Author Topic: Keep getting web-infection blocked notifications  (Read 19999 times)

0 Members and 1 Guest are viewing this topic.

tom.vanhee@euphonynet.be

  • Guest
Keep getting web-infection blocked notifications
« on: December 15, 2014, 06:24:02 PM »
Starting today, I've gotten 3 notifications about web-infections being blocked.
What's going on? I'm not even visiting fishy websites.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 47044
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Keep getting web-infection blocked notifications
« Reply #1 on: December 15, 2014, 06:33:23 PM »
Welcome to the forum.
Remember that today's good site can be tomorrows infected site.
You can always report the website to Avast if you think the detection is incorrect.
If you'd like someone to look into the problem further, you can post the link that's detected here
but do not make it a clickable link, Change http to hxxp or www to wxx when you post the link.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, Avast One 21.11, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bi

tom.vanhee@euphonynet.be

  • Guest
Re: Keep getting web-infection blocked notifications
« Reply #2 on: December 15, 2014, 06:37:56 PM »
Welcome to the forum.
Remember that today's good site can be tomorrows infected site.
You can always report the website to Avast if you think the detection is incorrect.
If you'd like someone to look into the problem further, you can post the link that's detected here
but do not make it a clickable link, Change http to hxxp or www to wxx when you post the link.

It happened on 3 websites in one day, and it usually never happens.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86526
  • No support PMs thanks
Re: Keep getting web-infection blocked notifications
« Reply #3 on: December 15, 2014, 07:27:42 PM »
If you can also attach a screen of the avast alert window, it will give more of an idea of what the detection is.

If it has happened today and you haven't rebooted or had a different avast popup, then you can right click the avast tray icon and select 'Show last popup message'.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

tom.vanhee@euphonynet.be

  • Guest
Re: Keep getting web-infection blocked notifications
« Reply #4 on: December 15, 2014, 07:36:15 PM »
If you can also attach a screen of the avast alert window, it will give more of an idea of what the detection is.

If it has happened today and you haven't rebooted or had a different avast popup, then you can right click the avast tray icon and select 'Show last popup message'.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86526
  • No support PMs thanks
Re: Keep getting web-infection blocked notifications
« Reply #5 on: December 15, 2014, 08:00:48 PM »
It looks like some advertising banner add is going to a site considered malicious (URL:Mal) by avast. This usually means that the site is on some block list. Presumably you were at another site that displays ads.

Is this basebanner.com reflected in the other alerts that you have had ?

This could be a form of ads poisoning is becoming more frequent.

I use the firefox adblockplus add-on, so generally I don't see these ads and subsequently avast alerts if an ad site is compromised.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

tom.vanhee@euphonynet.be

  • Guest
Re: Keep getting web-infection blocked notifications
« Reply #6 on: December 15, 2014, 08:03:20 PM »
It looks like some advertising banner add is going to a site considered malicious (URL:Mal) by avast. This usually means that the site is on some block list. Presumably you were at another site that displays ads.

Is this basebanner.com reflected in the other alerts that you have had ?

This could be a form of ads poisoning is becoming more frequent.

I use the firefox adblockplus add-on, so generally I don't see these ads and subsequently avast alerts if an ad site is compromised.

Yeah, site had ads.
One was dailymotion, the other was a wikia.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86526
  • No support PMs thanks
Re: Keep getting web-infection blocked notifications
« Reply #7 on: December 15, 2014, 08:35:16 PM »
It is difficult to say if this is a random case of ads-poisoning or if there happens to be something in your browser trying to connect to malicious/hacked sites.

This will probably need the skills of one of the malware removal specialists, I will try to get one to take a look at this and they will advise on what the next stage is.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

tom.vanhee@euphonynet.be

  • Guest
Re: Keep getting web-infection blocked notifications
« Reply #8 on: December 15, 2014, 09:27:39 PM »
It is difficult to say if this is a random case of ads-poisoning or if there happens to be something in your browser trying to connect to malicious/hacked sites.

This will probably need the skills of one of the malware removal specialists, I will try to get one to take a look at this and they will advise on what the next stage is.
Will do a Malwarebytes scan tomorrow. Will keep you guys updated.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40605
  • Dragons by Sasha
    • Malware fixes
Re: Keep getting web-infection blocked notifications
« Reply #9 on: December 15, 2014, 09:44:31 PM »
It could be ad poisoning but if you are still having problems I could take a look for you

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6710
  • Trust only what you test yourself!
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33593
  • malware fighter
Re: Keep getting web-infection blocked notifications
« Reply #11 on: December 16, 2014, 02:59:27 AM »
Site is unsafe and has privacy issues...as Para-Noid has already clearly established.
Some additional info to get that picture somewhat more complete and where the real issue lies is a "http - https redirect"
basebanner com is trying to redirect to basebanner dot com/blank.html
Flagged by Bitdefender TrafficLight as malicious.
Google Safebrowsing does not flag now: http://www.google.com/safebrowsing/diagnostic?site=basebanner.com
Did not follow redirect to http://158.85.47.164-static.reverse.softlayer.com/blank.html
The plain HTTP request was sent to HTTPS port  SSL teracreative dot com -
Had a history of trojans: http://google.cn/safebrowsing/diagnostic?site=teracreative.com/
The specified URL does a non search engine friendly redirect to another page....(24 pages do a 302 (temp) redirect.
Nameserver issues: http://www.dnsinspect.com/basebanner.com/1418694696
The https site has privacy issues: http://www.uploady.com/#!/download/xhL_JQbJSQT/VyjzWt~mABywNd9w
Net_err_cert_common_mame_invalid - only correct autocomplete settings - Form element of type 'url', child of <form> '_f'

polonus
« Last Edit: December 16, 2014, 03:08:21 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

tom.vanhee@euphonynet.be

  • Guest
Re: Keep getting web-infection blocked notifications
« Reply #12 on: December 16, 2014, 09:02:20 AM »
I know Amazon is known for leaving cookies so they can target ads, but I delete my cookies daily.
Will do a Malwarebytes scan in a bit.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33593
  • malware fighter
Re: Keep getting web-infection blocked notifications
« Reply #13 on: December 16, 2014, 03:45:23 PM »
Hi tom.vanhee,

What can be said about the IP and site is that it is known as a PHISH: https://www.virustotal.com/nl/url/b2fbe7a26aa6ad23442961c3e335cfdee2590a5723bc6efe0a729029c0b4dd5d/analysis/
This scan is also rather conclusive: Domain Name: 158.85.47.164-static.reverse.softlayer.com
URL Tested: htxps://158.85.47.164-static.reverse.softlayer.com
Number of items downloaded on page: 1

   SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:
ERROR: certificate common name '*.teracreative.com' doesn't match requested host name '158.85.47.164-static.reverse.softlayer.com'.
   Certificate valid through: May 22 19:54:42 2017 GMT
Certificate Issuer: GoDaddy.com, Inc.
SSL Protocols Supported: SSLv3 TLSv1 TLSv1.1 TLSv1.2
   Server supports SSLv3, may be vulnerable to POODLE attack. It is suggested to disable the SSLv3 protocol.
Server certificate
   Total number of items: 1
Number of insecure items: 1
Insecure URL: htxp://158.85.47.164-static.reverse.softlayer.com/blank.html

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86526
  • No support PMs thanks
Re: Keep getting web-infection blocked notifications
« Reply #14 on: December 16, 2014, 03:55:20 PM »
I know Amazon is known for leaving cookies so they can target ads, but I delete my cookies daily.
Will do a Malwarebytes scan in a bit.

Personally I would take essexboy up on his offer (if you are still having problems) to run some analysis tools to see what is what.

It could be ad poisoning but if you are still having problems I could take a look for you

MalwareBytes may not be enough for a detailed analysis. After you have attached that log, check out this topic "Logs to assist in cleaning malware" https://forum.avast.com/index.php?topic=53253.0 and run the next tool Farbar Recovery Scan Tool (FRST) and attach the log in this topic. Then wait for essexboy to check out the logs and give further instructions.


Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security