« previous next »
Pages: [1]   Go Down

Author Topic: http://fga5050.viewcontact.com/dc/...  (Read 2345 times)

0 Members and 1 Guest are viewing this topic.

TedZeck

  • Guest
http://fga5050.viewcontact.com/dc/...
« on: January 14, 2014, 01:46:55 AM »
URL:MAL and it points to htxp://fga5050.viewcontact.com.

I read somewhere else that this is a common false positive in avast!...what to do???
« Last Edit: January 15, 2014, 11:25:33 AM by Milos »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37583
  • Not a avast user
Re: http://fga5050.viewcontact.com/dc/...
« Reply #1 on: January 14, 2014, 02:27:06 AM »
and why is it a false positive?

IP adress for that URL is on 4 blacklists

Quote
Special Reason:
Only the ASN/CIDR owner can solve this listing by actioning FAQ 42 apews.org SHUTDOWN BOTS, ZOMBIES, NET ABUSE
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37583
  • Not a avast user
Re: http://fga5050.viewcontact.com/dc/...
« Reply #2 on: January 14, 2014, 02:28:27 AM »
when do you see this.... you dont give any info
Logged

TedZeck

  • Guest
Re: http://fga5050.viewcontact.com/dc/...
« Reply #3 on: January 14, 2014, 03:31:03 PM »
It just pops up...about 10 of them...on the right side of the screen.  Scans don't find anything.  I've cleaned out cookies several times.  What keeps telling my Macs to access that site???
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37583
  • Not a avast user
Re: http://fga5050.viewcontact.com/dc/...
« Reply #4 on: January 14, 2014, 03:54:02 PM »
Quote
What keeps telling my Macs to access that site???
so this is a Mac? .... if so, sorry the malware experts here and there tools only work on windows computers

Mac forum section is here.   http://forum.avast.com/index.php?board=5.0

« Last Edit: January 14, 2014, 04:14:14 PM by Pondus »
Logged

TedZeck

  • Guest
Re: http://fga5050.viewcontact.com/dc/...
« Reply #5 on: January 14, 2014, 04:11:46 PM »
Okay, thanks.  I used the link you provided.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: http://fga5050.viewcontact.com/dc/...
« Reply #6 on: January 14, 2014, 11:21:36 PM »
Well that link is now non-malicious: https://www.virustotal.com/nl/url/be19cbc10a7628f3018bb496cdc4fdc7320036e329587221b0edd22017beade1/analysis/1389737102/
It was attacked via malcode that probed: http://fga5050.viewcontact.com/test404page.js  -> http://jsunpack.jeek.org/?report=e336932f55bf9b031f86b9bc886c981c55117e39  (not found on server)
We see excessive header warning: System Details:
Running on: Apache/2.2.10
System info: (Linux/SUSE) mod_ssl/2.2.10 OpenSSL/0.9.8k
clickjacking warning and HTTP only cookies warning as general insecurities.
Site doesn't have a title and disallows entries via robot.txt
But this is a known PHISHING site: http://support.clean-mx.de/clean-mx/phishing.php?id=3691755
See: http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://www.fga5050.viewcontact.com/&uag=MSIE+8.0+Trident&ref=http://www.google.com&aen=&req=GET&ver=1.1&fmt=AUTO
The site database is unavailable -> http://jsunpack.jeek.org/?report=d4d1a856f1242c62c45a81a2df655b0bfb925f5f

In opening GET via webbug I get an alert from avast! Webshield as object://17.0.0.1/ detected as URL:Mal.
and also does this for other scanners.
Found to be benign here: http://zulu.zscaler.com/submission/show/0683cdf3c838e62c334fb2b660523984-1389737982
Indefined here: http://urlquery.net/report.php?id=8813829

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »