Accessing the page hxtp://chessarbitersassociation.co.uk/html/laws.html (or any page on that site), causes Avast to alert that a threat has been detected. It seems to object to hxtp://www.watchmytraffic.com/ … very long hex number … /counter.img?theme
However, I contacted the owners of this site, and they reassure me that there is no problem.
Have looked at this more closely. Basically the page seems to access wxw.watchmytraffic.com. Any attempt to access wxw.watchmytraffic.com triggers Avast’s network shield. Can’t seem to find any information about this site on the web. Help, please!
if you think the block is wrong, report it here http://www.avast.com/contact-form.php (select subject according to Your case)
you may add a link to this topic in case they reply here
I do not know why avast has problems with this site.
General insecurities: https://asafaweb.com/Scan?Url=www.watchmytraffic.com
I think it is the same issue that is being alerted in another thread here for: apis.google.com//scs/apps-static//js/k=oz.gapi.US.GHsxhfTekA0.O/m=unsupported/rt=j/sv=1/d=1/ed=1/am=EQ/rs=AItRSTOy15VI10uyl9vKgAUpXrSwJETA/cb=gapi.0 benign
… and all of his webpages. According to my avast! pop-up warnings, they all have the watchmytraffic counter.
I was able to send the owner of those pages a message about the Zaccess counters using google+. A little googling shows that Zaccess delivers a backdoor to users’ computers that can be used to turn them into zombies.
If he writes back, I’ll remember to use the word “Trojan.”
Thanks to Milos for specifying what type of danger lurks within watchmytraffic.
On the original website reported there is also rollover.js script vulnerable to code injection via document.writeln etc.
In 2014 an iFrame that seamlessly redirected browsing users to an exploit was buried in one of the Javascript files that were served by the web server specifically at hxxp://www.hatobus.co.jp/js/rollover.js." So such malware schemes are definitely probable (note from me, pol).
With non-properly parsed URLS there onmouseover is XSS-exploitable.
XSS-Dom Results from scanning URL: htxp://chessarbitersassociation.co.uk/assets/rollover.js
Number of sources found: 17
Number of sinks found: 6
polonus (volunteer website security analyst and website error-hunter)