Flagged website - Game Jolt

Hello everyone,

I am representing the website Game Jolt. A month or so back one of the ad networks were serving up a trojan that Avast has caught. In Avast’s protection they flagged the website’s ad server URL which has caused the owner of the website to take down all of the ads for users to view the website properly.

The owner has emailed Avast directly multiple times and is in desperate need for the ad serving URL to be re-evaluated. What I’m asking is: Is it possible to get the URL re-evaluated and possibly be marked as safe again? The ad network has gotten rid of the trojan ad and all is safe again; we just need the website marked as safe by Avast.

Ad serving URL: http://gamejolt.com/adserver/www/delivery/afr.php

Thanks,
Sean Buller

I am not getting any avast alarm on the URL …

Same here, no alert in either URL, all be it that the adserver URL page is blank, presumably because of what you said.

A month or so back one of the ad networks were serving up a trojan that Avast has caught. In Avast's protection they flagged the website's ad server URL which has caused the owner of the website to take down all of the ads for users to view the website properly.

+1
No flag just nothing there to view.,. ???


Welcome to the forums, UnknownGamer :slight_smile:

It seems all is well now. I also got no alerts from avast! Pro.


Hi Unknown Gamer

Nowhere blacklisted access.redhawk.org b.barracudacentral.org bl.csma.biz
bl.emailbasura.org bl.spamcannibal.org bl.spamcop.net
bl.technovision.dk blackholes.five-ten-sg.com blackholes.wirehub.net
blacklist.sci.kun.nl block.dnsbl.sorbs.net blocked.hilli.dk
cart00ney.surriel.com cbl.abuseat.org dev.null.dk
dialup.blacklist.jippg.org dialups.mail-abuse.org dialups.visi.com
dnsbl.ahbl.org dnsbl.antispam.or.id dnsbl.cyberlogic.net
dnsbl.kempt.net dnsbl.njabl.org dnsbl.sorbs.net
dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net
duinv.aupads.org dul.dnsbl.sorbs.net dul.ru
escalations.dnsbl.sorbs.net fl.chickenboner.biz hil.habeas.com
http.dnsbl.sorbs.net intruders.docs.uu.se korea.services.net
mail-abuse.blacklist.jippg.org misc.dnsbl.sorbs.net msgid.bl.gweep.ca
new.dnsbl.sorbs.net no-more-funn.moensted.dk old.dnsbl.sorbs.net
pbl.spamhaus.org proxy.bl.gweep.ca psbl.surriel.com
pss.spambusters.org.ar rbl.schulte.org rbl.snark.net
recent.dnsbl.sorbs.net relays.bl.gweep.ca relays.bl.kundenserver.de
relays.mail-abuse.org relays.nether.net rsbl.aupads.org
sbl.spamhaus.org smtp.dnsbl.sorbs.net socks.dnsbl.sorbs.net
spam.dnsbl.sorbs.net spam.olsentech.net spamguard.leadmon.net
spamsources.fabel.dk web.dnsbl.sorbs.net whois.rfc-ignorant.org
will-spam-for-food.eu.org xbl.spamhaus.org zen.spamhaus.org
zombie.dnsbl.sorbs.net
Legend
All= Not Listed

hxtp://gamejolt.com/adserver/www/delivery/afr.php
The requested URL was analyzed and found legitimate.
Hostname: gamejolt.com
IP Address: 99.198.112.170 (lucentweb.com)
Date: 14-08-2010 11:29

Running on: Apache/2.2.3

System info: (CentOS)
Powered by: PHP/5.2.9

Web Application details:
Blacklisting status

Domain clean by Google Safe Browsing: gamejolt.com

Domain clean by Norton Safe web: gamejolt.com

Domain clean by Sucuri Web Blacklist: gamejolt.com

Domain clean by the Phish Tank: gamejolt.com

Domain clean by the Malware Domain List: gamejolt.com

Nothing detected here also:
http://jsunpack.jeek.org/dec/go?report=aedc7c82654c1dc5fff1ce2fcc9063a4046bcabd

Revised avast flags and site has malcode…

polonus

Sorry guys, Avast is actually blocking the URL:
http://adserver.gamejolt.com/www/delivery/afr.php?zoneid=2

Thanks for all of the help so far! :slight_smile:

Please remove the live link. Thanks
Here’s the warning:

http://img.photobucket.com/albums/v190/bob3160/Blocked.jpg

Bob, you could have done the same in your quoted link, changing it to hXXp ;D

@ UnknownGamer
That link still appears to have been hacked as there is a 1X1 iframe tag that appears to have been inserted after your div id=beacon tag, see image1 and image2 where I have broken the single line to make it easier to see.

This iframe tag points to a Paraquay IP address, image3. This IP is also blocked by the network shield as malicious and also by firefox as an attack page, image4.

So you still have some cleaning up to do and more importantly closing the vulnerability that is being exploited to insert these malicious iframe tags.

avast isn’t alone (but almost) in detecting this, but there are very few scanners actually looking for these hacked/inserted tags and even less able to detect them. http://www.virustotal.com/file-scan/report.html?id=76e2e9be985f217f244ad8a50df9b06ef36b18b9768c9c8df4b8de16306a3b25-1281826952

Report 2010-08-15 01:46:12 (GMT 1)
File Name afr-php
File Size 981 bytes
File Type Unknown file
MD5 Hash a71cae1f9b2def8336433ef59b97140d
SHA1 Hash c60892471564342a5036aebd5a253f2acb1ec056
Detections: 3 / 16 (19 %)
Status INFECTED

Avast 15/08/2010 5.0 HTML:Iframe-inf
Avira 15/08/2010 7.6.0.59 HTML/Infected.WebPage
VBA32 15/08/2010 3.12.12.2 Malware.HTML.Iframe