avast blacklisted my domain (false positive)

Hello,

I’m the owner of zazazizoo.com. Avast blacklited my website. The website is a banner and pop-under traffic trading site. All traffic we trade is distributing through the website.
My admin already send you request via contact webform 3 days ago but have no answer.
How could I remove my website from your blacklist?

Thanks,
Oleg

urlquery report. http://urlquery.net/report.php?id=8348013
see IDS alert by Suricata filter
IP listed to be on ET RBN Known Russian Business Network IP group

Russian Business Network. http://en.wikipedia.org/wiki/Russian_Business_Network

My proxy blocked that site. That’s saying something. Jeez

Another domain on the same IP → Up(nil): unknown_html RIPE GB abuse at hqhost dot net 80.77.81.45 to 80.77.81.45 ahherwebcams dot com htxp://ahherwebcams.com/?id=campaw might be causing an avast! general malware block
Sites are IDS flagged as “ET RBN Known Russian Business Network IP group 355”.

polonus

P.S. If you insist it is a false negative 8), you ask for a continued blocking.
If you report a false positive (detection), you ask an avast team member to exclude your domain from the general IP block.
It is all up to an avast! team member responsible for the unblocking. We are just support forum volunteers.
I saw that your site is still under construction, so that means we don’t know what it is going to be up there - maybe a false negative ;D ;D

polonus

Thanks all of you for your messages.
P.S. I’ve changed name of subject.

Hi oleg _ph,

Reported your site for domain exclusion from the more general IP block, going there with the upcoming update,

с уважением,

polonus

Dziękuję polonus ;),

Do I understand youк message correctly? There will be possibility to remove from blacklist if I take IP from other network.

Well they can also exclude your domain on that IP, but that as I said is up to an avast team member, and I am not,
I just reported the issue, Just wait and see.

polonus

I have changed IP of domain to other one. So hope it could help.
What do you think polonus?

that URL still comes up With same IP http://urlquery.net/report.php?id=8378689

Indeed there is no other IP than htxp://zazazizoo.com = 80.77.81.45
Up(nil): unknown_html RIPE GB abuse at hqhost dot net 80.77.81.45 to 80.77.81.45 ahherwebcams dot com htxp://ahherwebcams.com/?id=campaw
Nothing here: http://www.dailychanges.com/zazazizoo.com/
When I go to nameserver here, I get: [t3] Error Message: The URL you have typed is either incorrect or has been changed. Please contact our Support desk if you continue to get this error. Please file a support request with the entire error message
http://www.dailychanges.com/foundationapi.com/#transferred-in

Something is phishy there 8)

polonus

Polonus, there is no any phishy. Tomorrow new IP didn’t resolve so fast as I expected.
Now is new IP:
http://urlquery.net/report.php?id=8389960

Hi Oleg,
I just unblocked the domain, it should be unblocked in the next update.
Honza

Hello HonzaZ,

Our domains zazazizoo.com and ads.zazazizoo.com appeared in blacklist again :frowning:
We had banned our advertiser who redirected users to harmful code via his affiliate program. We suppose that domains zazazizoo.com and ads.zazazizoo.com appeared in blacklist because of him.
Now it should be clean. Please recheck.

Thanks,
Oleg

Site seems safe: http://www.scamvoid.com/check/zazazizoo.com & ThreatSTOP: There are no threats here
And is no longer being blocked by avast!

polonus

Hi,
zazazizoo.com was blocked due to this redirection (snip from fiddler):
hxxp://ads.zazazizoo.com/ads/aff2.php?adv=607&cb=1
hxxp://s3.amazonaws.com/cdn.socialtwist.com/getScriptJS.js
hxxp://ads.zazazizoo.com/ads/js/f2.js
hxxp://ads.zazazizoo.com/ads/aff2.php
hxxp://ads.zazazizoo.com/ads/aff2.php
hxxp://ad-rotation.net/vigrx/adv/index2.php?adv_id=21
hxxp://bsfcuitcijferingen.iphonemakeovers.com/24zoujsbvu

OR:
hxxp://ads.zazazizoo.com/ads/aff.php
hxxp://hit-traffic.com/vigrx/adv/index.php?adv_id=21
hxxp://velrenommerthaliwell.sexymojo.biz/kt9tb24m80

This zazazizoo.com really stinks, as this is definitely not the first redirection to EKs from this site. I am strongly against unblocking it.
Honza

Hello,

False positive ? => lol

In December, you were malvertizing for Urausy : http://forum.avast.com/index.php?topic=142809.msg1058009#msg1058009
Now Urausy affiliation is dead, you are malvertizing for Reveton : http://www.malekal.com/2013/10/14/reveton-malvertising-campaign/2/

You have disable malicious redirection today and create hxxp://ads3.zazazizoo.net
it’s blacklisted on VT.
(and i know you have an other domain clone).

Dont contact me to explain, it’s a client blah blah blah, I dont want to lose my time with you.

I get some all green on various recommended scannings (Sucuri - Web Security Test). Reported initial issues here: http://forum.avast.com/index.php?topic=142809.0 (only with a decent script blocker and adblocker in Google Chrome).

@Michael. Malekal_morte is a known French security researcher, we can certainly take this guy’s remarks seriously and you have to pay respect to this sort of experts, else they will treat you with some “disdain”.

@Malekal_morte. As you saw from my initial report here, the site was started to launch ad-banner services from the start and when it later classifies in the realm of unwanted adware, we should not be over-exited about that as this was to be expected :smiley:
The IP migration was also to be expected - see MX virus watch reports. Seems that malware is now dead!

Damian

Malek,

I’ve deleted my original post. Sorry. I did not know you had a lot of experience in the field. However, please keep the arrogrance to yourself and not publicly post messages like “I don’t have time to waste on you.” or from your comment, "
Dont contact me to explain, it’s a client blah blah blah, I dont want to lose my time with you." They are not needed and children visit these forums.

@Michael (alan1998) : They are russian, i have all the proofs about this.
I said that because it’s always the same stupid game.
You ban the fake ads company and they contact antivirus to cry “we are legitim blablablalba, it’s not our fault, it’s a customer blah blah” but they are fake and only created to spread malware.
That made at least 2 mouths, they are spreading malvertising.

Avast! has removed the blacklist and now the malicious redirection is enable again :