Avast scanning my website?

Hello there,

I am the owner of a website. I use an external service called StatCounter to log visits to my website and collect additional information about the user’s visit.

I opened my Daily Analytics Report this morning to find that I had 19 website visits yesterday from the ISP Avast Software S.r.o. from the country Czech Republic. I looked further into these visits and StatCounter is saying that there is no referring link - just like a user entered the web address manually and did not get referred from any other page on my website or by anything else such as Google.

The page that was requested was a private (email and password protected page) on my staff Extranet that should not be listed anywhere on the internet. The directory is not even visible on my website and you can’t get to the link unless you manually know the URL and type it in.

The last couple of weeks has also shown some visits from the ISP Avast Software S.r.o. from the country Czech Republic and I am unable to find any information online about this.

Any information about what this could potentially be would be much appreciated.

Many Thanks,
Andrew.

Very simple explanation is that the user who visited your website uses Avast Antivirus and the part of that protection that monitors and checks web activity checked your website before allowing the user access.

And where do you think your StatCounter Dublin (Ireland) data go?
Without sharing data the Internet would not be feasable.

An av solution that is functional should have for instance a web rep scanner, that scans websites for reputation
and eventually blocks users from visiting suspicious and/or malicious websites,
but it also has to establish this in real time for users
(and that particular user can also be an internal user visiting a uri).

polonus

I see what you mean and this is what I originally thought. I get around 100k website visits on a daily basis according to StatCounter and other sources but why only one visitor with the ISP Avast? I should also state that the webpage that was accessed is protected with authentication and has been around for 3+ years - It has never shown up as accessed by a third party before and after the 2 years of looking through analytics why would I suddenly start seeing random visits from Avast’s ISP? I have had millions of website visits and only around 200 of them are Avast.

I understand what you mean, but would’t you think I would’ve seen Avast coming up alot sooner and more regular? I don’t see Avast everyday and when I do see it there are no more than 3 unique visits.

Many Thanks.

Hi, just as a side note, Avast is no ISP.

Hi,

That is what originally made me create this topic. I knew that Avast wasn’t an Internet Service Provider but my StatCounter logs claim that it is. Please see the attached image.

Any IPs…?

Attached is a screenshot of the most recent visit from Avast Software S.r.o. The IP Address is 195.74.76.194.

Many Thanks.

Could also be someone using Avast Secure Browser in sito.
Could be an avast extension inside a Chrome browser in sito.

There are many possibilities why a network should contact an avast service address of sorts once in a while.
We do not know what’s on your network, so we cannot establish it,
you should ask an avast team member as we here are just volunteer forum members.

This is in the line of what they normally do;
see: https://webcookies.org/cookies/avast.com/21520
and you can get rather good idea of the degree of privacy impact of their visits - E grade /
according to this privacy and security report.

The avast website uses the following advertisement publisher ids:

GTM-PZ48F8 (-www.googletagmanager.com)
34150835 (-metrika.yandex.ru)
GTM-ID (-www.googletagmanager.com)

It is hardly an issue to evade some sort of tracking nowadays,
as we all came to live under some sort of global adtracking surveillance in modern times. (Google, yandex, facebook).

For the particular IP address you provided, see: https://toolbar.netcraft.com/site_report?url=r-194-076-074-195.avast.com
Spamhaus flags that IP: https://www.virustotal.com/gui/url/bc7d85d9ba1103589323d3331270e05090167b508244bca1fa283b7474f0b04b/detection
IP flagged twice latest on 2019-11-18
2
/ 55
Text
85c3c2d4bd03f12abf9f80385726ec59cd93ffe83109f57d226d1a72f87d98dCould well be a FP because exotic solution flags it:
https://www.virustotal.com/gui/file/85c3c2d4bd03f12abf9f80385726ec59cd93ffe83109f57d226d1a72f87d98dc/detection
and AegisLab detects as Trojan.Script.Cryxos.4!c

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)