I am not sure which specific ads are causing the issue. It happens every single time that I go to opensubtitles.org in a web browser, currently using Chrome. I have not and am not experiencing this issue with any other website. When I look at Norton history, it shows the following:
IPS Alert Name: Web Attack: Fake Tech Support Domains 2
Attacking Computer: cobalten.com (220.127.116.11, 443)
Source address: 18.104.22.168
Network traffic from cobalten.com matches the signature of a known attack. The attack resulted from ....Chrome.exe.
Here is a screen cap of the Norton intrusion attack warning I just received while opening the website.
I personally have no objection to seeing ads with naked women on my browser, but an alert from Norton about an "instrusion attack" seems more troubling.
Does this provide you the details you need?
FYI - I also downloaded the opensubtitles uploader program last night to be able to easier upload subtitles, opensubtitles-uploader-2.4.0-win32-setup.exe, and Norton gave me an "untrusted" warning about the program. So I went to hybrid-analysis.com, uploaded the program for analysis, and it concluded that the program was "malicious", with a threat score of 80/100.
So I deleted the program without installing it. You guys should be aware of this as well.
This report has 15 indicators that were mapped to 15 attack techniques and 7 tactics.
Contains ability to query CPU information
Reads the active computer name
Found an IP/URL artifact that was identified as malicious by at least one reputation engine: http://nsis.sf.net
Ransomware/Banking: The input sample dropped 2000 files (often an indicator for ransomware)
System Security: Contains ability to elevate privileges
System Security: Opens the Kernel Security Device Driver (KsecDD) of Windows
Contains ability to reboot/shutdown the operating system
Reads the registry for installed applications
The list goes on...Most of which I do not understand, but I am not sure why a simple subtitle file uploader program needs to ability to elevate privileges, reboot my computer, accesses the Kernel Security Driver of Windows, or read a list of all the programs I have installed on my PC.
I really enjoy opensubtitles, and I will continue to use your service, but I will manually upload subtitles (I would upload more if it were easier). I want you guys to be successful, but hope that you draw a line between earning ad revenues and outright adding malware/ransomware to programs.
Am I to assume that becoming a VIP member would stop the web attacks with each visit? Also, is there a clean, non-malware (basic) version of the uploader I can install for Windows 10? If so, I will support you with VIP and upload more subtitles.