Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: asher123 on March 26, 2014, 08:06:48 PM
-
Hello. Why is avast blocking this site:
berza-delova.com
avast says that there is malware on site.
I have scanned this site with many online malware scanners and none of them say's that there is malware on site.
there is no malware on this site, so why is blocked by avast?
-
you dont say what malware?
If avast say URL:Mal it means the URL or IP is on a blacklist for whatever reason......it does not have to be infected
IP (188.2.177.117) is on 7 blacklists :-\
b.barracudacentral.org / dnsbl.sorbs.net / dul.dnsbl.sorbs.net / dyn.shlink.org / l2.apews.org / pbl.spamhaus.org / zen.spamhaus.org
apews.org list this as why
CASE: C-36
Spammer / Scammer / Scanner / Zombie / other within this CIDR
-
The server is hosted afraid
Hosts...
...malicious URLs? No
...badware? Yes
...botnet C&C servers? No
...exploit servers? No
...Zeus botnet servers? No
...Current Events? Yes
...phishing servers? No
...spam servers? No
...spam bots? No
...spam activity? Yes
http://sitevet.com/db/asn/AS31042
locate this hidden iframe
•<iframe id="google_ads_frame1" name="google_ads_frame1" width="468" height="60" frameborder="0" src=
"http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2115705530608891&output=html&h=60&slotn
ame=8241050387&adk=3012021503&w=468&lmt=1388880488&ea=0&flash=9.0.115.0&url=http%3A//berza-delova.co
m/&dt=1388880494009&shv=r20131210&cbv=r20131209&saldr=sb&correlator=1388880506686&frm=20&ga_vid=2074
150581.1388880507&ga_sid=1388880507&ga_hid=2139938513&ga_fc=0&u_tz=-480&u_his=1&u_java=1&u_h=768&u_w
=1024&u_ah=768&u_aw=1024&u_cd=24&u_nplug=0&u_nmime=0&dff=verdana%20arial%20%22trebuchet%20ms%27&dfs=
12&adx=9&ady=29&biw=1256&bih=605&oid=3&rs=0&osd=1&vis=0&fu=0&ifi=1&dtd=M" marginwidth="0"
marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe>
-
VirusTotal
https://www.virustotal.com/nb/file/dee7d72db418cd4263af4aedceaaa720ff781c7542eaae6dc145d0f6efe49174/analysis/1395863548/
-
iframe is from google adsense
avast say URL:Mal
here is another site hosted on same ip and result from virus total
https://www.virustotal.com/nb/url/0e45315443c29ad612ae28c0f721e19ee7cc2e308aaeb6373ceb317335784fc0/analysis/
it's clean site but avast is also throwing URL:Mal
-
polovniautodelovi.com
also on same ip but avast has not blocked this site.
There are no malware/spam on this sites, they are on the same ip, some of them are blocked some not.
Trying to figure out why?
-
iframe is from google adsense
avast say URL:Mal
here is another site hosted on same ip and result from virus total
https://www.virustotal.com/nb/url/0e45315443c29ad612ae28c0f721e19ee7cc2e308aaeb6373ceb317335784fc0/analysis/
it's clean site but avast is also throwing URL:Mal
VirusTotal URL scan does not scan for malware, it is a reputation check.......
the site seems to be hosted at afraid.org that have very bad reputation
this is what Milos say http://forum.avast.com/index.php?topic=144105.msg1045857#msg1045857
and check your IP adress (188.2.177.117) here http://whatismyipaddress.com/blacklist-check
-
ok ip is listed on 1 site but they say
Whatismyipaddress.com does not recommend the usage of this blacklist. It has the potential to block large segments of IP addresses. If you are listed with them it is generally not a problem.
it's dynamic ip. maybe someone else used this ip to send spam before me, i am unable to know that.
ok maybe i need to access my webcam over net and i am unable to do so because i have used afraid which have bad reputation by avast.
i am trying to suggest that this type of detection is not working good in avast. avast is blocking sites by some strange criteria and not checking them first.
it shouldn't block sites by ip nor dynamic ip a dressess, i have mentioned remote usage if devices.
sites are not even scanned, they get's blocked right away which is not good because they don't have any malware on them as avast say they have.
-
you can confirm that the server not is afraid.org?
http://whois.domaintools.com/berzadelova.com
only 1 Blacklist
http://www.urlvoid.com/scan/berzadelova.com/
see:http://www.domxssscanner.com/scan?url=http%3A%2F%2Fberza-delova.com (http://www.domxssscanner.com/scan?url=http%3A%2F%2Fberza-delova.com)
I can not solve your problem
use contact from
http://www.avast.com/contact-form.php
-
ok ip is listed on 1 site but they say
unless there is something wrong with my computer, i see 7 red dots when checking your IP (188.2.177.117) here http://whatismyipaddress.com/blacklist-check
some results from blacklistalert.org/
http://spameatingmonkey.com/lookup/188.2.177.117
http://www.spamrats.com/bl?188.2.177.117
anyway. if you think it is wrong, report it here http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply here....
-
ThreatSTOP has threats last seen 75 minutes ago for MODIFIED ITAR threat danger level 1
and 2 days for new malware domain (domain) threat danger level 3
Also see: http://www.projecthoneypot.org/ip_188.2.177.117
But this is at the crux of the problem http://dnscheck.pingdom.com/?domain=Berza-delova.com
Nameserver - ns1.afraid dor org. ns2. .afraid dot org. ns3.afraid dot org. ns4.afraid dot org.
That is the reason for the avast! block.
polonus
-
I have changed DNS but avast is still throwing me alert.
I have contacted support about problem but no luck.
I give up. Avast is blocking clean sites.
-
I give up. Avast is blocking clean sites.
there are many reasons for a block....it does not have to be infected.....
report it here http://www.avast.com/contact-form.php
you may add a lik to this topic in case they reply here
-
you can confirm that the server not is afraid.org?
http://whois.domaintools.com/berzadelova.com
only 1 Blacklist
http://www.urlvoid.com/scan/berzadelova.com/
see:http://www.domxssscanner.com/scan?url=http%3A%2F%2Fberza-delova.com (http://www.domxssscanner.com/scan?url=http%3A%2F%2Fberza-delova.com)
I can not solve your problem
use contact from
http://www.avast.com/contact-form.php
Hello,
either your DNS host (afraid.org) allows creation of subdomains for other persons, or your passwords were stolen or the DNS host itself was hosted, but your domain was clearly used for malicious purposes and was blocked.
Any domain hosted on afraid.org can be used by other persons for dns hosting without your control. It happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later.
Milos
-
polovniautodelovi.com
also on same ip but avast has not blocked this site.
There are no malware/spam on this sites, they are on the same ip, some of them are blocked some not.
Trying to figure out why?
Hello,
either your DNS host (afraid.org) allows creation of subdomains for other persons, or your passwords were stolen or the DNS host itself was hosted, but your domain was clearly used for malicious purposes and was blocked.
Any domain hosted on afraid.org can be used by other persons for dns hosting without your control. It happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later.
Milos
-
I have changed DNS but avast is still throwing me alert.
I have contacted support about problem but no luck.
I give up. Avast is blocking clean sites.
Hello,
if you are talking about "polovniautodelovi.com" I see it still hosted on afraid.org.
Milos
-
NO I am talking about berza-delova.com DNS is not at afraid any more.
-
NO I am talking about berza-delova.com DNS is not at afraid any more.
the URL was unblocked.
-
Always keep in mind that after changing a DNS it takes a while before it is updated everywhere.
-
NO I am talking about berza-delova.com DNS is not at afraid any more.
the URL was unblocked.
Thank you
-
polovniautodelovi.com
also on same ip but avast has not blocked this site.
There are no malware/spam on this sites, they are on the same ip, some of them are blocked some not.
Trying to figure out why?
Hello,
either your DNS host (afraid.org) allows creation of subdomains for other persons, or your passwords were stolen or the DNS host itself was hosted, but your domain was clearly used for malicious purposes and was blocked.
Any domain hosted on afraid.org can be used by other persons for dns hosting without your control. It happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later.
Milos
Milos, you have been missinformed. Only domains using afraid.org with PUBLIC status can be used without the woner's knowledge to create subdomains. Any domain using afriad.org's name servers with status PRIVATE require that the owner of the domain screen and approve incoming subdomain creation requests, and the owner can simply deny the requests.