False positive detection on domain by avast

[seidweise]

Hi,
I submitted a report however to maybe speed things up I am also posting here.

Just bought a new dedicated server and moved a few sites to it.
It seems its ip/range was previously blacklisted by an offending domain by avast.

The domain currently being falsely blocked is: haruhichan.com
A large percentage of the site's userbase are avast users and the situation is infuriating them.
If you can please sort this situation out asap that would be great, many thanks

[DavidR]

I have just visited the home page using firefox 22.0 and no alert.

I also did a quick browse of the menu bar and no alerts, ensure you have the latest avast virus definitions/streaming updates.

[Pondus]

your IP has one block here  http://whatismyipaddress.com/blacklist-check

http://www.apews.org/?

Oooops 108.162.199.175 is currently listed in APEWS :-(


--------------------------------------------------------------------------------
Entry matching your Query: E-631057
108.162.0.0/16
--------------------------------------------------------------------------------
CASE: C-131
Unallocated CIDR, no traffic until allocated,
or allocated to bad reputation provider
or allocated but dynamic / generically named IPs,
or bogons, see www.cidr-report.org,
or orphaned IP / CIDR in routing table
--------------------------------------------------------------------------------
History:
Entry created 2013-06-05

[polonus]

Hi DavidR,

Thanks, Pondus, also what I can concluse from this info.
I indeed get an alert there for URL:Mal for wxw.haruhichan.com  Could be because of these results for that IP: https://www.virustotal.com/en/ip-address/217.23.12.104/information/  -> http://urlquery.net/report.php?id=3960634
Maybe because of this on same IP: http://urlquery.net/report.php?id=19306
Also see: http://support.clean-mx.de/clean-mx/viruses.php?netname=WORLDSTREAM&sort=first%20desc&response=alive

pol

[seidweise]

just turned on cloudflare cdn to evade this issue at the moment

The ip address is 217.23.12.104
This is a brand new dedicated server

[seidweise]

http://direct.haruhichan.com <- dns to the ip directly

[polonus]

Same results, these issues demand some time to elapse before everything comes unblocked.
Either ask for an exclusion for the domain at virus AT avast dot com or start sending de-listing requests for the initial IP block,

polonus

[!Donovan]

Hi seidweise,

No problems from my side.

I enjoy your site and would like to see the issue resolved ASAP.

~!Donovan

[DavidR]

hXXp://direct.haruhichan.com <- dns to the ip directly

Interesting on this direct url I get 12 alerts, best to change the http to hXXp to break the link.

However, I still don't get any alert on haruhichan.com.
I connect to that by highlighting the haruhichan.com text and have firefox open it in a new tab.

[polonus]

Hi DavidR,

Exactly, with www etc. alerted as URL:Mal by avast!NetworkShield as I reported.

polonus

[DavidR]

But as I have said the two connections (as outlined in my last posts) not going to the direct.haruhichan.com link I don't get any alerts at all by the web shield or network shield.