Avast blacklist

system · August 12, 2016, 10:06am

Hi,
Could you please explain why avast has blacklisted http://t-lesark.com ?
sucuri says about suspicions domain hotlog.ru, but it’s quite popular counter.

Thanks,
Sergey

Eddy · August 12, 2016, 10:21am

Populair or not doesn’t matter.

Here is a very strong clue on why it is blocked :
https://sitecheck.sucuri.net/results/t-lesark.com

Here is a very strong clue on why the IP is (or at least should be) blocked :
http://urlquery.net/report.php?id=1470997275450

Pondus · August 12, 2016, 10:26am

Also Blacklisted by Bitdefender
https://virustotal.com/nb/url/d3ebceb99a84299b525710a569fd3fad31f84ed814a8a7574b71b4468a65b57f/analysis/1470997352/

HonzaZ · August 12, 2016, 11:53am

t-lesark[.]com was actually blocked because of a DNS hijack - if you use afraid.org, be sure to pay for a stealth account, or anyone can create domains without your consent (yes, even if you set your account to “private” - you need to have “stealth”).

system · September 12, 2016, 6:28pm

Hi,
I’ve changed the DNS hosting, so DNS hijack should not be a problem now. Could you please unblock it?

Eddy · September 12, 2016, 7:03pm

Infected :
https://sitecheck.sucuri.net/results/t-lesark.com

Malware :
http://www.urlvoid.com/scan/t-lesark.com/
http://trafficlight.bitdefender.com/info?url=http://t-lesark.com

Blacklisted things on that ASN :
http://urlquery.net/report.php?id=1473706585253

Blacklisted :
https://www.virustotal.com/en/url/d3ebceb99a84299b525710a569fd3fad31f84ed814a8a7574b71b4468a65b57f/analysis/1473706492/

Suspicious script and link(s) to blacklisted site :
https://www.websicherheit.at/website-malware-viren-scanner/?url=t-lesark.com

The DNS was just one of the problems.
You will need to solve the others too.

polonus · September 12, 2016, 8:27pm

Some additional remarks on what Eddy reports, apart what HonzaZ remarked on the problematic afraiddor org hosting,
now left apparently.

The flagged -hit28.hotlog.ru link is still in the code, and is blocked by AdMuncher and uMatrix. *
See: -https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Ft-lesark.com%2F&ref_sel=GSP2&ua_sel=ff&fs=1
Also on VT results for IP: https://virustotal.com/en/ip-address/185.22.232.175/information/

consider: https://www.virustotal.com/en-gb/ip-address/95.163.105.110/information/
Checking for the blacklisted link I get
“VirusTotal is trying to prevent scraping and abuse, we are going to bother you with this captcha and then you can enjoy your malware hunting.”

and then after solving the captcha: https://www.virustotal.com/en-gb/url/13aa35e163d6e5fd670c074ac9dab15943cb8f820916d8c5735278cd80fe60af/analysis/
Clean as found unable to properly scan site. Content not found. blocked ||-hotlog.ru^
found in: Peter Lowe’s Ad server list (link detection dated back to 2013, that may be why).

polonus (volunteer website security analyst and website error-hunter)

HonzaZ · September 14, 2016, 8:00am

Glad to hear you changed hosting. As we do not block hotlog[.]ru, I am unblocking t-lesark[.]com now

Avast blacklist

Announcements