Author Topic: Site flagged for malware (mauiblogger.net), help needed  (Read 10482 times)

0 Members and 1 Guest are viewing this topic.

411ashish

  • Guest
Site flagged for malware (mauiblogger.net), help needed
« on: August 07, 2013, 05:15:57 AM »
A few users of my site (411mania.com) who use Avast have told me that they get a warning when trying to access the site. The warning message that comes up for a user of mine is:

"MALICIOUS URL BLOCKED"
avast! Network Shield has blocked a harmful site
Object: http.//cdn.mauiblogger.net/k
Infection: URL:Mal
Target Process: Firefox

As far as I know, no other blocker, nor Google, has marked the site for malware. Google is usually all over me anytime a malware issue comes up, and I have not heard anything from them about this (and this issue has been going on for days on Avast, so it's not a new issue).

Any help on how I can fix this issue on avast would be appreciated. I feel like it's a false positive because I cannot find anything about the mauiblogger.net domain, nobody else is marking the site as suspicious, and I can't find anything unusual in my code. It might be something come through via the ads, but I use only well established ad companies like AdSense, Tribal Fusion, etc.

If anyone has any input on this, I'd appreciate it.

Thanks!

411ashish

  • Guest
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #1 on: August 07, 2013, 05:47:19 AM »
Also just to add a bit more info:

I downloaded Avast for Mac and do not get any warning when accessing the 411mania.com site. So it appears only PC users using Avast get the warning. I also removed all the ads from a test page and had one of the users who is getting the warning access it, and he still got the warning.

Any input would be appreciated. Thanks!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #2 on: August 07, 2013, 08:15:53 AM »
URL:mal is not infected but means that the url is on a black list

and this can be the reason why.  (411mania.com).    http://urlquery.net/report.php?id=4423784

Intrusion Detection Systems.
Suricata /w Emerging Threats Pro   
2013-08-07 08:09:39    212.124.126.7    urlQuery Client   3   ET RBN Known Russian Business Network IP (162)
 
Wikipedia. Russian Business Network    http://en.wikipedia.org/wiki/Russian_Business_Network





if you think this is wrong, report it here here: http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply


« Last Edit: August 08, 2013, 09:37:39 PM by Pondus »

411ashish

  • Guest
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #3 on: August 08, 2013, 09:07:32 PM »
Thanks for the reply Pondus. Any idea how I can solve the issue? All my ad companies are claiming that none of their advertisers have anything to do with that domain, and I can't find anything else in my code that would cause something from that domain to load on my site. It's really puzzling to me and I'm running out of ideas on how to solve the problem for Avast users.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5710
  • Spartan Warrior
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #4 on: August 08, 2013, 10:22:01 PM »
Well, here:  http://zulu.zscaler.com/submission/show/8c76b8eb17ddc36eeadee40e24fb67df-1375991351

zulu is not completing scan for 411 site, but downforeveryoneorjustme is reporting site as live.

See attached:

I'd check for nested redirects within your site as this block occurred two seconds after loading the webpage when visiting by using scanned links from zulu.
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #5 on: August 08, 2013, 10:29:49 PM »
I get either the server did not accept my request, or an invalid URL was passed. The error code returned was:

Code: -2147012894
Description: The operation timed out
Server Response:
Description: unknown response code
Issue with malicious software includes 12 scripting exploit(s).
Recently MALWARE-OTHER TDS Sutra - redirect received IDS alert.
Malicious software is hosted on 1 domain(s), including luminate.com/.

This site was hosted on 1 network(s) including AS27357 (RACKSPACE).
Webrep OK: http://www.webutation.net/go/review/411mania.com
Clean here: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2F411mania.com#tab1

Quttera detects potential suspicious file:
tags.expo9.exponential.com/tags/411maniacom/ROS/tags.js
Severity: Potentially Suspicious
Reason: Suspicious JavaScript code injection.
Details: Procedure: + has been called with a string containing hidden JavaScript code <script> var e9 = new Object(); e9.snackbar=true; e9.snackbarclose=;e9.size="";</script>.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #6 on: August 08, 2013, 10:40:12 PM »
Going there with NoScript and RequestPolicy active in the browser, I now no longer get a avast shield alert,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

411ashish

  • Guest
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #7 on: August 08, 2013, 11:28:39 PM »
Thanks again for your help. The code they are labeling as suspicious is the Tribal Fusion ad code. Tribal Fusion is one of the largest and most reputable ad companies in the country and I've been using them for 10+ years with no issues. Really strange. So you guys think the source of the issue is the ad code identified here?:

Quttera detects potential suspicious file:
tags.expo9.exponential.com/tags/411maniacom/ROS/tags.js
Severity: Potentially Suspicious
Reason: Suspicious JavaScript code injection.
Details: Procedure: + has been called with a string containing hidden JavaScript code <script> var e9 = new Object(); e9.snackbar=true; e9.snackbarclose=;e9.size="";</script>.

That code is just their standard ad code.

411ashish

  • Guest
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #8 on: August 08, 2013, 11:36:10 PM »
I went into the Tribal Fusion ad system and blocked all ads from mauiblogger.net and mauiblogger.com. Do you guys still get a warning when visiting 411mania.com?

The issue is really weird because Norton and Google have no issues at all with that ad code or anything else on 411mania.com. As far as I know, only users using the PC version of Avast have the issue (Avast on Mac doesn't give me any warnings).

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5710
  • Spartan Warrior
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #9 on: August 08, 2013, 11:54:23 PM »
Block still active when visiting 411.  Exact same message as before, indicating source is mauiblogger.net/k

[EDIT:]  Just because you've no problems with Tribal Fusion in the past does not mean that network cannot be hacked/infected in the future.
« Last Edit: August 08, 2013, 11:56:52 PM by mchain »
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

411ashish

  • Guest
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #10 on: August 09, 2013, 12:34:05 AM »
Thanks mchain. As a test, I've removed the Tribal Fusion (expo9) tags entirely from one page. Can you let me know if you still get a warning when visiting this page:

http://www.411mania.com/games

That will at least tell me if those tags are infact the issue or if it is something else.

Thanks,
Ashish

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #11 on: August 09, 2013, 12:45:01 AM »
I am getting no Alert from Avast. ;D
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

411ashish

  • Guest
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #12 on: August 09, 2013, 01:02:55 AM »
Thanks Steven. Do you still get the alert on 411mania.com? If you get it on 411mania.com but don't get it on 411mania.com/games, that would confirm the issue is with the ads.

Thanks,
Ashish

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #13 on: August 09, 2013, 01:42:17 AM »
NoAlert on both sites. ;D
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

411ashish

  • Guest
Re: Site flagged for malware (mauiblogger.net), help needed
« Reply #14 on: August 09, 2013, 08:09:52 AM »
My users who use Avast continue to say that they get the warning. I tested pulling all the ads from the site and still got this issue from urlquery.net:

Intrusion Detection Systems
Suricata /w Emerging Threats Pro    No alerts detected
Snort /w Sourcefire VRT   
Timestamp   Source IP   Destination IP   Severity   Alert
2013-08-09 08:05:02    174.122.149.143    urlQuery Client   1   MALWARE-OTHER TDS Sutra - redirect received

http://urlquery.net/report.php?id=4458074

I've since put the ads back up since they aren't the cause. One ad was causing the earlier warning involving the Russian Business Network IP but I removed that.

I'm at a real loss here. I tried contacting Avast directly but nobody replied.