Author Topic: SOLVED: "Infection detected!" on non-infected page  (Read 3272 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
SOLVED: "Infection detected!" on non-infected page
« on: June 06, 2017, 01:27:42 PM »
Hey gang,

A client has a small Squarespace site - hxxps://smokestak[.]co.uk

Recently they've been getting some notifications from customers regarding Malware Warnings. The site has been inspected by Squarespace support, I have run my own scans, everything is being served over https and I have installed other malware / virus detection software (AVG and BitDefender) to check what they pickup - everything indicates that the site is clear.

Avast, however, is showing the following warning. I have seen previous posts where these types of warnings have been coming up incorrectly.

Can anyone shed any light on this / suggest a possible fix?

**The first Avast warning - http instead of https - is just from where I tested the hxxp://smokestak[.]co.uk before**

Thanks in advance.


« Last Edit: June 07, 2017, 10:21:30 AM by ben_circlepm »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: "Infection detected!" on non-infected page
« Reply #1 on: June 06, 2017, 01:33:27 PM »
You can report a URL here: https://www.avast.com/report-a-url.php
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: "Infection detected!" on non-infected page
« Reply #2 on: June 06, 2017, 03:03:11 PM »
avast doesn't say that a infection is detected.
avast says that domain and/or IP is blocked/blacklisted.

Blacklistings on that ASN/IP :
http://urlquery.net/report.php?id=1496751620674

Name mismatch with certificate 2 :
https://www.ssllabs.com/ssltest/analyze.html?d=smokestak.co.uk&s=198.185.159.144&latest

Vulnerable library found :
http://retire.insecurity.today/#!/scan/8d9b02f8862b6972cc25c522b11c12ddeb4e80178a14473dcad60890540d568b

Really bad IP history :
https://www.virustotal.com/en/ip-address/198.185.159.144/information/

My advise :
- Fix the vulnerable library problem
- Fix the certificate mismatch
- Get dedicated hosting
« Last Edit: June 06, 2017, 04:10:00 PM by Eddy »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: "Infection detected!" on non-infected page
« Reply #3 on: June 06, 2017, 04:05:19 PM »
Code: [Select]
https://smokestak.co.uk
http://smokestak.co.uk

Both are blocked by F-Secure. see attached screenshot


Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: "Infection detected!" on non-infected page
« Reply #4 on: June 06, 2017, 05:30:21 PM »
I have removed smokestak[.]co.uk from our blacklist ;)

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: "Infection detected!" on non-infected page
« Reply #5 on: June 06, 2017, 05:31:21 PM »
I hope only that site is allowed but not the entire IP.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: "Infection detected!" on non-infected page
« Reply #6 on: June 07, 2017, 09:40:34 AM »
There are thousands of unique domains on those IPs, so it is likely we will not ever block those IPs, unless more than ~50% of the domains are malicious.

REDACTED

  • Guest
Re: "Infection detected!" on non-infected page
« Reply #7 on: June 07, 2017, 10:20:09 AM »
Thanks for your help and advice guys.

Beers are on me - everything's working as it needs to.