REALLY FED UP with Avast Blocking me from going to BUSINESS Partner websites!

[allenergy11]

This is the 2nd time in 1 month.

Last one took 3 weeks (or more) to get the Polish language help (why isn't there an ENGLISH version - I can't understand Polish and did not know what I was clicking when working with support!)  CREATE AN ENGLISH LANGUAGE VERSION OF SITE ASAP avast! (at least the rep spoke English, but I had a tough time trying to navigate or use the site in Polish!)

Another website, showing CLEAN CLEAN CLEAN in Virus Total and Securi is being blocked by Avast aggressiveness. 
http://parentstoolbox.com

 I am invited to do a venture with her and I need to reply ASAP.  But I can't VIEW the site to see what this venture looks like! 

REALLY ANNOYED with avast!   I do NOT have time for this garbage. If it continues I will have to ditch avast (and get a refund for unused time) and find something else that does not hinder my navigating on the web to work!

The DNS for this site http://www.parentstoolshop.com/ is probably hosted on that "afraid.org" site that avast doesn't like.  Avast decides to block EVERYTHING with DNS hosted there is automatically full of malware according to avast.   Can someone verify that this is the case?

Avast should NOT create such a stupid "blanket rule".  Instead actually TEST the sites before you block them - what a concept!

I need this unblocked NOW and need access to this site.
I  DREAD having to waste time trying to figure out how to post on that non English support site.  Can someone here do something to get this unblocked?  How do I call in Avast staff?  They can understand the Polish language site and get things done.

And please know that this is NOT MY SITE OR DOMAIN that I am being blocked from accessing.  It belongs to a business colleague I don't know well who is offering me a business opportunity to participate in a list building venture.  It is not my place to tell her to change her website hosting or DNS hosting.  So don't bother to ask me to do so.

Thank you for ANY and ALL help!


 

[Pondus]

The DNS for this site http://www.parentstoolshop.com/ is probably hosted on that "afraid.org"

Nope, not at afraid.org

what is worst, False Positives or Undetected and infected?


IP history ... click more button under list(s) for more info  https://www.virustotal.com/en/ip-address/208.91.197.26/information/


IPvoid

IP ADDRESS: 208.91.197.26

We have found in our database of already analyzed websites that there are 6138 websites hosted in the same web server with IP address 208.91.197.26 and IP hostname 208.91.197-26.confluence-networks.com. Remember that it is not good to have too many websites located in the same web server because if a website gets infected by malware, it can easily affect the online reputation of the IP address and also of all the other websites.

How do I call in Avast staff?

avast support   https://support.avast.com/support/home
Contact support  https://support.avast.com/support/tickets/new

[allenergy11]

 Hi Pondus,

I'm surprised it is not afraid.org.  Must be another one!
There are too many false positives lately with this latest avast!  Stupid ones too.   Avast! algorithm is not checking or testing, it's "LUMPING" according to common denominators with websites.  That is a bad and inaccurate practice that does not protect, but does cause a lot of grief. 

 Avast doesn't bother to check, just "lumps websites with others" depending on where they are hosted.  There is NO malware here. Avast! has better engineers and developers than that, they need to write some new algorithms.

When I get a business opportunity I need to RESPOND quickly or lose the chance.  I don't have time to play with the Polish language help site for 3 weeks.  I have 9 days to submit an application to be a part of this holiday event.  There are 50 slots, she is inviting hundreds.   I can't see what I am applying to be a part of!  I may not be interested! 

Here are screenshots from avast! , VirusTotal and Securi attached.

How do I get this CLEARED?  Without dealing with the Polish site?  I did submit a False positive report, but that will not even be considered until Avast decides to do a 'review' or whatever they called it. 

Thank you for any and all help!

[Pondus]

There is NO malware here.

There are many reasons for blacklisting, not only infected

example: here are the classifications used by hpHosts, and as you will see, there is more then one
hpHosts Classification Explanation   http://hosts-file.net/?s=classifications

[Pondus]

Last one took 3 weeks (or more) to get the Polish language help (why isn't there an ENGLISH version - I can't understand Polish and did not know what I was clicking when working with support!)  CREATE AN ENGLISH LANGUAGE VERSION OF SITE ASAP avast! (at least the rep spoke English, but I had a tough time trying to navigate or use the site in Polish!)

Not sure what site you mean .... do you have a link?

[allenergy11]

Pondus what you've shown with that extended report on Virus total shows that SOME SITE on that server has tested pos for malware recently.  BUT NOT THIS SITE I AM TRYING TO GET TO.   Avast doesn't test sites... they "lump everything on a server or DNS" together.   That is terrible and results in too many false positives that interrupt the flow of business and life and it needs to be stopped.  Avast needs to run a quick TEST on the actual site trying to be accessed to determine if it needs to be blocked.

Maybe I should contact Lukas Hasik directly, I have his email and he invited me to contact him if there is anything he can help with.  I'm sure he could get support to act quickly.  I will send an email to him before trying to work with the support site.

And.. the links to support you posted are the same as the Polish language site.  Reps speak English, whole site is in Polish so submitting tickets is very tricky and involves a lot of guess work.  Since nearly every country speaks some English (maybe badly) an English version of this site needs to be created.

The DNS for this site http://www.parentstoolshop.com/ is probably hosted on that "afraid.org"

Nope, not at afraid.org

what is worst, False Positives or Undetected and infected?


IP history ... click more button under list(s) for more info  https://www.virustotal.com/en/ip-address/208.91.197.26/information/


IPvoid

IP ADDRESS: 208.91.197.26

We have found in our database of already analyzed websites that there are 6138 websites hosted in the same web server with IP address 208.91.197.26 and IP hostname 208.91.197-26.confluence-networks.com. Remember that it is not good to have too many websites located in the same web server because if a website gets infected by malware, it can easily affect the online reputation of the IP address and also of all the other websites.

How do I call in Avast staff?

avast support   https://support.avast.com/support/home
Contact support  https://support.avast.com/support/tickets/new

[allenergy11]

he he Pondus!  You helped me with that one too!  It was http://modeleskincare.com   I got access to it just in time to be greated with that they are updating the site and I can't access it.  Hopefully they are done, I haven't had chance to check back this week.  You discovered it was hosted on afraid.com

Last one took 3 weeks (or more) to get the Polish language help (why isn't there an ENGLISH version - I can't understand Polish and did not know what I was clicking when working with support!)  CREATE AN ENGLISH LANGUAGE VERSION OF SITE ASAP avast! (at least the rep spoke English, but I had a tough time trying to navigate or use the site in Polish!)

Not sure what site you mean .... do you have a link?

[Pondus]

And.. the links to support you posted are the same as the Polish language site.

when i click the link i get english language ...

and avast team is looking at this case as we speak

[HonzaZ]

Hi,
I can only answer the technical details here .

Another website, showing CLEAN CLEAN CLEAN in Virus Total and Securi is being blocked by Avast aggressiveness. http://parentstoolbox.com

We do not block parentstoolbox.com.

The DNS for this site http://www.parentstoolshop.com/ is probably hosted on that "afraid.org" site that avast doesn't like.  Avast decides to block EVERYTHING with DNS hosted there is automatically full of malware according to avast.   Can someone verify that this is the case?

Parentstoolshop.com we do block, yes. It is not hosted on afraid.org - why did you make such connection?
Also, we do not block everything hosted on afraid.org, we only block the domains that host malware. Why did you think we just carpet bomb whole hosting? That does not make any sense... That is like blocking every .exe file just because it can potentionally be malicious.
Back to parentstoolshop.com - we block it because it hosted Angler EK - the worst kind of malicious files on the web, capable of infecting users without them even clicking or touching anything. So no, I am sorry about you not being able to view your business partner's website, but we try to protect our users (you included), and we will not unblock it before the owners/admins tell us they cleaned the domain.

[Pondus]

A closer look at the Angler exploit kit   
https://blogs.sophos.com/2015/07/21/a-closer-look-at-the-angler-exploit-kit/
http://searchsecurity.techtarget.com/news/4500252405/Angler-EK-and-Flash-zero-days-make-malvertising-more-effective

[polonus]

See also the VT report for that IP's badness history: https://www.virustotal.com/nl/ip-address/208.91.197.26/information/
Another minor issue I also see this adblock circumventing adblockkey at -parentstoolbox.com
adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_PMLRQ2tMYsRYkOrZ6lLwJSYchu9yJqGnURNuMw3ynkui2QHLwPHv+STi0BLhlhoXtCS5qZX+buTFGc6Qyrys6w==" >(such adblockkey's are also used to whitelist ads from parked domains etc.).
As this site now comes served up from -http://imptestrm.com/rg-erdr.php?_dnm=parentstoolbox.com&_cfrg=1&_drid=as-drid-2300300503455222

polonus

[allenergy11]

Hi HonzaZ  (EDIT:   I see it is my sloppy rushing posts that typed parentstoolbox.com first time and then parentstoolshop.com the second.  It is the SHOP I need released - it is a false positive.  You will see the Avast warning in my jpg above.

YES!!!  YES!  Avast is blocking parentstoolshop.com  Pls see my attached jpgs above showing this.  The one Avast_stupid is a screenshot of the popup that identifies the infection only as "mal" nothing in other words for the domain parentsTOOLSHOP.com.

Avast! is PROBABLY blocking ParentsTOOLSHOP.com because it is SIMILAR to parentsTOOLBOX.com the infected site. That is NOT satisfactory. 
This is  personal development site and a personal development joint venture giveaway.  The site is on the up and up and NOT hosting malware. 

I am glad that Avast! is working on releasing this site from the block list currently.  ParentsTOOLSHOP.com is the site I need unblocked. 
The afraid.com info came from Mr. Pondus, who was very helpful pointing out that the last site (4 weeks ago) that Avast blocked was hosted on afraid.com.  Supposedly avast blocks websites hosted on afraid because they have a rep for  hosting sites infected with malware.

And Pondus... for some reason, when I filed my original ticket (normal site, in English) and got a reply from a rep, the whole site was now in Polish or another similar language.  I had a really tough time navigating it naturally since I don't understand any Polish.  I'm lucky I didn't click on any wrong things and delete my posts.  It was a guess with every click.

Hi,
I can only answer the technical details here .

Another website, showing CLEAN CLEAN CLEAN in Virus Total and Securi is being blocked by Avast aggressiveness. http://parentstoolbox.com

We do not block parentstoolbox.com.

The DNS for this site http://www.parentstoolshop.com/ is probably hosted on that "afraid.org" site that avast doesn't like.  Avast decides to block EVERYTHING with DNS hosted there is automatically full of malware according to avast.   Can someone verify that this is the case?

Parentstoolshop.com we do block, yes. It is not hosted on afraid.org - why did you make such connection?
Also, we do not block everything hosted on afraid.org, we only block the domains that host malware. Why did you think we just carpet bomb whole hosting? That does not make any sense... That is like blocking every .exe file just because it can potentionally be malicious.
Back to parentstoolshop.com - we block it because it hosted Angler EK - the worst kind of malicious files on the web, capable of infecting users without them even clicking or touching anything. So no, I am sorry about you not being able to view your business partner's website, but we try to protect our users (you included), and we will not unblock it before the owners/admins tell us they cleaned the domain.

[allenergy11]

OK  HonzaZ .. I am confused parentstoolshop.com hosted this dangerous ANGLER malware?  Or parentstoolbox.com hosted it?  Parentstoolshop.com is a personal development site and her business comes through that site.  She could not survive if she were launching malware at visitors. 

IF you are saying that parentsTOOLSHOP.com has hosted this dangerous malware and you have no evidence they cleaned the site.  I will NOT do the venture with her.  I will write and tell her why.  I will not send 8-10,000 people to a visit a site that is potentially hosting malware for some free gifts.  Happy Holidays.. NOT!

What should I tell this woman about the malware that had been on parentstoolshop.com and what do they need to do to prove the site has been cleaned.   I will draft an email later.  Let me know how to present it to her, she like me is not techy.

Hi HonzaZ  (EDIT:   I see it is my sloppy rushing posts that typed parentstoolbox.com first time and then parentstoolshop.com the second.  It is the SHOP I need released - it is a false positive.  You will see the Avast warning in my jpg above.

YES!!!  YES!  Avast is blocking parentstoolshop.com  Pls see my attached jpgs above showing this.  The one Avast_stupid is a screenshot of the popup that identifies the infection only as "mal" nothing in other words for the domain parentsTOOLSHOP.com.

Avast! is PROBABLY blocking ParentsTOOLSHOP.com because it is SIMILAR to parentsTOOLBOX.com the infected site. That is NOT satisfactory. 
This is  personal development site and a personal development joint venture giveaway.  The site is on the up and up and NOT hosting malware. 

I am glad that Avast! is working on releasing this site from the block list currently.  ParentsTOOLSHOP.com is the site I need unblocked. 
The afraid.com info came from Mr. Pondus, who was very helpful pointing out that the last site (4 weeks ago) that Avast blocked was hosted on afraid.com.  Supposedly avast blocks websites hosted on afraid because they have a rep for  hosting sites infected with malware.

And Pondus... for some reason, when I filed my original ticket (normal site, in English) and got a reply from a rep, the whole site was now in Polish or another similar language.  I had a really tough time navigating it naturally since I don't understand any Polish.  I'm lucky I didn't click on any wrong things and delete my posts.  It was a guess with every click.

Hi,
I can only answer the technical details here .

Another website, showing CLEAN CLEAN CLEAN in Virus Total and Securi is being blocked by Avast aggressiveness. http://parentstoolbox.com

We do not block parentstoolbox.com.

The DNS for this site http://www.parentstoolshop.com/ is probably hosted on that "afraid.org" site that avast doesn't like.  Avast decides to block EVERYTHING with DNS hosted there is automatically full of malware according to avast.   Can someone verify that this is the case?

Parentstoolshop.com we do block, yes. It is not hosted on afraid.org - why did you make such connection?
Also, we do not block everything hosted on afraid.org, we only block the domains that host malware. Why did you think we just carpet bomb whole hosting? That does not make any sense... That is like blocking every .exe file just because it can potentionally be malicious.
Back to parentstoolshop.com - we block it because it hosted Angler EK - the worst kind of malicious files on the web, capable of infecting users without them even clicking or touching anything. So no, I am sorry about you not being able to view your business partner's website, but we try to protect our users (you included), and we will not unblock it before the owners/admins tell us they cleaned the domain.

[HonzaZ]

Avast is blocking parentstoolshop.com  Pls see my attached jpgs above showing this.  The one Avast_stupid is a screenshot of the popup that identifies the infection only as "mal" nothing in other words for the domain parentsTOOLSHOP.com.

Yes, I believe you. We do block it.

Avast! is PROBABLY blocking ParentsTOOLSHOP.com because it is SIMILAR to parentsTOOLBOX.com the infected site. ... The site is on the up and up and NOT hosting malware.

No, we do not block it because it is similar to another site, we block it because there was a landing page for Angler EK, as I pointed earlier. This is a direct contradiction to "not hosting malware".

I am glad that Avast! is working on releasing this site from the block list currently.

We are not. We need the owners to clean up the mess after the infection (update all systems, change passwords, ...), then let us know and we will be more than happy to unblock it.

Supposedly avast blocks websites hosted on afraid because they have a rep for  hosting sites infected with malware.

We do block many domains on afraid.org, but only those that we spotted malware on.

[HonzaZ]

OK  HonzaZ .. I am confused parentstoolshop.com hosted this dangerous ANGLER malware?  Or parentstoolbox.com hosted it?

We spotted malware on parentstoolshop.com, which is the only URL that we block.

Parentstoolshop.com is a personal development site and her business comes through that site.  She could not survive if she were launching malware at visitors. IF you are saying that parentsTOOLSHOP.com has hosted this dangerous malware and you have no evidence they cleaned the site.  I will NOT do the venture with her.  I will write and tell her why.  I will not send 8-10,000 people to a visit a site that is potentially hosting malware for some free gifts.

Keep in mind that this is not intentional - her domain/website was infected (misused) by the bad guys to serve malware. There is 99 % chance that she doesn't have a slightest idea that this actually happened.