Avast WEBforum
Other => Viruses and worms => Topic started by: siradude on August 01, 2013, 04:53:11 PM
-
Hi,
I maintain a clients office/domain/hosting with a registered domain of HERENCIASPR.COM
This Domain is being blocked by AVAST via their AV software and thus loosing all traffic from such users.
This DOMAIN is clear of Malware or Virus, In the past this client might have had a heavily infected PC on their grounds which might have sent MALWARE infected emails, this problem has been eliminated a long time ago and cleared.
All my intents to report this as a false positive via the report link on Avast's popup have gone un answered and this client is getting very frustrated that he is loosing a wide range of traffic due to a FASLE positive.
Please does anyone have a direct contact or a proper way to solve this issue?
-
You can try it with this form here: http://www.avast.com/contact-form.php
But we should make sure that this domain is really clean.
I thinl i will call an website analyst from the forum.
-
Thanks,
I did a complete scan of the hosting and all passes with no problems!
-
The Site is definitely NOT CLEAN
3/39 at Virustotal: https://www.virustotal.com/it/url/7d93d68deb741a4be79acb03408bbbdd504480ca79e7cf4cbffdc1537d2fb567/analysis/1375369424/ (I dont know why it is in Italian)
It is clean from Googles Site.
It has an Drive-by-Download on it: http://safeweb.norton.com/report/show?url=herenciaspr.com&ulang=eng
Blacklisted by McAfee: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fherenciaspr.com%2F
Thera are 4 external Links: http://www.quttera.com/detailed_report/HERENCIASPR.COM
URLQuery report: http://urlquery.net/report.php?id=4292695
-
I have notified Polonus. I think he will help you with that. But he is not online right now, so please be patient.
-
The Site is definitely NOT CLEAN
3/39 at Virustotal: https://www.virustotal.com/it/url/7d93d68deb741a4be79acb03408bbbdd504480ca79e7cf4cbffdc1537d2fb567/analysis/1375369424/ (I dont know why it is in Italian)
Virustotal does not scan for infections....it check against blacklists
if you check the urlquery link http://urlquery.net/report.php?id=4292695 and scroll down to Recent reports on same IP/ASN/Domain
you find other websites with alerts using same IP
-
BitdefenderTrafficLight does not like the site. PHISH!
Site is being blacklisted, see: http://scanurl.net/?u=HERENCIASPR.COM&uesb=Check+This+URL#results
But according to these info the malcode has been closed: http://support.clean-mx.de/clean-mx/viruses.php?ip=198.31.50.136&sort=firstseen%20desc
2013-04-16 17:22:11 and had been on for 36.2 hrs.
See also: http://urlquery.net/queued.php?id=35741994
polonus
-
Hi,
Thanks for all the help so far..
The web is being hosted by some company that charges my client for hosting services..
Do you think that if I move the Domain and use another hosting service this can be cleared faster?
Since I see that the same IP is being used by several WEBSITES, its possible that they are all hosted by the same provider, and that the problem then existed with that hosting provider.
I can move the domain to my Godaddy account and host the small web on one of my shared hosting servers.
You think this would be the fastest way to clear this problem and get away from that possible infected hosting company?
I see WAY TOO many hosted webs on same IP and all are blacklisted which kinda tells me this hosting service/company is not too well taken care of. (its a local puerto rico company wich offers website hosting )
-
Hi siradude,
No because this hoster seems to do a good job, look at the sitevet report here: http://sitevet.com/db/asn/AS19137 (all no's)
Only blacklisted here: http://www.ipvoid.com/scan/198.31.50.136/
and here: https://www.virustotal.com/en/ip-address/198.31.50.136/information/
Your site now clean: https://www.virustotal.com/en/file/9ec6528d8373a4a9d3939a2ef8f84e7fe2c12dc30786bb274e5b2991fc4dadf1/analysis/1366050249/
also clean according to: http://urlquery.net/report.php?id=4292695
polonus