Home > Technical & Creative Skills > Tracking Campaigns

---

voluumtrk.com URL is being flagged as containing malware by antivirus software (37)

---

Is anyone else have this problem? I am using a custom tracking domain. but the CNAME forwarding still must resolve at xxx.voluumtrk.com. which is being flagged as containing malware by avast anitvirus.

---

https://safeweb.norton.com/report/sh...luumtrk.com%2F

---

You need to add your own domain. The Voluum one get's blacklisted.

---

i have my own domain. but the CNAME forwards to the Voluum url. do you know a solution to this problem.

---

This is the response I got...

"If you're looking to run a live campaign with real money we highly recommend you use your own custom tracking domain.

The reason we say this is because all of our Noobie users use our default domain (voluumtrk.com) as well as all paid users if they do not change to a custom domain. As a result voluumtrk.com has redirected many millions of visits and because of the volumes it has been flagged by various traffic sources, antivirus software, and other services. As such, not using a custom domain may cause you to lose traffic."

---

lol they basically copy and pasted the explanation, i hate this kind of customer service. Its patronising. I dont think they read what you wrote them properly

---

I guess there is no way round that as Voluum is not self hosted. You have to forward your custom domain, somehow, to Voluum's servers..

I'm no DNS expert.. but other than CNAME to sub domain, is there another way?..forward to say an IP rather than trackvoluum sub domain?

---

the only way around this would require an A DNS entry.
But Voluum dont offer this and they have just CNAME which is easier to manage for them

---

This is pretty serious depending on how quick they can get the flag removed. I tried my available c-named domains, numerous competitor trackers and it seems to be affecting them all, c-named or not. Is anyone NOT being affected? I'm running avast on my PC.

It's already making me want to setup up prosper202 as a backup. Not good. I don't have any % loss statistics I can remember, but in the past when I've have pages flagged there's a noticeable drop in roi. Not sure how much mobile would be affected.

---

Just had my direct buy paused because of this, ohhhh herro Thrive

---

Oh WTF Voluum! This has probably been leading to my lander domains getting flagged faster.

Do you guys remember when this first started?

---

Just switched 80% of my campaigns to Voluum yesterday lol.

---

Glad to hear it isn't just me!! It started for me like 8-9 am EST on friday. I still haven't had a real response from Voluum. or found a solution. I have an agency account and am doing like 1million events a day. Moving everything to Thrive.

---

Yikes ...

---

Been seeing this as well on my Voluum. Switched all my camps back to cpvlabs till it gets sorted.

---

what does the Voluum team say about this?

---

One of the reasons why I prefer self hosted tracking every day of the week.

As for Voluum not being supportive, this should be an easy fix for them by refreshing their domain, right?

---

If the anti-malware services are actually digging deeper into the DNS side of things rather than the URL redirects and those in the address bar, then there are only three solutions:

1) Changing your Voluum subdomain if it is your specific domain flagged, rather than *.voluumtrk.com

2) Voluum changing their redirect domain and instructing everyone to update their DNS entries

3) Moving to A-records that point to an IP instead, with Voluum's systems then having reverse DNS entries -- this would only work if the anti-malware services didn't flag IPs. If they did, this could lead to an even more annoying outcome

As some have pointed out, this is one example of the advantages of a self-hosted system where you can essentially nuke everything you have and start again in under an hour.

One thing to keep in mind: these anti-malware flags, unless at the browser level e.g. Chrome flagging at the DNS/CNAME level (I don't think this is the case), will only affect a % of your user base with that also varying by country/demographic. Unfortunately, Avast is one of the worst possible ones that could flag your stuff:

---

Robert, shed some light with us... I wouldn't like to change tracker now where I feel good with Voluum

---

The solution would be Voluum offerring multiple tracking domains, assigned by risk or account level. So newbies could use the general domain and those who push a lot of traffic use other, more clean domains.

But maybe their infrastructure doesn't support this and there are not enough request to make the change.

---

Im running Voluum with a CNAME ofcourse and as far as i know im not seeing anything in terms of conversion changes... I click on the link myself and it redirects all fine. Then again I dont have a antivirus software installed... perhaps someone can install MSE or Avast and let us know what happens?

---

avast blocks it, even if it's CNAMED

---

fortunately, mobile phone traffic seems largely unaffected.

---

wouldn't it be fun if apps like Psafe or any highly pushed antivirus app would flag your tracker?

---

It must be a nightmare for Voluum to deal with all the anti virus and spam reporting sites , being the nature of what they do.. anyway.. quick searching about..

Safe
http://www.avgthreatlabs.com/ww-en/w...ackvoluum.com/
Safe
http://safeweb.norton.com/report/sho...rackvoluum.com
Safe
http://www.google.com/safebrowsing/d...rackvoluum.com

Not safe


Listed as spam

---

if by fun, you mean crying tear fulls of affiliate irony, than yes. it would be a lot of fun

---

Oh, I think OP must have a different url to me.. when I look in settings in Voluum to do my custom domains, I have trackvoluum.com , not voluumtrk.com, and my custom domain isn't being flagged by any of the above sites..

---

I had a FB campaign blocked for unsafe URL last night, I was using Voluum.

---

Unless your user has the Avast mobile security app installed.

All my Voluum domains are being flagged. Had to move campaigns back to imobitrax for now.

---

Noticed this last Friday too. I thought it was only an error for non C named users but I'm watching this in my domains too.

---

any updates on this? voluumtrk2.com seems to be flagged as well https://www.virustotal.com/en/us/url...is/1464011985/

would be great if anyone from Voluum could clarify whats going on

---

Is this still a limitation on Voluum, i.e. not being able to run your own domains? And are the domains still banned? I was going to sign up, but I don't want to have other peoples campaigns, and whatevever they run, impacting my campaigns.

---

The problem was related to their default domains, hundreds of people are using Voluum without any problems. Make sure to set your custom domain tho and don't use the default ones.

---

Thanks for the reply.

But won't it stil run through their Cname? Or do they allow you to add the domain via A record? The Cname would just be an alias essentially.

---

Check the domains that you CNAME to on http://virustotal.com
There's a few shared domains between their users I believe

---

I have been trying to figure this out for some time now. I run with a network who uses RISK IQ for "Malware" detection. My domains have been getting flagged like crazy which is weird since I don't run any tech support, anti virus, etc. I swapped out Voluum for funnelflux to test, and have been running without getting flagged for over a week now. I am trying to get an answer from Voluum support whether or not its the CNAME that is causing this trickle down effect... but have not heard back yet. If I don't hear back within a few days I am done there..not going to keep paying 1k/month for a tracker that is going to get me banned from networks for something I can't control..

---

Hi bizfreak22,

Our account manager handling your case will reach out to you via Skype today to dispel your doubts regarding the use of a CNAME record used for custom domains that point to one of your default Voluum domains.


Hi nusolution,

The current flag ratio of 2/67 for our voluumtrk2 domain from the list of available 3rd party site checkers on VirusTotal can be slightly misleading.

This is based on our own experience of checking the validity of such reports, whether they are remarked internally during scheduled checks, follow notification from a Voluum user or are from an external 3rd party.
That said, we also still use VirusTotal's service internally as a domain reputation 'barometer' to then follow up directly with the vendor which a flag has been raised with.
Therein, the aim of our correspondence with the vendor is to deem whether a flag is indeed valid or a false positive.

In the former case, we request specific information on the actual cause domain / page to then start a review with the end goal of getting the status reverted to the desired 'safe'.

Now, regarding the current flags listed on VT, the one present for Dr.Web seems related to a txt file which is associated to the root domain voluumtrk2.
This file is used to store authentication substrings that are used to validate our site ownership for two other security vendors (Norton SafeWeb and World of trust).

• Dr.Web status report for voluumtrk2
• VT Report on MD5 hash of file
• RiskIQ report on MD5 hash - 0 hits

For Malekal's flag listed on VT, with the information which is supplied for this domain on their own site, it is isolated to a specific subdomain which will be subject to our review.
In both cases, I will see that the relevant parties are contacted to obtain further information behind the flag and then proceed with getting the domain status reviewed.

Also, I feel it's worth mentioning that for the major (most commonly used) vendors, we have dedicated site ownership profiles registered to be kept in the loop should the status of any of our domains change.
Second to this, we have active licenses with the vendors to double-check the status which is presented clientside (in case there are any discrepancies in data within a different release).
This is mainly applicable to have all our bases covered to not suffer a domino effect if a service sources data from other similar lists. (Relevance to the domain flagging incident which we incurred back in April 2015).

Correct, the risk of incurring a negative impact based off of other user's campaign content still exists to a certain extent when a default domain is used (trackvoluum, voluumtrk, voluumtrk2 etc) .
However, with the procedures which we currently have in place, the margin of this occurring is reduced to an absolute minimum.

In essence, using a CNAME record for a custom domain leaves you less liable to this risk, but it doesn't rule it out 100%.

Therein, our procedures are currently undergoing refinement to collect status reports from all relevant vendors into a single dashboard view (subject to the availability of API integration from the vendor).
This will be used by our teams internally and once we've ironed out the kinks, we plan to make this dashboard public in the format of a statuspage (also applicable for other important services used within our infrastructure).

We will continually maintain the review process when supplied with specific cause page data from 3rd parties.

As is, we currently only support CNAME records for DNS resolution of custom domains.

Support for A (IP) records has been discussed internally in the past and I will need to consult with one of our tech leads to refresh my knowledge as per the technical obstacles / reason that hindered their use.
If I'm not mistaken, the extent of our network is the primary reason that A record use for DNS propagation could prove problematic as IPs are not fixed

I'll follow up here once I have some feedback.

Kind regards,
Adrian

---

Home > Technical & Creative Skills > Tracking Campaigns