Author Topic: False positive blacklisted Domain (Read 3460 times)

Lisandro · « **Reply #1 on:** February 17, 2014, 10:58:17 PM »

I've reported to the virus lab in order to check if it is a false positive or not.

top-dev · « **Reply #2 on:** February 17, 2014, 11:00:44 PM »

polonus · « **Reply #3 on:** February 17, 2014, 11:08:35 PM »

There is a suspicious iFrame alerted: Suspicious
hxtps://w.soundcloud.com/player/?url=https%3a//api.soundcloud.com/playlists/13790435&color=23acf4&au'

Something wrong with DNS Delegation - too low number of IPv6 name servers, see test here:
http://dnscheck.sidn.nl/?time=1392674395&id=1736344&view=basic&test=standard
WOT web rep 2 yellows: https://www.mywot.com/en/scorecard/top-berlin.net.pandastats.net?utm_source=addon&utm_content=popup-donuts

But all that is of s second concern, the crux of the matter is your website being with afraid dot org, which domains are blocked by avast!
Afraid dot org has security issues and therefore such domains are being blocked.
Steer away from afraid dot org and an avast! team member (not me) can unblock your site as soon as this is being reported.

Domain Name: TOP-BERLIN.NET
Registrant:
TOP B3rlin
Domain servers in listed order:
NS1.AFRAID.ORG
NS2.AFRAID.ORG
NS3.AFRAID.ORG
NS4.AFRAID.ORG

polonus

Lisandro · « **Reply #4 on:** February 17, 2014, 11:17:44 PM »

Thanks Polonus. This problem was seen before a lot of times. Indeed could be a DNS block of affraid.org.

polonus · « **Reply #5 on:** February 17, 2014, 11:27:35 PM »

Hi Tech,

That is why I always check on DNS health for domains now -> http://www.intodns.com/top-berlin.net
quote from scan alerts [/quote]
All have same SOA serial number: All your nameservers agree that your SOA serial number is 1402170003.
Your SOA serial number is: 1402170003. This can be ok if you know what you are doing.[/quote]
I call that sitting in a 'cheap" chair

pol

Milos · « **Reply #6 on:** February 18, 2014, 09:06:28 AM »

Hello,
DNS hijack: "ariulanimkwr.top-berlin.net", "ketf4zq.top-berlin.net".
Either your DNS host allows creation of subdomains for other persons, or your passwords were stolen or the DNS host itself was hosted, but your domain was clearly used for malicious purposes and was blocked.
Any domain hosted on afraid.org can be used by other persons for dns hosting without your control. It happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later (avast.com/contact-form.php).

Milos

top-dev · « **Reply #7 on:** February 18, 2014, 04:03:14 PM »

Milos · « **Reply #8 on:** February 18, 2014, 04:27:53 PM »

Hello,
thanks for notice, domain will be unblocked in next stream update.

Milos

top-dev · « **Reply #9 on:** February 18, 2014, 04:57:17 PM »

Lisandro · « **Reply #10 on:** February 18, 2014, 11:23:18 PM »

Quote from: top-dev on February 18, 2014, 04:57:17 PM

Thank you very much. Can you delete this Thread please? Thanks a lot!

No, it's not necessary. Knowledge always help future users with same issue.

top-dev · « **Reply #11 on:** February 19, 2014, 08:57:24 AM »

Author Topic: False positive blacklisted Domain (Read 3460 times)

top-dev

False positive blacklisted Domain

Lisandro

Re: False positive blacklisted Domain

top-dev

Re: False positive blacklisted Domain

polonus

Re: False positive blacklisted Domain

Lisandro

Re: False positive blacklisted Domain

polonus

Re: False positive blacklisted Domain

Milos

Re: False positive blacklisted Domain

top-dev

Re: False positive blacklisted Domain

Milos

Re: False positive blacklisted Domain

top-dev

Re: False positive blacklisted Domain

Lisandro

Re: False positive blacklisted Domain

top-dev

Re: False positive blacklisted Domain