Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on August 25, 2016, 08:54:33 PM
-
Hello everyone,
someone could help me, I have received several complaints from Users using avast .
The problem is that my website is detected as a virus by avast .
this is my website wXw.aareiijunin.com.ar
I have done a scan with VirusTotal and passes all clean
https://www.virustotal.com/en/url/694828e69d5fa7be7789169b7b87cb83eb12000547fd0d0b6e7125f1c326716c/analysis/
your help would be appreciated :(
-
VirusTotal does not scan websites.
Vulnerable Library :
http://retire.insecurity.today/#!/scan/a3fdbcf7249053eebb9c22f5e915a80e15a328997f4b3d037a50f62647b10672
Problems on that ASN :
http://urlquery.net/report.php?id=1472151887951
http://urlquery.net/report.php?id=1472151884218
IP is on multiple blacklists :
http://multirbl.valli.org/lookup/31.170.164.50.html
Links to malicious content :
http://zulu.zscaler.com/submission/show/af476c752d0d2676b448fb66e28688ea-1472151728
-
https://securityheaders.io/?q=http%3A%2F%2Fwww.aareiijunin.com.ar%2F&followRedirects=on
http://retire.insecurity.today/#!/scan/409144ddfca8ca855205d39f5ac4fb1d3a21995247daf5629394e4b3a7f5ada6
Cant find anything showing up malicious in online scanners :)
-
Well there is ample detection on that IP and that is why it has been blocked, because of bad neighbours on one an the same address:
https://www.virustotal.com/en-gb/ip-address/31.170.164.50/information/
Detecting PHISHing and Trojan Script malcode. Last detect launched from that IP by avast was MSIL:Agent-KA [Trj].
I do not know whether that domain could be excluded, but that is for an Avast Team Member to decide,
we are just volenteers with relevant know-how and expertise.
polonus (volunteer website security analyst and website error-hunter)
-
I figured that as I am using a free host could be blocked by misuse of other users,
I will try to change the host and see what results I get , but I worry that my domain there been blocked by avast.
thanks anyway
-
It is not about what is not detected, but about what is detected.
-
Hallo Eddy,
You are right Eddy, but also consider the following report and the role of that hoster, AS47583 Hostinger International Limited,
with Blacklisted URLs: 1456, see: http://sitevet.com/db/asn/AS47583
Trying to go to that IP, I am blocked by a script blocking rule for -http://error.hostinger.eu/? that prevented that page from being loaded by my uMatrix extension in the browser.
Netcraft risk ratin 8 red out of a total of 10: http://toolbar.netcraft.com/site_report?url=31.170.164.50
consider: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.aareiijunin.com.ar
hoster has wrong self signed certificate installed according to the crypto-report.
You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Warnings
Root installed on the server.
For best practices, remove the self-signed root from the server.
Info
BEAST
This server is vulnerable to a BEAST attack. More information.
Certificate information
Common name:
*.main-hosting.eu
SAN:
Valid from:
2014-Sep-01 13:06:29 GMT
Valid to:
2024-Aug-29 13:06:29 GMT
Certificate status:
Unknown
Revocation check method:
Not available
Organization:
Hostinger Ltd
Organizational unit:
Hostinger Servers
City/locality:
Default City
State/province:
Country:
CY
Certificate Transparency:
Not embedded in certificate
Serial number:
009253cb267b5ab8c2
Algorithm type:
SHA1withRSA
Key size:
2048
Certificate chainShow details
*.main-hosting.euRoot certificate
Server configuration
Host name:
31.220.20.7
Server type:
nginx
IP address:
31.220.20.7
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Enabled
Next Protocol Negotiation:
Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Enabled
RC4:
Not Enabled
OCSP stapling:
Not Enabled
groetjes,
Damian aka pol
-
Hello,
the domain was unblocked.
Milos