Author Topic: avast blacklisted my domain (false positive)  (Read 12191 times)

0 Members and 1 Guest are viewing this topic.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: avast blacklisted my domain (false positive)
« Reply #15 on: February 10, 2014, 02:42:16 PM »
Hi,
zazazizoo.com was blocked due to this redirection (snip from fiddler):
hxxp://ads.zazazizoo.com/ads/aff2.php?adv=607&cb=1
hxxp://s3.amazonaws.com/cdn.socialtwist.com/getScriptJS.js
hxxp://ads.zazazizoo.com/ads/js/f2.js
hxxp://ads.zazazizoo.com/ads/aff2.php
hxxp://ads.zazazizoo.com/ads/aff2.php
hxxp://ad-rotation.net/vigrx/adv/index2.php?adv_id=21
hxxp://bsfcuitcijferingen.iphonemakeovers.com/24zoujsbvu

OR:
hxxp://ads.zazazizoo.com/ads/aff.php
hxxp://hit-traffic.com/vigrx/adv/index.php?adv_id=21
hxxp://velrenommerthaliwell.sexymojo.biz/kt9tb24m80

This zazazizoo.com really stinks, as this is definitely not the first redirection to EKs from this site. I am strongly against unblocking it.
Honza

Malekal_morte

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #16 on: February 10, 2014, 03:51:52 PM »
Hello,

False positive ? => lol


In December, you were malvertizing for Urausy : http://forum.avast.com/index.php?topic=142809.msg1058009#msg1058009
Now Urausy affiliation is dead, you are malvertizing for Reveton : http://www.malekal.com/2013/10/14/reveton-malvertising-campaign/2/

You have disable malicious redirection today and create hxxp://ads3.zazazizoo.net
it's blacklisted on VT.
(and i know you have an other domain clone).

Dont contact me to explain, it's a client blah blah blah, I dont want to lose my time with you.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33933
  • malware fighter
Re: avast blacklisted my domain (false positive)
« Reply #17 on: February 10, 2014, 05:28:17 PM »
I get some all green on various recommended scannings (Sucuri - Web Security Test). Reported initial issues here: http://forum.avast.com/index.php?topic=142809.0 (only with a decent script blocker and adblocker in Google Chrome).

@Michael. Malekal_morte is a known French security researcher, we can certainly take this guy's remarks seriously and you have to pay respect to this sort of experts, else they will treat you with some "disdain".

@Malekal_morte. As you saw from my initial report here, the site was started to launch ad-banner services from the start and when it later classifies in the realm of unwanted adware, we should not be over-exited about that as this was to be expected  :D
The IP migration was also to be expected - see MX virus watch reports. Seems that malware is now dead!

Damian
« Last Edit: February 10, 2014, 05:30:40 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: avast blacklisted my domain (false positive)
« Reply #18 on: February 10, 2014, 08:23:04 PM »
Malek,

I've deleted my original post. Sorry. I did not know you had a lot of experience in the field. However, please keep the arrogrance to yourself and not publicly post messages like "I don't have time to waste on you." or from your comment, "
Dont contact me to explain, it's a client blah blah blah, I dont want to lose my time with you." They are not needed and children visit these forums.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Malekal_morte

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #19 on: February 10, 2014, 09:50:36 PM »
@Michael (alan1998) : They are russian, i have all the proofs about this.
I said that because it's always the same stupid game.
You ban the fake ads company and they contact antivirus to cry "we are legitim blablablalba, it's not our fault, it's a customer blah blah" but they are fake and only created to spread malware.
That made at least 2 mouths, they are spreading malvertising.

Avast! has removed the blacklist and now the malicious redirection is enable again :


« Last Edit: February 10, 2014, 09:52:59 PM by Malekal_morte »

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: avast blacklisted my domain (false positive)
« Reply #20 on: February 10, 2014, 10:27:04 PM »
Malek,

That's fine. It shouldn't matter whether he is scamming or not. Whether he is crying or not. You ought not to be ruse. I could care less if you are the President of the USA or god. You cannot be rude. I will contact Milos about this thread and have them re-blacklist it.

@Michael (alan1998) : They are russian,

I understand the RBN and all that. But just because He/she is Russian should not be a main concern.
« Last Edit: February 10, 2014, 10:34:12 PM by Michael (alan1998) »
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33933
  • malware fighter
Re: avast blacklisted my domain (false positive)
« Reply #21 on: February 10, 2014, 11:43:34 PM »
Hi Malekal_morte,

We know this is business as usual from malvertising RBN. They always seem to comply and then move shop to go on with their business as usual.
Just check the mitigation reports and we have seen it as an ongoing malvertising circus.  :D
In this respect I can only fully agree with you - fake av inserting blackhat clickfraud and quite profitable as such.

@Michael - Well Russians are very sympathetic, openhearted, hospitable people, only the over 500 RBN cybercrime IP groups harbour another population,
and yes I agree they aren't all Russians by origin.

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Malekal_morte

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #22 on: February 11, 2014, 10:01:12 AM »
There are big chances that it's the same group involve in Urausy SWF malvertising on pornebros.
=> http://www.malekal.com/2013/07/31/en-urausy-adultfriendzfinder-malvertising-banner
« Last Edit: February 11, 2014, 10:12:38 AM by Malekal_morte »

Malekal_morte

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #23 on: February 11, 2014, 10:28:43 AM »
angry ? :)


Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: avast blacklisted my domain (false positive)
« Reply #24 on: February 11, 2014, 11:10:39 AM »
Makel,

Are you seriously DoS'ing him? You've been reported was well as your post to be removed and possibly banned.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Malekal_morte

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #25 on: February 11, 2014, 11:23:21 AM »
no, the logs are from my website.
it's them that DoSing me, if we can call that a DoS.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: avast blacklisted my domain (false positive)
« Reply #26 on: February 11, 2014, 11:26:58 AM »
Oh, I understand the concept, but don't know who is DoS'ing who. Sorry, will remove my warnings. Btw, if he is DoS'ing you, he is completely failing. I have no issues connection to your website.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Malekal_morte

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #27 on: February 11, 2014, 12:03:06 PM »
yes, this is complety useless.

Malekal_morte

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #28 on: February 12, 2014, 09:34:12 AM »
40 mbps is still script kiddie way !

ads3.zazazizoo.net to bypass detection ? :)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33933
  • malware fighter
Re: avast blacklisted my domain (false positive)
« Reply #29 on: February 12, 2014, 03:24:12 PM »
Hi Malekal_morte,

Smut servingTDS Sutra alerts and !no warranty on actuality or correctness!
And is succeeding in circumventing scan detection: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fads3.zazazizoo.net
They also fool http://www.websicherheit.at/ scans!
But not able to fool them all: https://kraken.virustracker.info/ -> ads3.zazazizoo.net,88.214.225.178,,Criminals,
where Criminals denote nothing more and less than "up and with active malware"  ;)  "adware" in Apopka!
external links to htxp://e1.static.hoptopboy.com/ and exotic blocked site like: htxp://static.awempire.com/ban
very poor web rep for external link: wXw.lsawards.com as known content spammer - adult content: https://www.mywot.com/en/scorecard/lsawards.com?utm_source=addon&utm_content=popup-donuts
Into banner-ads, IDS for "ET CURRENT_EVENTS TDS Sutra - request in.cgi"
See: http://urlquery.net/report.php?id=9242353
Nice AS  ::) -> http://support.clean-mx.de/clean-mx/viruses?as=AS46636  (Beware smut sites being served up!)
http://jsunpack.jeek.org/?report=6c6b5bd4399cb490de69905670c97fd5f77cfe4a
Stay away and good it is being blocked!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!