Avast WEBforum
Other => Viruses and worms => Topic started by: boffin13 on August 05, 2021, 01:09:59 PM
-
Hello,
Several weeks ago my domains started to get blocked due URL:Mal threat.
Each time I tested the domains with different other antiviruses and found nothing.
Then I filled false-positive form and after some time the domain's reputation was cleared by Avast team.
Is it possible to receive more information about why the block of the domains were issued at all?
I think that this because one of advertisers but I need more information to detect problematic one to disable it.
Where can I get it?
The reference IDs of several last tickets:
#13743151 / ref:_00Db0Z3Sf._5005p2WRgNg:ref <--- this one was cleared today
Tickets from some time ago:
#13725708 / ref:_00Db0Z3Sf._5005p2WRCyy:ref
#13689837 / ref:_00Db0Z3Sf._5005p2VCZZD:ref
-
Hello,
I am writting again to this topic because since my last post we have several more alerts from avast which resulted in site being closed with URL:Scam message.
After submitting false-positive form the alert was cleared and false positive confirmed but no other information about what happened and how we can prevent future problems was provided.
Here are reference IDs of these confirmed false positive reports:
#13656161 ref:_00Db0Z3Sf._5005p2VBNp7:ref
#13745447 ref:_00Db0Z3Sf._5005p2WRl4J:ref
#13743151 ref:_00Db0Z3Sf._5005p2WRgNg:ref
#13855818 ref:_00Db0Z3Sf._5005p2WsFg4:ref
#13865482 ref:_00Db0Z3Sf._5005p2WsXcG:ref
#13929101 ref:_00Db0Z3Sf._5005p2XrCHV:ref
#14044880 ref:_00Db0Z3Sf._5005p2Xuf27:ref
The last one happened two days ago.
The patterns is all the same.
Site marked as URL:Scam => we are scanning the site and the advertisers and nothing is found => we are reporting false-positive => false positive confirmed by avast, alert is disabled and the site's reputation is cleared.
Each time the ONLY reply we receive is that the reputation is cleared and no information is provided about WHAT caused the problem.
We are struggling to keep our sites very clean to provide best user experience.
However it's very difficult to operate when about once a week sites are marked as URL:Scam and then cleared as false positive.
If we were given any additional info - we would tune our ads to prevent such cases in the future.
But right now - our users and our partners are affected and there is nothing we can do about it.
Please assist!
-
You could report your site here: https://www.avast.com/report-malicious-file.php
Wait for a final verdict from avast's.
I could say something about a 3rd party cold recon analysis of the site and accordingly error-hunting,
but as you do not mention the site in question, that is hard for me to do.
polonus (volunteer 3rd party cold reconnaissance website security-analyzer and website error-hunter)
-
>> You could report your site here: https://www.avast.com/report-malicious-file.php
But it can help me? The form just say "thank you for reporting your site. we will check" and again. No information.
Let me describe the process again:
My domain is banned because of some malicious advertiser. Say my domain is domain.com load ad with URL ad-broker.com which redirects multiple times and finally arrives to some malicious-ad.com
Because of these redirects - my domain is banned. So two questions:
1. WHY my domain is banned and not the domain malicious ad was served from?
2. WHY avast doesn't provide ANY information about how he arrived to this malicious ad (i mean whole redirect chain) so i'll be able to ban the broker or to ban the advertiser to prevent similar cases in the future?
>> I could say something about a 3rd party cold recon analysis of the site and accordingly error-hunting,
>> but as you do not mention the site in question, that is hard for me to do.
The domains in question are:
1. xtits.xxx
2. xozilla.xxx
3. analdin.xxx
If you can provide more information about why these domains had multiple false-positives (in my prev message I've listed all ref IDs of the tickets) it would help immensely. Thank you.
-
>> You could report your site here: https://www.avast.com/report-malicious-file.php
But it can help me? The form just say "thank you for reporting your site. we will check" and again. No information.
<snip>
Normally you should get a response within 48 hours.
So to start with we Avast users, can't say why it would be blocked/alert as we don't have any screenshot of the alert to work with.
What I will say is that none of the p o r n sites you listed is alerted on by Avast.
-
Hi boffin13,
The only suspicious flag for this came from Quttera's at VT, but a detailed report now gives it the all green:
https://quttera.com/detailed_report/xozilla.com
Also clean: https://sitecheck.sucuri.net/results/xozilla.xxx
Also take this up with DataWeb Global Group B.V. the hoster of mentioned sites at 31.220.24.117
Consider these vulnerabilities - outdated scripts:
see: https://snyk.io/test/website-scanner/?test=211002_BiDcRW_dafe1c6c0d65a45c7858ef1971260139
Also see the pdf and report here: https://www.immuniweb.com/websec/www.xozilla.com/kZMss68a/
Have a nice new week, you all,
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)