike2017mike are present?
mmofreegames.online
audienceline.com
pushedwebnews.com
winniphone.net
mmoframes.com

And what about that JS/Adware.Agent.AA application ?

Return to “General talk”

Who is online

Users browsing this forum: No registered users and 39 guests