Open Malware warning from Anti-virus software

[DCDev]

Norton antivirus is screaming at me with some Malicious attack that seems to come from this site. When i come out of it the message goes away and no action is taken.

What ads have you got on here? I noticed some strange new ads that ask me for surveys etc. These seem to be the ones that are being flagged. Done a full virus scan on my machine and all comes back green. It only starts to block requests when I visit Babiato.

This is the intrusion url:

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
31/08/2023 14:44:52,Medium,An intrusion attempt by www.profitablecreativeformat.com was blocked.,Blocked,No Action Required.

Network traffic from <b>https://www.profitablecreativeformat.com</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE.

I found this that indicates that an ad or someone has hacked your site: https://securedstatus.com/remove-profitablecreativeformat-com/. I have checked this against other website on the same browser and nothing happens. no warning, no attacks, nothing.

I also use Brave, DuckDuckGo and all flag your site as having a malware attack through my ant-virus software. This is new and nothing has changed on my side. I will rule this out by investigating further but seems to be on all browsers I use, and only when visiting your site.

I have reset all browsers, removed all extensions, done a full site scan using Norton and all comes back as green.

Any ideas? Luckily my virus scanner blocks these requests.

 

[Medw1311]

Is this on desktop or mobile?

 

[slvrsteele]

Try a hard refresh with Ctrl+f5 for several times

 

[Medw1311]

It looks like when I make changes to ad placements it will default to the spammy popunder ads for a few minutes before reverting to what it should be.

 

[DCDev]

Is this on desktop or mobile?

Desktop. My window is small due to the amount of other browsers I have open.

 

[Medw1311]

Desktop. My window is small due to the amount of other browsers I have open.

Have those sort of ads stopped now?

 

[Lexul01]

And me i have problems with ads, my bitdefender detect from here malware...but i have adblock + protections malware and antivirus... Administrators, should be fix that ads.

 

[Medw1311]

And me i have problems with ads, my bitdefender detect from here malware...but i have adblock + protections malware and antivirus... Administrators, should be fix that ads.

Has this just occurred in the last 1 hour?

 

[DCDev]

No. Evertime I refresh this browser Norton flags a threat block. Same message.

I am also checking my applications based on the thread I shared and checking for any dodgy installs these ads may have done, even though I have them auto blocked each time, one could have slipped through.

 

[Lexul01]

Has this just occurred in the last 1 hour?

That problem start to 2-3 days ago...

 

[slvrsteele]

No. Evertime I refresh this browser Norton flags a threat block. Same message.

I am also checking my applications based on the thread I shared and checking for any dodgy installs these ads may have done, even though I have them auto blocked each time, one could have slipped through.

Would you please try open an incognito window on another browser?

 

[Medw1311]

No. Evertime I refresh this browser Norton flags a threat block. Same message.

I am also checking my applications based on the thread I shared and checking for any dodgy installs these ads may have done, even though I have them auto blocked each time, one could have slipped through.

Hmm strange, let me know if this is still happening in 30 - 60 minutes time.

That problem start to 2-3 days ago...

And have you experienced it in the last 1 hour as that was when I changed ad networks.

 

[DCDev]

Tried on DuckDuckGo which I dont use for Bibiato and Norton kicked in without me even loggin in.

 

[DCDev]

I had the same problem, I kept getting a malwarebytes warning... I had been dealing with that for days, but since I use adblock I didn't care.

At this moment I no longer get any warnings.

I have a feeling mine had been the same but as you said it auto blocks the threat. But since I have now seen where it is coming from it was only fair to share my experience and warn the devs before someone actually gets the crap that comes from it.

I still get the warning through Norton each time I refresh the page or view the site on any browser I use. I could ask Norton to hide this warning from me but then I wouldn't be able to help out if something else crept up.

 

[DCDev]

Hmm strange, let me know if this is still happening in 30 - 60 minutes time.

And have you experienced it in the last 1 hour as that was when I changed ad networks.

I would say its been like this for a few days, but didnt take it seriously as norton was doing its job. On;y when I noticed it was coming from this site I have now shared my experience. Others seem to have had a simialr experience.

Hopefully you guys crack down on what is happening. I have tried it on all browsers known to mad, even Tor and Norton still flags it. I dont even have to log in.

 

[Medw1311]

I would say its been like this for a few days, but didnt take it seriously as norton was doing its job. On;y when I noticed it was coming from this site I have now shared my experience. Others seem to have had a simialr experience.

Hopefully you guys crack down on what is happening. I have tried it on all browsers known to mad, even Tor and Norton still flags it. I dont even have to log in.

Looks like possible caching issues from when we were testing monetag then. I've removed them now today though.

 

[slvrsteele]

I would say its been like this for a few days, but didnt take it seriously as norton was doing its job. On;y when I noticed it was coming from this site I have now shared my experience. Others seem to have had a simialr experience.

Hopefully you guys crack down on what is happening. I have tried it on all browsers known to mad, even Tor and Norton still flags it. I dont even have to log in.

Few days ago a new ad provider was tested but it was proven to be way too intrusive and was disabled.
! hour ago ad provider was changed but it seems that there still is cache with previous ad provider code.
It will take a while till previous cached entries expire and new cache is stored.

Do try in about 20-30 minutes and see if it happens the same. Also please remove babia.to from norton entries if it was added to permanent block list

 

[DCDev]

Few days ago a new ad provider was tested but it was proven to be way too intrusive and was disabled.
! hour ago ad provider was changed but it seems that there still is cache with previous ad provider code.
It will take a while till previous cached entries expire and new cache is stored.

Do try in about 20-30 minutes and see if it happens the same. Also please remove babia.to from norton entries if it was added to permanent block list

Good job guys, nice to know we have found what is the cuase.

I will clear anything related to babiato from Norton and see how things are in the next hour. It migh be a case of anyone else to clear their browser cache as well.

Will update you soon.

Tried again, clean cache and get the following advert now.

I will try again in the morning guys just in case your server cache is a little behind.

 

[abda53]

Currently getting spamware redirects off of babiato

 

[Medw1311]

Currently getting spamware redirects off of babiato

Have you done the actions recommended by staff in previous posts?