Forum rules
Under no circumstances is spamming or advertising of any kind allowed. Do not post any abusive, obscene, vulgar, slanderous, hateful, threatening, sexually-orientated or any other material that may violate others security. Profanity or any kind of insolent behavior to other members (regardless of rank) will not be tolerated. Remember, what you don’t find offensive can be offensive to other members. Please treat each other with the kind of reverence you’d expect from other members.
Failure to comply with any of the above will result in users being banned without notice. If any further details are needed, contact: “The team” using the link at the bottom of the forum page. Thank you.
mike2017mike
Posts: 24
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Thu Oct 18, 2018 8:05 pm

Many thanks for your time SmallBrother, I really do appreciate it

But you say you are a volunteer?. Where is an answer or comment from the owners/management of Opensubtitles ? Do they not monitor or read the forums? Is there an email for them so I can ask them directly why they are allowing redirects to scams and pornography?

Today I temporarily switched off my blocking to find opensubtitles.org automaticaly opening the following scamming sites for me

********* WARNING *********** DO NOT CLICK THROUGH THESE SITES TO WHICH OPENSUBTITLES TRIED TO FORCE ME. THEY WILL INSTALL MALWARE ON YOUR PC OR STEAL YOUR MONEY *********** WARNING ****************

audienceline.com - another well known scamming site
https://www.workfromhomejobsonline.co/5/peu.php SCAM SITE
https://www.primebitprofit.com/?aid=FVA ... 1=36765109 SCAM SITE THEY WILL STEAL YOUR MONEY
https://1kdailyprofit.co/en?campaign_id ... 004c36a5cc SCAM SITE THEY WILL STEAL YOUR MONEY
https://www2.windowconcretegetflash.icu ... ........... this one trys to get you to 'update your Flash Player' THIS WILL INSTALL A VIRUS
stoagergu.com ............ again I will not give whole link due to very adult material. This one will completely screw your Chrome
socialnewpages.com ................. not complete link as KNOWN REDIRECTOR AND ADWARE (with possible virus)
and one of my old favourites
https://windows-rescue.info/..................... a particularly nasty one. I will not give the whole link but it is yet another technical support scam from our friends in Mumbai pretending to be Microsoft. THEY WILL STEAL YOUR MONEY

I have spent some time cleaning these scams/adware out of my clients' PCs. Oops sorry, did I not mention that I am a network security analyst. Oops! Silly me

@AlexP88

Are you really so incompetent that you don't know what you are redirecting to?

I don't mind being shown genuine advertisements (about 1 in 15 or so appears to be genuine), but I DO NOT WANT YOU TO TRY TO, ON BEHALF OF YOUR CLIENTS, SCAM ME, take my money, infect my machine or show me pornography


@everybody

open Google type "audienceline.com" , press enter - read
type "cobalten.com" , press enter - read
type "stoageru.com" , press enter - read
type "socialnewpages.com" , press enter - read

These sites will, if you are running Windows with not enough protection, add unwanted software into your PC which will keep redirecting you to scams and porn

Fortunately all three of them are now on so many other blacklists that my VPN has also blacklisted them, so all I do now is connect to opensubtitles.org through my VPN and cobalten.com is, thankfully, history

Come on people. Can somebody else jump in with their experience of these redirects?

It is possible, however, that I have been using one of the very few servers that does not block cobalten.com

But there surely must be others, I am sorry opensubtitles, none of your adverts are being seen

AlexP88
Posts: 9
Joined: Wed Oct 17, 2018 10:46 am

Re: redirects to malware sites

Fri Oct 19, 2018 12:03 pm

So far, I have checked multiple times and I have not seen anything related to porn or sites that could affect your device.

Yet again, I have sent all the information you provided me to our technical department and they are running multiple tests on different devices,platforms and geos.

User avatar
SmallBrother
Site Admin
Posts: 2785
Joined: Sun Mar 04, 2012 12:59 pm
Location: Somewhere on this globe

Re: redirects to malware sites

Fri Oct 19, 2018 12:37 pm

mike2017mike wrote:Where is an answer or comment from the owners/management of Opensubtitles ?

Site admin "Oss" is the management. I notified him after your first post and resulting from that he replied earlier in this topic and he contacted AlexP88. So he is aware of the situation.


Hold on, Mike. There is no need to add more bad URL's or references proving they are bad. The issue left is whether they are opened by cobalten/Propellor ads and if so, how. And if so, personally I would like to know why the effect with you is different from here with me.
Please give a chance to Alex to investigate, respond and answer the questions.

@AlexP88

Have you searched in your database if any of the domains mentioned by mike2017mike are present?
mmofreegames.online
audienceline.com
pushedwebnews.com
winniphone.net
mmoframes.com
and the new ones indicated by Mike:
workfromhomejobsonline.co
primebitprofit.com
1kdailyprofit.co
windowconcretegetflash.icu
stoagergu.com
socialnewpages.com
windows-rescue.info

And what about that JS/Adware.Agent.AA application ?

@Anybody else

Yes, it would be nice if anybody else can confirm or deny something...

mike2017mike
Posts: 24
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Fri Oct 19, 2018 4:58 pm

OK, Thanks SmallBrother

I will give Alex the benefit of the doubt. I am sure he is just trying to run his business legitimately

But if he has good intentions then surely he must be able to just blacklist the sites such as audienceline that are known 'bad sites'.
Alex has to realise that cobalten.com is getting a really bad name and is appearing on blacklists everywhere (as mentioned, my VPN will not allow their traffic)

Maybe the problem is just one of cascading. e.g cobalten.com's rotator picks another ad-server whose rotator then picks another ad-server which serves up the malware, scam and porn sites. So the rogue ad-servers need to be blacklisted. But please note that the site in screengrab 3 was DIRECT from cobalten.com

As nobody seems able to reproduce these redirects I have recorded three consecutive openings of opensubtitles.org within a few minutes

Unless you are accessing opensubtitles.org through a server on which cobalten.com is already blocked (growing daily), or you have blocked cobalten.com from your browser or added to your Hosts file YOU WILL BE REDIRECTED TO THESE SITES. I lifted my blocking just to show you


********************** MY WARNING - GRAPHIC ADULT CONTENT - MY WARNING ****************************
***************************************************************************************************************


screengrab 1 https://vimeo.com/296021640
screengrab 2 https://vimeo.com/296021158
screengrab 3 https://vimeo.com/296020987

If you watch the location bar you will see the following

screengrab 1
opensubtitles automatically opens https://cobalten.com/afu.php?zoneid=1407888&var=1982476
which redirects to
https://gigdnetwork.com/jump/next.php?r=2173671
which opens
guildofangels.net/general/loa/x3/index.htm?cep=[very long address]

this is a promise to play a pornographic game but will actually infect pc with redirects and probably virus

screengrab 2
opensubtitles automatically opens https://cobalten.com/afu.php?zoneid=1365143&var=1983476
which opens https://audienceline.com/?b=2052889&ba= ... 66&did=&dm[very long address]

this is an audienceline scam which will infect your pc with redirects

screengrab 3
opensubtitles automatically opens https://cobalten.com/?ip={long sequence]
which redirects to
https://cobalten.com/afu.php?zoneid=1407888&var=1983476
which opens
E D I T E D
https://bestdateshere22.com ( and then) /?u=7pfk605&o=e9ym176&t=1983476_proads2 (if you clicked on the original it will send you into a porn site which rotates when you try to leave. you have to close browser to leave)

more naked women on a site known to inject malware into your pc please note this is DIRECT from cobalten.com

so three consecutive openings of subtitles.org opened 1) pornography with malware 2) audienceline scam with redirect malware and 3) more pornography and malware
(I then went on to open it another 10 times. The score was legitimate advertising 1, Scam, malware, pornography 9)

and btw 1 .... I still think that opensubtitles.org is a fabulous site. Thanks .
and btw 2 .... OSS = Brano ???? or has he sold up and living a life of luxury in the Caribbean ? :) :)

AlexP88
Posts: 9
Joined: Wed Oct 17, 2018 10:46 am

Re: redirects to malware sites

Fri Oct 19, 2018 5:15 pm

@mike2017mike

Thank you for your feedback. I will also forward the videos to the technical team and see what is going on.

mike2017mike
Posts: 24
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Fri Oct 19, 2018 5:18 pm

@AlexP88

Thanks Alex. I am happy to work with you to resolve this issue

AlexP88
Posts: 9
Joined: Wed Oct 17, 2018 10:46 am

Re: redirects to malware sites

Sat Oct 20, 2018 3:06 pm

Hello,

Tech team informed me yesterday that they have set some restrictions and filters to eliminate any possible "unwelcomed" ads.

Kindly let me know if you are still receiving negative ad feed or anything suspicious.

We have still done multiple checks on the current GEOS that you experienced "bad" content" but also in most GEOS that provide traffic.

From our behalf, we are not receiving anything suspicious after several tests.

For any reason that you get something bad. Provide me with link so I can report back to my tech team.

mike2017mike
Posts: 24
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Sat Oct 20, 2018 6:01 pm

Hi guys

Well, something has happened for the better

Todays test

10 consequtive openings

1 zaful.com............. legitimate
2 keegleedaphi.com...... malware/redirector*
3 ihata.ma.............. Moroccan 'bikini' site no malware reported looks legitimate
4 ihata.ma.............. Moroccan 'bikini' site no malware reported looks legitimate
6 zaful.com............. legitimate
7 gearbest.............. legitimate
8 lovelyflowers......... legitimate
9 gpaebj.instalovers.org PORNOGRAPHIC DATING SITE
10 gearbest............. legitimate


score ok - 8, not ok - 1, really not ok - 1

* keegleedaphi.com is interesting

type in keegleedaphi.com and you will get a perfectly legitimate looking site with, as far as I could find, no malware
but follow your redirection to https://keegleedaphi.com/?rzi=1983476&rsz=1983476&rid= and you hit another ad rotator, which in this case landed me at a site for illegally watching pay tv (moviepin.tv is a known malware site)

the whole sequence
cobalten.com redirected to https://keegleedaphi.com/?rzi=1983476&rsz=1983476&rid= (which is itself a redirector)
this asked me to press enter to watch full videos online, which redirected me to https://mv.media-bucket.com/qqy/en/?aid={huge number of characters]
this asked me to register to watch sport and movies for free which redirected to
https://register.moviepin.tv/qqy/en/?ai ... dial&hobj={huge number of characters]

so, as I suspected, cobalten.com redirects to a redirector which redirects to a redirector etc. etc. ect. ect.
In these circumstances there is no way on earth that cobalten.com can control what is eventually shown on opensubtitles' users PCs

@AlexP88

Is there any way that you can detect other ad rotators and block them? This would give you total control over what is fed to opensubtitles.org (and your other clients)

@SmallBrother and @oss

Out of interest, whilst you are under the spotlight of the anti-piracy people, do you think it wise to show a link on every one of your pages that will open lookmovie.ag (https://www.opensubtitles.org/en/WBjrpx ... HHHNzGO1C4)
where I can watch, for example, Johhny English or First Man which have only just been relased to cinemas? ........ Just saying

User avatar
SmallBrother
Site Admin
Posts: 2785
Joined: Sun Mar 04, 2012 12:59 pm
Location: Somewhere on this globe

Re: redirects to malware sites

Wed Oct 24, 2018 12:26 pm

Once again, I cannot reproduce anything as severe as Mike says. Also not on vanilla unprotected systems I have available.
However, after some more asking around, apparently some stuff is happening and seemingly this only happens using Safari on Mac.

AlexP88
Posts: 9
Joined: Wed Oct 17, 2018 10:46 am

Re: redirects to malware sites

Wed Oct 24, 2018 2:24 pm

So far we have not experienced anything severe also.

I will also inform tech to have another check on "mac devices" .
As of now, they optimization department has gone through an in depth scan to eliminate any possible advertisers that could produce bad redirects.

User avatar
SmallBrother
Site Admin
Posts: 2785
Joined: Sun Mar 04, 2012 12:59 pm
Location: Somewhere on this globe

Re: redirects to malware sites

Wed Oct 24, 2018 2:50 pm

Okay, good. Thanks for being on it. And sorry my info about trouble is not very detailed. I am getting this from others and it is not really doable to get them to give me the details we would like. I can only assure you that something *is* happening. That "you have 3 viruses" I saw with my own eyes. Other things I just heard from people and are a bit vague (but not useless). A few quotes:
- "All I can advise is not to access OS using Safari from your iPhone."
- "Redirects after redirects before you actually do what you intended."
- "If that box pops up, you have to just close the browser."

And do you have any info on that JS/Adware.Agent.AA application served by go.onclasrv.com (cobalten.com) and triggering a red flag (page block) by my AV?

mike2017mike
Posts: 24
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Wed Oct 24, 2018 3:02 pm

Sorry everybody, slightly longer than "War and Peace" again

But I am so very grateful for the existence of opensubtitles that I want to see them keep providing the wonderful service.

My partner's mother tongue is one of the Slavic languages with thousands of different noun and verb endings. This makes opensubtitles essential for a harmonious relationship.

BIG respect to anybody who is fluent in Czech, Polish or Slovak and English (with thousands of different pronunciations for each letter and word).

The screen recordings that I posted were from Firefox 62.0.3 (64-bit) on Mint Linux 18.2 Cinnamon 64-bit, but the same is happening on Firefox 62.0.3 (32-bit) and Chrome 69.0.3497.100 on Windows 10 Build 16299 and Safari 9 on IOS 9.3.5 and Chromium

But this morning's tests showed about 50/50 good/bad

The ads are sometimes genuine except it is still redirecting to audienceline, which will add unwanted and potentially dangerous redirects to most browsers in Windows

Also got https://workfromhomejobsonline.co/5/uke.php, which is a scam

Also, several sites, including audienceline, were asking for you to 'give permission....' bad news, these will almost certainly infect you.

And two occasions of the old favourite of 'Firefox needs updating.... click here' which can only be got rid of by rebooting

erm...........but hold the front page !

I have just realised that by simply creating a user id and password for opensubtitles.org, I can sign in and have all of the advertising including the redirects removed, without having to remember to ad and malware block.
So in summary:-

a) on any browser on any platform without vpn/ not signed in / no malware blocker or ad blockers

browser opens new tab for cobalten.com which then directs, sometimes to scam and malware. Opensubtitles offers brand new films to watch illegally

b) on any browser on any platform with vpn (malware and ad blockers switched off, signed in)

On-screen ads, but no new browser tab, still offer to watch films illegally

c) on any browser on any platform with or without vpn, malware and ad blockers switched on, signed in or not)

no ads, no offers to watch films illegally, no new tabs

So I will just keep the malware blocker on, the ad blocker on and sign in all through my VPN, although I feel bad that this will stop me seeing the genuine ads that keep opensubtitles going

This gives me an easy way to solve my original problem but leaves me very worried that with the 'copyright police' asking the Australian government to block Opensubtitles on Australian ISPs (and then probably other countries if successful), how can Opensubtitles.org defend its position when offering the illegal watching of copyright material?

e.g.
search for subtitles for Johnny English Strikes Again (Which will be theatrically released in the United States on 26 October (2 days from now)

The resultant opensubtitlespage gives one link to buy the DVD at Amazon but two separate links to illegally watch the film right now ...

https://www.opensubtitles.org/addons/a.php?file=
https://www.opensubtitles.org/en/w10Mxo ... SjWMWOZ4wT

maybe these should disappear for a while?

perhaps I should start a separate thread for this concern?

Many thanks to SmallBrother and Alex

mike2017mike
Posts: 24
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Fri Oct 26, 2018 9:49 pm

Tried Opensubtitles.org with my shields down this afternoon

The first redirect from cobalten.com was to a scam Microsoft site;
when I tried to close it, Firefox froze and then my system crashed ; Yes it crashed a Linux system ! It takes a lot to crash a Linux system

Then I decided to try out Opensubtitles using my Android phone

Every single redirect from cobalten.com was a scam site

....You have won an I-phone SCAM
....Make $14,000 dollars a day like these people (with a nice video of an actor standing in front of a G600) SCAM
....A whole bunch of win.amazn.uk.com pretending to be Amazon(registrar of this site is NAMECHEAP INC, says it all) SCAMS

Forgive me if I am starting to sound cynical or paranoid, but is cobalten.com just taking their 30 pieces of silver?

mike2017mike
Posts: 24
Joined: Sun Oct 14, 2018 5:46 pm

Re: redirects to malware sites

Fri Nov 02, 2018 8:01 pm

As it has been a week since any comment from either opensubtitles.org or Propeller Ads Media I have taken a look at what progress they have made in stopping users of opensubtitles being taken to scammer, pornography and malware sites


I dropped my 'shields' on Firefox, opened opensubtitles.org and the first 5 sites I was sent to were as follows

I have, of course, not shown the full URLs

1) Dirty Tinder Teen - porn

2) bitcointraderspro.com - scam

3) https://gsafe.getawesome4.com/wim/st.................... - trying to add redirector

4) Global Resources - genuine site but known home home of chinese scammers

5) http://only2date.com/UK/index.html?sxid ... ........... which redirected to https://www.findmyfling.com/landing25?............ - dating only for sex

So, for the many, many people who are following this thread, the answer is ..... absolutely nothing has been done to stop your kids who are looking for subtitles for their cartoons being forced onto sex sites, scammer sites and malware sites.

I recommend to prevent this scenario, that you only connect to opensubtitles.org with

a) make sure you have ad-blockers running
b) add cobalten.com specifically to your black lists
c) connect through a VPN if possible

User avatar
SmallBrother
Site Admin
Posts: 2785
Joined: Sun Mar 04, 2012 12:59 pm
Location: Somewhere on this globe

Re: redirects to malware sites

Sun Nov 04, 2018 5:31 pm

Please allow me to be a little bit the advocate of the devil here.

- No result or no difference does not mean that nothing was done. Maybe you are a bit too fast with conclusions?

- From the many, many people who are following this thread, we have not had even one single confirmation the same thing is happening to them too. Maybe it is not happening to anybody else?

- Ads are annoying and some may be tricky. But anybody who believes to make $14,000 per day, without any skills, basically doing nothing, maybe they deserve to be robbed? Hallelujah darwinism :twisted:

Return to “General talk”

Who is online

Users browsing this forum: No registered users and 6 guests