Advertising URL is in malicious list by mistake

Hello,

I’m representative of Games Banner Net company. We are online advertising agency.
We got alerts from our partners that Avast antivirus blocks our advertising code from exposing to users who use Avast product saying ‘malicious URL blocked’ (ads.gamesbannernet.com)
Who can help me with and how can I contact Avast support? They don’t reply to my tickets.
http://i.minus.com/ibhcFBKWRAJNWq.jpg

According resources I have malware launched from there was closed down or dead since: 2011-03-07 19:24:21 flagged as unknown_html malware.
See: htxp://zulu.zscaler.com/submission/show/073551b6d56537f6071870d3620093df-1335386245
Whenever you like to report a false positive, do that here: http://www.avast.com/contact-form.php?loadStyles

polonus

Zulu says risky IP Address: http://zulu.zscaler.com/submission/show/787f58efc8b4f9708d5f3535cf04d30f-1335386813

Now because you’re the only site on the IP address, your site appears to be ‘risky’.

Webutation gives 40/100: http://www.webutation.net/go/review/ads.gamesbannernet.com
Most likely because of the comments and ratings given here: http://www.mywot.com/en/scorecard/ads.gamesbannernet.com

Also see: http://urlvoid.com/scan/ads.gamesbannernet.com/
hpHosts has an issue. See: http://hosts-file.net/?s=ads.gamesbannernet.com
“PSH - sites engaged in Phishing”

It is no surprise that an advertising site is given as a phishing domain. The reviews from 2011 on WOT suggests that your site contained some sort of ethical issue at the time. Was there a way to redirect by using url writing? e.g: myurl.com/url=redirect-to-this.com or did the site contain malicious content before?

If you are sure that your advertising network is safe and does not participate in malicious activity, you can report a false positive to avast here:
http://www.avast.com/contact-form.php?loadStyles

Thanks for your detailed reply.
The problem is that we have already posted to the given URL and they don’t reply to us.

Regarding services that rate domains, are they really significant?
I mean their calculating algorithm nontransparent and not all sites can be rated correctly.
For instance, our corporate site visit not so much users and it means that even two-three bad reviews from competitors on WOT may break the whole reputation.

They should never be taken at face value, especially alone. Using many separate references together can create a more honest picture.

You mentioned you tried (and failed) to clear this up via the ticket system, but go ahead and use that contact form previously linked if you have not yet, people in your position tend to get better results that way.

The avast! team usually does not reply to those who submit false positives.

1. They can tell their stories.
2. That is true, but it is better than nothing. Most of the time it is correct.
3. WOT is completely user-based; I was just using the review as a possibility that your site hosted malicious elements during that time-frame when the user posted the comment. Polonus states that the malware on your site died around “2011-03-07 19:24:21”, so we can assume that your site indeed had an issue that was fixed.

And what do others do in this case, do you know? If you lose money and your reputation suffers this is pretty odd to get no response from Avast.

Actually, after I started a ticked I wrote them to support@ and the provided link and one of my emails was posted automatically to the original ticket. Will try the provided link once again, thanks for advice.

Hi versatilizer,

There were four instances of this malware now either “dead” or "closed"originating from 208.76.170.140 and the url htxp://ads.gamesbannernet.com/servlet/ajrotator/436566/0/vh?z=gbn&dim=119&nocache=931465&referer=htxp%3A//playdrom.com/cag
first two instances spread malware for 3.4 hrs, the latter two instances lasted for 7 hours, first two were closed, latter two now dead (response).
I assume that is why avast has blocked it. When they feel they can release the block, they might do that with a coming update.
That is only for the avast analysts to decide, IP 208.76.170.139 was also found to have this malware that was closed after 3.4 hrs.
Now given as benign here: http://zulu.zscaler.com/submission/show/9a222638f4e26c8c3123bea7ef89c5d9-1335393256
But still the IP has been identified as risky by one/more sources, but benign patterns were found,
Those that host mentioned IPs should keep malware infections at bay see: http://hosts-file.net/?s=208.76.170.140 → flagged for Phishing scams
IP PTR: Resolution failed means very bad practices

polonus