Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Matthew_Wai on April 26, 2014, 01:58:36 PM
-
http://60.210.11.231/
The Web Shield deems it harmful, do you know what it is?
-
http://myip.ms/view/ip_addresses/1020398336/60.210.11.0_60.210.11.255
http://cnc-noc.net/mail/login.action
Not sure
-
https://www.virustotal.com/en/url/6cb04a97832f2a70ab34451991168078dd7e6ae747d4e369f98dd8485c917bb5/analysis/1398513971/
IP is blacklisted by dev.null.dk and spamsources.fabel.dk
seems to be an empty site now...click picture. http://www.urlquery.net/report.php?id=1398514275777
-
http://60.210.11.231/lvs/banner_1.jpg quoted from the Web Shield report
Perhaps this file exists.
-
it does....pic of a nice girl. ;) http://www.urlquery.net/report.php?id=1398515062630
-
But it is not a banner at all!
-
But it is not a banner at all!
?
-
It is an advertisement for express delivery of documents, the words are in Chinese.
Do you think it is false positive?
-
see my first post... from the IP ban blacklist, it seem it may have to do with spam
-
What do you think will happen if I visit the URL after disabling the Web Shield?
-
What do you think will happen if I visit the URL after disabling the Web Shield?
nada i guess.... and the pic file is clean according to VT.... 5 month old scan
but dont come back complaining if i am wrong.
https://www.virustotal.com/en/url/7426cdaf3b4e6b40da0504bb800af974cf7918f233c256d5f6d0eb6177de85d1/analysis/
https://www.virustotal.com/en/file/2bb3608eab1a013999a13b80e704606bc7793b56669354380989b66232ac5aa1/analysis/1385649338/
-
See all threats here: http://threatstop.com/checkip -> 23 minutes ago threats MODIFIED ITAR, ITAR, CHINA threat level 1.
See: Up(nil): APNIC CN 60.210.11.231 to 60.210.11.231 60.210.11.231
See: http://toolbar.netcraft.com/site_report?url=60.210.11.231%2Flvs%2Fbanner_1.jpg (Risk rate 10 out of 10 RED)
htxp://60.210.11.231/file/MDAwMDAwMDGSJcByiJiZn3rq0LglSSlmpMcl_EJPHghyPvUhjxW-2w../209c2a443f46eb26807ff78378f7ad8d17d786cd/10958773-vxd-UG& -> https://www.virustotal.com/nl/url/486f4c473bf280bd41c5cc62f02f4272e424f7c7211f583249061b3fe93e2668/analysis/1398518686/
url after redirect: htxp://60.210.11.231/lvs/redirect.html?kne=&d=0823C937 (flagged by avast! Webshield as URL:Mal).
-> http://urlquery.net/report.php?id=1398515062630
Trying to redirects to: htxp://www.dbank.com/ping.php?js=all?v=1.26.23"%3B -> htxp://www.dbank.com/ping.php?js=base
Emisoft is the only one to flag next to avast! shield.
pol
P.S. Everybody should be aware of the banner abuse by Zeus: http://www.gfi.com/blog/beware-malware-banner/
link article author = Mohammed Ali (actually old info from 2011, then new but now still actual)
D
-
After disabling "Block malware URLs" I could download and save the banner on http://60.210.11.231/lvs/banner_1.jpg
It read "NO THREAT FOUND" after manual scanning
The URL might have been blacklisted mistakenly.
-
Hi,
This IP was blocked 21. June 2013, 11:38 because of this file we spotted:
hxxp://60.210.11.231/file/mdawmdawmdhmzntt3gw_6vm8w34pwr1wsbqbat_3thhkqpgcslagnq../ba97b7fbf4ab948d7ceb62df1626d016fbc97/%e9%97%ae%e9%97%ae%e5%ad%a6%e5%a0%82%e8%87%aa%e5%8a%a8%e7%ad%94%e9%a2%98%e5%99%a8beta%203.85.rar?key=aaabqfhcyxi8vv6i&p=&a=4022865-af11
I hope the infection has been cleared already, so I am unblocking the IP now;-).
Honza
-
Do you mean avast will block a whole site just because a single file is infected?
-
Do you mean avast will block a whole site just because a single file is infected?
I certainly hope so. I know I don't want to wind up with the infected file on my system. :)
I personally can't think of any site that is so important that I need to visit it if it contains infections of any kind.
-
wind up with the infected file
Do you mean "wind up the computer with the infected file"?
-
Hi Matthew_Wai,
One file on a site means an infested site that could then infest users that come to visit that site. Do we want to infest visitors of our site. No, we do not. So we have to cleanse the files first, yes even when there is one infested file, and then the site can become unblocked and visitors can come again to the site.
Is that so hard to imagine? 是這樣的,很難想像?
polonus
-
Hi polonus,
It is not hard to imagine zero tolerance when it comes to infection.
But I can't imagine why you could 寫中文字,你是中國人嗎?
-
Psstt, there are online translators. ;D
-
But machine translation sucks.
-
Do you mean avast will block a whole site just because a single file is infected?
if the infected file is part of the website html, yes ofcourse
-
Do you mean the infected file exists on all pages of the site?
-
see reply nr #13
-
Sorry, which one is #13? I saw no number.
-
evry post have a number..... the one you just posted
Re: Why is the website harmful?
« Reply #24 on: Today at 11:52:15 »
-
Sorry for having overlooked the post number.
The infected file was
hxxp://60.210.11.231/file/mdawmdawmdhmzntt3gw_6vm8w34pwr1wsbqbat_3thhkqpgcslagnq../ba97b7fbf4ab948d7ceb62df1626d016fbc97/%e9%97%ae%e9%97%ae%e5%ad%a6%e5%a0%82%e8%87%aa%e5%8a%a8%e7%ad%94%e9%a2%98%e5%99%a8beta%203.85.rar?key=aaabqfhcyxi8vv6i&p=&a=4022865-af11
This file was not part of http://60.210.11.231/lvs/banner_1.jpg which was a safe file but blocked, why?
-
start reading this topic from the beginning again.....
-
Not the .jpg is blocked, but the entire website.
The reason for it that there is that .rar file.
It redirects to dbank which is not trustfull.
http://urlquery.net/report.php?id=1399544492415 (http://urlquery.net/report.php?id=1399544492415)
-
We seem to be going around in a circle.
Question asked and answered.
-
Hi bob3160,
Doesn't the victim really understand this explanation from the example that one rotten apple can ruin a whole can of apple sauce or is he just pretending he does not understand how this works. By the way that IP was abused on 2008-01-04 through CASE: C-1375 - Spambots/zombies within CIDR (info APEWS dot ORG).
polonus
-
No users fell victim to the website being blocked. Perhaps the website owner is the victim.
I posted this topic just out of curiosity.
I don't think anyone is pretending here, there is no need and no fun.
Not all newbies can fully understand how a piece of complicated software works.
-
We seem to be going around in a circle.
Question asked and answered.
We seem to be discovering new questions while receiving answers.
Questions being asked and answered is normal on any forums.