False Positive?

Accessing the page hxtp://chessarbitersassociation.co.uk/html/laws.html (or any page on that site), causes Avast to alert that a threat has been detected. It seems to object to hxtp://www.watchmytraffic.com/ … very long hex number … /counter.img?theme

However, I contacted the owners of this site, and they reassure me that there is no problem.

Advice, anyone?

and what does avast say? … a screenshot of the popup would help

see here under Recent reports on same IP/ASN/Domain (IP 146.255.37.1) http://urlquery.net/report.php?id=8091021
Three URLs with alerts that use same IP

one With Detected malicious iframe injection http://urlquery.net/report.php?id=8005613 / http://sitecheck.sucuri.net/results/sargisknyazyan.com/
Intrusion Detection Systems : two URL found that give Suricata filter alert http://urlquery.net/report.php?id=7878816 / http://urlquery.net/report.php?id=7697086

the first one is Blacklisted by
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=sargisknyazyan.com
http://www.siteadvisor.com/sites/sargisknyazyan.com
http://www.yandex.com/infected?url=sargisknyazyan.com&l10n=en

Relevant part of screenshot attached.

You can, of course reproduce this for yourself, simply by opening the URL.

Have looked at this more closely. Basically the page seems to access wxw.watchmytraffic.com. Any attempt to access wxw.watchmytraffic.com triggers Avast’s network shield. Can’t seem to find any information about this site on the web. Help, please!

if you think the block is wrong, report it here http://www.avast.com/contact-form.php (select subject according to Your case)
you may add a link to this topic in case they reply here

Problem resolved. Site owner has removed the counter. Avast now happy.

Topic can be closed.

I do not know why avast has problems with this site.
General insecurities: https://asafaweb.com/Scan?Url=www.watchmytraffic.com
I think it is the same issue that is being alerted in another thread here for:
apis.google.com//scs/apps-static//js/k=oz.gapi.US.GHsxhfTekA0.O/m=unsupported/rt=j/sv=1/d=1/ed=1/am=EQ/rs=AItRSTOy15VI10uyl9vKgAUpXrSwJETA/cb=gapi.0 benign

polonus

Hello,
on the watchmytraffic.com there are fake Zaccess counters.

Milos

http://homeopathy-forall.blogspot.com

… and all of his webpages. According to my avast! pop-up warnings, they all have the watchmytraffic counter.

I was able to send the owner of those pages a message about the Zaccess counters using google+. A little googling shows that Zaccess delivers a backdoor to users’ computers that can be used to turn them into zombies.

If he writes back, I’ll remember to use the word “Trojan.”

Thanks to Milos for specifying what type of danger lurks within watchmytraffic.

Hi Paul McKeown,

On the original website reported there is also rollover.js script vulnerable to code injection via document.writeln etc.
In 2014 an iFrame that seamlessly redirected browsing users to an exploit was buried in one of the Javascript files that were served by the web server specifically at hxxp://www.hatobus.co.jp/js/rollover.js." So such malware schemes are definitely probable (note from me, pol).
With non-properly parsed URLS there onmouseover is XSS-exploitable.
XSS-Dom Results from scanning URL: htxp://chessarbitersassociation.co.uk/assets/rollover.js
Number of sources found: 17
Number of sinks found: 6

polonus (volunteer website security analyst and website error-hunter)

P.S. For the watchmytraffic counter malware read: http://jira.jtalks.org/browse/JC-1553

D