I run an internet advertising network called MaxBounty. Over the past few days, I’ve received numerous complaints from my customers that they are getting “URL: mal” blocks from Avast on my main domain (maxbounty.com) and at least one of my advertising tracking links (mb103.com). In particular, one tracking link URL that was blocked was: http://www.mb103.com/lnk.asp?o=6073&c=918271&a=146014
If you are willing, I’d appreciate your help in identifying why my site and that particular URL was blocked by Avast. While I don’t think this is a false positive, I’d like to identify the root cause of the block so that I can correct the root cause and eliminate the block.
I’ve tried using a few of the tools/sites I’ve seen in some of the other threads here, and in a lot of cases, my domains come up clean, or I can’t tell exactly what the problem is from the log.
Again, I’d really appreciate any help to not only remove the block, but to avoid inadvertently advertising any known bad actors.
I’ve tried the Avast contact us form, but have received no response.
Thank you very much in advance for any help you can provide me.
htxp://maxbounty.com/JSTAG_1[4e9][40] - Ok
htxp://maxbounty.com/JSTAG_2[9bf][131] - Ok
htxp://maxbounty.com/JSTAG_3[165b][61] - Ok
htxp://maxbounty.com/JSEvent_4[63] - Ok
htxp://maxbounty.com - Ok
You can report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)
you may add a link to this topic in case they reply here
Thank you for the feedback Pondus. I have had that reputation in WOT for a long time, and it hasn’t changed recently, so I’m surprised Avast is suddenly flagging my site. Dr. Web unfortunately provides no feedback as to why a site is listed.
Do you know if Avast suddenly changed their algorithm to include, or increase the weight on WOT listings? Better yet, are you able to tell if that’s the reason why I’m suddenly being flagged?
I’m just trying to identify the root cause so I can get this fixed up.
Pondus I think this is what is being flagged, while I got some help from my Dr. Web url check scanner here.
And the guys from Saint Petersburg have the 7search uri in their malicious list!
htxp://www.maxbounty.com/7search_bonus.cfm redirects to htxp://7search.com/landing/maxbounty/
htxp://www.maxbounty.com/7search_bonus.cfm is in Dr.Web malicious sites list!
Also this could lead to further compromise of website, outdated CMS: Web application version:
WordPress version: WordPress 3.6.1
Wordpress version from source: 3.6.1
Wordpress Version 3.6.1 based on: htxp://blog.maxbounty.com//wp-admin/js/common.js
WordPress theme: htxp://blog.maxbounty.com/wp-content/themes/lifestyle/
WordPress version outdated: Upgrade required.
blog dot maxbounty dot com,Ghosted,
Now the specific link MaxBounty Steve provides:
Server redirect check:
Code: 302, htxp://www.maxbounty.com/lnk.asp?o=6073&c=918271&a=14601
Redirect to external server! → htxp://www.maxbounty.com/def.cfm?i=0&o=6073 → htxp://khvx.redirrus.com/?offer=6073&s1=0 →
htxp://exclusiverewards.myprizersavingzsurveys.eu/?sov=333912405&hid=djhfjnlntfhrptjp&id=XNSX. → htxp://exclusiverewards.myprizersavingzsurveys.eu/
Content displayed is from the redirect location = the URL htxp://exclusiverewards.myprizersavingzsurveys.eu/?sov=333912405&hid=djhfjnlntfhrptjp&id=XNSX.
no description in google because of robot.txt see: http://killmalware.com/www.maxbounty.com/lnk.asp?o=6073&c=918271&a=14601
found as sign of earlier compromittal → htxp://maxbounty.com/test404page.js
Spam check: Suspicion of Spam
er und frauen. sie sind nicht pornostars oder prostituierte.
umfragemeinung 2014 <script src="//ajax.googleapis dot com/ajax/libs/jquery/1...
Content after the < /html> tag should be considered suspicious.
192:< !-- Mini 1394239957 -->
The IP history of badness on VT: https://www.virustotal.com/nl/ip-address/66.40.15.30/information/
10 appearance(s) in spam e-mail or spam post urls 2 weeks ago.
<p>ThreatSTOP flagged that IP 3 months ago for the threat Parasites - danger level 1 - no active threats recorded.</p>
<p>polonus</p>