Malwareurlirblock.com - Information

Malwareurlirblock.com is the domain we found to be related to the fake antivirus software commonly known as Personal Antivirus.

Malwareurlirblock.com blocks your access to websites, giving you a bogus alerts that you are visiting a dangerous website. Personal Antivirus uses this scheme to prevent you from finding online removal solutions for Personal Antivirus, or simply to give you difficulty in surfing the web.

The fake warnings you get from Malwareurlirblock.com uses fraudulent strategies by displaying false or exaggerated security issues on your computer rather than any legitimate ones to coerce you into purchasing Peronal Antivirus.


Screenshot of the Malwareurlirblock.com false alert


Click for bigger image.


Recommendations

Get rid of Personal Antivirus with the removal instructions here.

Sad part is, the site is down.

Greatnet New Media, also hosts another malicious domain on the same IP: secure.personalpurchuasesite.com

DragonMaster Jay wrote:Sad part is, the site is down.

Greatnet New Media, also hosts another malicious domain on the same IP: secure.personalpurchuasesite.com

If you are seeing the word "FORBIDDEN" then it isn't down. These sites like to try to hide what they are doing. It has to be a special URL to see what I see all the time for example:

URL That activates that Warning screen: malwareurlirblock.com/block.php?id=2033-7&url=http://tech-linkblog.com/scareware-adviser-from-malwareurlirblock-com/

As you can see there is an identification(Probably almost like an Affiliate link), plus the URL that it is trying to block. After all if you were to use this URL you would happily see that message that "WARNING! Visiting this site may harm your computer. . . blah blah blah"

As of writing this the site is working fully and has not be taken down!!

Hope this helps!!

Hi

Welcome to GP.

Thanks for the info. How did you know that?

If we uses a hit counter like Statcounter, we will be able to tell where that click comes from if that user clicked the Continue Unprotected button on the false alert. So basically, the hit counter tracks where the previous user came from before he landed on the site (perhaps trying to get removal info).

Similar to how I got this domain. Installing PAV would also bring to this domain. This is a different way of getting malicious domains, which is why sites which usually list malicious domain don't list these type.

Doctor Inferno wrote:If we uses a hit counter like Statcounter, we will be able to tell where that click comes from if that user clicked the Continue Unprotected button on the false alert. So basically, the hit counter tracks where the previous user came from before he landed on the site (perhaps trying to get removal info).

Similar to how I got this domain. Installing PAV would also bring to this domain. This is a different way of getting malicious domains, which is why sites which usually list malicious domain don't list these type.

Yes he is correct, but some of the IP's are just switching domains so that is sometimes how I get lucky with the IP. Like Defenderpageblock.com that IP has 6 domains associated with it:


As you can see stopmalwaredomains.com is the most recent domain to have the dns pointing to that IP. I usually just check from time to time that is how I find out about some of these domains.