Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Site bloqué: Faux positif ?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Site bloqué: Faux positif ? (Read 2184 times)
0 Members and 1 Guest are viewing this topic.
jc59
Jr. Member
Posts: 65
Site bloqué: Faux positif ?
«
on:
July 09, 2016, 10:36:36 AM »
Hello,
http://149.5.224.188
??
Avast blocks this URL ... I thank you in advance for kindly confirm that this URL is malicious.
Have a good day
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33955
malware fighter
Re: Site bloqué: Faux positif ?
«
Reply #1 on:
July 09, 2016, 01:28:38 PM »
Better to ask us which of the 80 domains that share this one and the same IP?
Probably a general IP block because of such a situation.
A further answer to your question can be found here:
https://www.virustotal.com/en/ip-address/149.5.224.188/information/
One flag:
https://www.virustotal.com/en/url/061b61e3c78561532552921287d2fb47ba0daa2f061a9a60440e9de4d3a1e74b/analysis/
This malware is detected by Avast e.o.: HTML:Iframe-BQA [Trj]
Here we see very spurious info:
http://toolbar.netcraft.com/site_report?url=http%3A%2F%2F149.5.224.188
Here pages are being blocked because cross-site scripting is detected!
In that case there is PSINet, Inc. abuse.
And then here it is very clear about what kind of abuse we are talking:
http://toolbar.netcraft.com/site_report?url=r62.mail.maxns.net
And again GoDaddy in the middle of the web with this abuse by -exotic.web -> ahlaejaba dot com active in slip-spam.
polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
jc59
Jr. Member
Posts: 65
Re: Site bloqué: Faux positif ?
«
Reply #2 on:
July 09, 2016, 06:41:42 PM »
Hello Polonus,
Thank you for this information...
I can deduce that this is not a false positive and Avast does its job by blocking this IP ...
I've realized that Avast also blocked the website of the images of my forum hoster:
www.servimg.com/?lang=fr
Is this normal ... all the websites depend on the same IP malicious ranked by Avast?
Good evening and soon to read you.
Logged
jc59
Jr. Member
Posts: 65
Re: Site bloqué: Faux positif ?
«
Reply #3 on:
July 10, 2016, 10:51:36 AM »
Hello ,
It's pretty annoying that my hosting "Servimg.com" is blocked by Avast ..
Will you change your blacklist or should I put this IP exclusion ...
Thank you in advance for your response . Have a good day
«
Last Edit: July 10, 2016, 11:03:00 AM by jc59
»
Logged
HonzaZ
Avast team
Advanced Poster
Posts: 1038
Re: Site bloqué: Faux positif ?
«
Reply #4 on:
July 10, 2016, 12:20:28 PM »
Hi, this was a false positive and has already been removed from our blacklist. Could you try updating Avast and restarting shields/Avast?
Logged
jc59
Jr. Member
Posts: 65
Re: Site bloqué: Faux positif ?
«
Reply #5 on:
July 10, 2016, 12:39:14 PM »
Hello HonzaZ,
A big thank you for your response ... apparently everything is back to normal!
thank you to the team of Avast!
Have a good day !
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Site bloqué: Faux positif ?