Author Topic: avast blacklisted my domain (false positive)  (Read 12199 times)

0 Members and 1 Guest are viewing this topic.

oleg_ph

  • Guest
avast blacklisted my domain (false positive)
« on: December 12, 2013, 03:16:08 PM »
Hello,

I'm the owner of zazazizoo.com. Avast blacklited my website. The website is a banner and pop-under traffic trading site. All traffic we trade is distributing through the website.
My admin already send you request via contact webform 3 days ago but have no answer.
How could I remove my website from your blacklist?

Thanks,
Oleg
« Last Edit: December 12, 2013, 05:35:38 PM by oleg_ph »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37619
  • Not a avast user
Re: avast blacklisted my domain (false negative)
« Reply #1 on: December 12, 2013, 03:30:23 PM »
urlquery report.   http://urlquery.net/report.php?id=8348013
see IDS alert by Suricata filter
IP listed to be on  ET RBN Known Russian Business Network IP group

Russian Business Network.   http://en.wikipedia.org/wiki/Russian_Business_Network


Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: avast blacklisted my domain (false negative)
« Reply #2 on: December 12, 2013, 03:33:35 PM »
My proxy blocked that site. That's saying something. Jeez
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33938
  • malware fighter
Re: avast blacklisted my domain (false negative)
« Reply #3 on: December 12, 2013, 03:34:06 PM »
Another domain on the same IP -> Up(nil):   unknown_html   RIPE   GB   abuse at hqhost dot net   80.77.81.45    to 80.77.81.45   ahherwebcams dot com   htxp://ahherwebcams.com/?id=campaw  might be causing an avast!  general malware block
Sites are IDS flagged as "ET RBN Known Russian Business Network IP group 355".

polonus

P.S. If you insist it is a false negative  8), you ask for a continued blocking.
If you report a false positive (detection), you ask an avast team member to exclude your domain from the general IP block.
It is all up to an avast! team member responsible for the unblocking. We are just support forum volunteers.
I saw that your site is still under construction, so that means we don't know what it is going to be up there - maybe a false negative   ;D  ;D

polonus
« Last Edit: December 12, 2013, 03:40:04 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

oleg_ph

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #4 on: December 12, 2013, 05:39:58 PM »
Thanks all of you for your messages.
P.S. I've changed name of subject.
« Last Edit: December 12, 2013, 05:43:25 PM by oleg_ph »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33938
  • malware fighter
Re: avast blacklisted my domain (false positive)
« Reply #5 on: December 12, 2013, 07:14:45 PM »
Hi oleg _ph,

Reported your site for domain exclusion from the more general IP block, going there with the upcoming update,

с уважением,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

oleg_ph

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #6 on: December 12, 2013, 09:58:24 PM »
Dziękuję polonus  ;),

Do I understand youк message correctly? There will be possibility to remove from blacklist if I take IP from other network.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33938
  • malware fighter
Re: avast blacklisted my domain (false positive)
« Reply #7 on: December 12, 2013, 10:40:29 PM »
Well they can also exclude your domain on that IP, but that as I said is up to an avast team member, and I am not,
I just reported the issue, Just wait and see.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

oleg_ph

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #8 on: December 13, 2013, 06:18:31 PM »
I have changed IP of domain to other one. So hope it could help.
What do you think polonus?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37619
  • Not a avast user
Re: avast blacklisted my domain (false positive)
« Reply #9 on: December 13, 2013, 06:30:00 PM »
that URL still comes up With same IP    http://urlquery.net/report.php?id=8378689


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33938
  • malware fighter
Re: avast blacklisted my domain (false positive)
« Reply #10 on: December 13, 2013, 11:37:26 PM »
Indeed there is no other IP than    htxp://zazazizoo.com = 80.77.81.45
Up(nil):   unknown_html   RIPE   GB   abuse at hqhost dot net   80.77.81.45    to 80.77.81.45   ahherwebcams dot com   htxp://ahherwebcams.com/?id=campaw
Nothing here: http://www.dailychanges.com/zazazizoo.com/
When I go to nameserver here, I get: [t3] Error Message: The URL you have typed is either incorrect or has been changed. Please contact our Support desk if you continue to get this error. Please file a support request with the entire error message
-> http://www.dailychanges.com/foundationapi.com/#transferred-in

Something is phishy there  8)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

oleg_ph

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #11 on: December 14, 2013, 01:19:03 PM »
Polonus, there is no any phishy. Tomorrow new IP didn't resolve so fast as I expected.
Now is new IP:
http://urlquery.net/report.php?id=8389960
« Last Edit: December 15, 2013, 10:13:28 PM by oleg_ph »

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: avast blacklisted my domain (false positive)
« Reply #12 on: December 16, 2013, 09:18:54 AM »
Hi Oleg,
I just unblocked the domain, it should be unblocked in the next update.
Honza

oleg_ph

  • Guest
Re: avast blacklisted my domain (false positive)
« Reply #13 on: February 10, 2014, 11:04:10 AM »
Hello HonzaZ,

Our domains zazazizoo.com and ads.zazazizoo.com appeared in blacklist again  :(
We had banned our advertiser who redirected users to harmful code via his affiliate program. We suppose that domains zazazizoo.com and ads.zazazizoo.com appeared in blacklist because of him.
Now it should be clean. Please recheck.

Thanks,
Oleg

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33938
  • malware fighter
Re: avast blacklisted my domain (false positive)
« Reply #14 on: February 10, 2014, 02:15:26 PM »
Site seems safe: http://www.scamvoid.com/check/zazazizoo.com & ThreatSTOP: There are no threats here
And is no longer being blocked by avast!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!