Several weeks ago my domains started to get blocked due URL:Mal threat.
Each time I tested the domains with different other antiviruses and found nothing.
Then I filled false-positive form and after some time the domain’s reputation was cleared by Avast team.
Is it possible to receive more information about why the block of the domains were issued at all?
I think that this because one of advertisers but I need more information to detect problematic one to disable it.
Where can I get it?
The reference IDs of several last tickets:
#13743151 / ref:_00Db0Z3Sf._5005p2WRgNg:ref <— this one was cleared today
Tickets from some time ago: #13725708 / ref:_00Db0Z3Sf._5005p2WRCyy:ref #13689837 / ref:_00Db0Z3Sf._5005p2VCZZD:ref
I am writting again to this topic because since my last post we have several more alerts from avast which resulted in site being closed with URL:Scam message.
After submitting false-positive form the alert was cleared and false positive confirmed but no other information about what happened and how we can prevent future problems was provided.
Here are reference IDs of these confirmed false positive reports:
The last one happened two days ago.
The patterns is all the same.
Site marked as URL:Scam => we are scanning the site and the advertisers and nothing is found => we are reporting false-positive => false positive confirmed by avast, alert is disabled and the site’s reputation is cleared.
Each time the ONLY reply we receive is that the reputation is cleared and no information is provided about WHAT caused the problem.
We are struggling to keep our sites very clean to provide best user experience.
However it’s very difficult to operate when about once a week sites are marked as URL:Scam and then cleared as false positive.
If we were given any additional info - we would tune our ads to prevent such cases in the future.
But right now - our users and our partners are affected and there is nothing we can do about it.
I could say something about a 3rd party cold recon analysis of the site and accordingly error-hunting,
but as you do not mention the site in question, that is hard for me to do.
polonus (volunteer 3rd party cold reconnaissance website security-analyzer and website error-hunter)
You could report your site here: https://www.avast.com/report-malicious-file.php
But it can help me? The form just say “thank you for reporting your site. we will check” and again. No information.
Let me describe the process again:
My domain is banned because of some malicious advertiser. Say my domain is domain.com load ad with URL ad-broker.com which redirects multiple times and finally arrives to some malicious-ad.com
Because of these redirects - my domain is banned. So two questions:
WHY my domain is banned and not the domain malicious ad was served from?
WHY avast doesn’t provide ANY information about how he arrived to this malicious ad (i mean whole redirect chain) so i’ll be able to ban the broker or to ban the advertiser to prevent similar cases in the future?
I could say something about a 3rd party cold recon analysis of the site and accordingly error-hunting,
but as you do not mention the site in question, that is hard for me to do.
The domains in question are:
xtits.xxx
xozilla.xxx
analdin.xxx
If you can provide more information about why these domains had multiple false-positives (in my prev message I’ve listed all ref IDs of the tickets) it would help immensely. Thank you.