Author Topic: Blocked URL - false positive  (Read 2224 times)

0 Members and 1 Guest are viewing this topic.

abozhilov

  • Guest
Blocked URL - false positive
« on: January 04, 2014, 12:12:52 PM »
Avast has blocked an URL and reports it as a malware. The site is free of any viruses and malwares.
The main URL is: http://pornvax.com/
Any help?
Thanks.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Blocked URL - false positive
« Reply #1 on: January 04, 2014, 12:20:35 PM »
you dont tell us what avast say ?

if it is URL:mal it means the url and/or IP is on a Blacklist for whatever reason.....it does not have to be infected

Blacklisted by AVG here   http://www.urlvoid.com/scan/pornvax.com/
http://www.avgthreatlabs.com/website-safety-reports/domain/pornvax.com/

Blacklisted by Kaspersky here  https://www.virustotal.com/nb/url/4760f63d21ec10ca2f51ef88434497190fdb1dc4c9412c221a4acf22989659e7/analysis/1388834414/

IP blacklisted here http://www.apews.org/?

Quote
CASE: C-131
Unallocated CIDR, no traffic until allocated,
or allocated to bad reputation provider
or allocated but dynamic / generically named IPs,
or bogons, see www.cidr-report.org,
or orphaned IP / CIDR in routing table


« Last Edit: January 04, 2014, 12:25:10 PM by Pondus »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Blocked URL - false positive
« Reply #2 on: January 04, 2014, 12:24:49 PM »
Not the site is blocked, but the IP since it is blacklisted.
Wevsicherheit reports:
Suspicion of Spam
link" href="#" onclick="return porno.nav.showhide()">categories</a> </div> </div> <!--end hea...

http://zulu.zscaler.com/submission/show/5717ccdaa0a76204582a5ac17d30649f-1388834220
http://168.144.32.45/blacklist/bl/184.105.235.125/#_

You can make a request to allow the site through http://www.avast.com/contact-form.php
« Last Edit: January 04, 2014, 12:47:58 PM by Eddy »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Blocked URL - false positive
« Reply #3 on: January 04, 2014, 12:27:14 PM »
Porn sites does not have the best of reputation ...so   ;)

Quttera say suspicious   http://quttera.com/detailed_report/pornvax.com


abozhilov

  • Guest
Re: Blocked URL - false positive
« Reply #4 on: January 04, 2014, 12:40:22 PM »
@Pondus
The problem with Quttera I have already fixed. Did you see the suspicious parts? It was meta refresh tag, because I have conditionally redirect the users based on their referrer. Anyway, now that URL returns always 302 status code.

Well, what is the solution in my case? I should change my hosting provider or the domain name or both?

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Blocked URL - false positive
« Reply #5 on: January 04, 2014, 12:48:14 PM »
Change the IP, since it's the thing blacklisted. Btw, it being a Porn Site is not helping anything.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Blocked URL - false positive
« Reply #6 on: January 04, 2014, 12:48:40 PM »
Quote
Well, what is the solution in my case? I should change my hosting provider or the domain name or both?
No idea ....i just gave you the info found online

to unblock from avast you can report it here  http://www.avast.com/contact-form.php 
you may give a link to this topic in case they reply here




Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: Blocked URL - false positive
« Reply #7 on: January 05, 2014, 05:43:45 PM »
Web security rest spam test for  htxp://pornvax.com/ ->Suspicion of Spam

ink" href="#" onclick="return porno.nav.showhide()">categories</a> </div> </div> <!--end hea...
Site gives excessive header info and is vulnerable to clickjacking.
no script hick-ups: http://jsunpack.jeek.org/?report=d032422d9d83906ebba7a341e027bc6ab050639c

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!