Author Topic: Why does get URL:Mal?  (Read 2554 times)

0 Members and 1 Guest are viewing this topic.


  • Guest
Why does get URL:Mal?
« on: October 24, 2012, 11:08:26 PM »
I am a web developer. My client's site get's blocked by Avast Network Shield as URL:Mal. I can't figure out why.

It's not on any unsafe or black lists. I virus/malware scanned it with online scanners, and downloaded all the site files and scanned them with Avast and Malwarebytes. No viruses. I can't figure out why it's getting blocked. Big problem.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76041
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Why does get URL:Mal?
« Reply #1 on: October 24, 2012, 11:23:41 PM »
You can report a possible FP here:
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos):

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88173
  • No support PMs thanks
Re: Why does get URL:Mal?
« Reply #2 on: October 24, 2012, 11:35:17 PM »
Didn't find anything on or, though this shows there are other domains on this IP address, possibly it is a block by IP address and not the domain.

Also clean on this, but that too shows multiple domains on that IP/server one of which has had prior infections.

But this looks a somewhat strange javascript file name /sites/default/files/js/js_a6d24340d6739dd389170a72a8f0cc63.js I trust it is legit ?

- There is an on-line contact form, for:  * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.

- If you are reporting an FP, then you get another input field open, click Browse button and navigate to the file or enter the web URL for the site you wish to submit for review, etc. A link to this topic also wouldn't hurt.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security


  • Guest
Re: Why does get URL:Mal?
« Reply #3 on: October 24, 2012, 11:56:56 PM »
If you go to and scan you will find


If you run a scan on Sucuri of that website it shows the website i..e   xxxx://  has been blacklisted

web site:
status:    Site blacklisted, malware not identified
web trust:          Site blacklisted.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33753
  • malware fighter
Re: Why does get URL:Mal?
« Reply #4 on: October 25, 2012, 12:25:54 AM »
Well done, Nesivos, good analysis. The IDS alert there is INDICATOR-OBFUSCATION Javascript obfuscation - eval\
Avast Web Shield detects this as JS:iframe-TJ[Trj]
Other site with instances of this same javascript malware are still up and active here:
malware status OVERDUE and active at :
 htxp://  (cleansed?)
 htxp:// ->  blacklisted and infected
 htxp://  -> (more instances of various malcode)
 hxtp:// ->  JS-malware instances
 htxp://  form of blackhole:

« Last Edit: October 25, 2012, 12:35:40 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


  • Guest
Re: Why does get URL:Mal?
« Reply #5 on: November 16, 2012, 07:12:11 AM »
Thanks guys. I did the steps recommended. Still waiting to see if the problem gets resolved.

I looked through and scanned with Avast the js file /sites/default/files/js/js_a6d24340d6739dd389170a72a8f0cc63.js
I reported the virus false-positive to avast.
And I requested dreamhost move the hosting to a different ip address. In case another site on the shared ip caused the virus warning.