Avast WEBforum
Consumer Products => Avast Mac Security => Topic started by: REDACTED on June 06, 2017, 01:27:42 PM
-
Hey gang,
A client has a small Squarespace site - hxxps://smokestak[.]co.uk
Recently they've been getting some notifications from customers regarding Malware Warnings. The site has been inspected by Squarespace support, I have run my own scans, everything is being served over https and I have installed other malware / virus detection software (AVG and BitDefender) to check what they pickup - everything indicates that the site is clear.
Avast, however, is showing the following warning. I have seen previous posts where these types of warnings have been coming up incorrectly.
Can anyone shed any light on this / suggest a possible fix?
**The first Avast warning - http instead of https - is just from where I tested the hxxp://smokestak[.]co.uk before**
Thanks in advance.
(https://lh6.googleusercontent.com/Dc6UTVyHUFYgGAaGFv70PS6b5Vbh5hdE5p4_ZLsMFsec2TlhdFpJOVmN0SS5kyXMaO4uOj28c4GrBpc=w1100-h803-rw)
-
You can report a URL here: https://www.avast.com/report-a-url.php
-
avast doesn't say that a infection is detected.
avast says that domain and/or IP is blocked/blacklisted.
Blacklistings on that ASN/IP :
http://urlquery.net/report.php?id=1496751620674
Name mismatch with certificate 2 :
https://www.ssllabs.com/ssltest/analyze.html?d=smokestak.co.uk&s=198.185.159.144&latest
Vulnerable library found :
http://retire.insecurity.today/#!/scan/8d9b02f8862b6972cc25c522b11c12ddeb4e80178a14473dcad60890540d568b
Really bad IP history :
https://www.virustotal.com/en/ip-address/198.185.159.144/information/
My advise :
- Fix the vulnerable library problem
- Fix the certificate mismatch
- Get dedicated hosting
-
https://smokestak.co.uk
http://smokestak.co.uk
Both are blocked by F-Secure. see attached screenshot
-
I have removed smokestak[.]co.uk from our blacklist ;)
-
I hope only that site is allowed but not the entire IP.
-
There are thousands of unique domains on those IPs, so it is likely we will not ever block those IPs, unless more than ~50% of the domains are malicious.
-
Thanks for your help and advice guys.
Beers are on me - everything's working as it needs to.