down them all being blocked

hey guys

try to go to http://www.downthemall.net/ today and avast blocked it… any idea why?

Interesting, In investigating this, I initially got an alert, but after just getting an update it is not detected any more.

I would gather that this means that it was a false positive and the detection has been corrected. (Definitions: 100625-0)

Report 2010-06-16 04:06:57 (GMT 1)
Website downthemall.net
Domain Hash e72f9bcffaf1f18666e98879ec5610d3
IP Address 62.149.128.72 [SCAN]
IP Hostname mxd4.aruba.it
IP Country IT (Italy)
AS Number 31034
AS Name ARUBA-ASN Aruba S.p.A. - Network
Detections 1 / 18 (6 %)
Status SUSPICIOUS

Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan DETECTED
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee Trusted Source CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard CLEAN
Scanning site with: ZeuS Tracker CLEAN

Rescan of today…

Report 2010-06-25 13:39:02 (GMT 1)
Website downthemall.net
Domain Hash e72f9bcffaf1f18666e98879ec5610d3
IP Address 62.149.128.72 [SCAN]
IP Hostname mxd4.aruba.it
IP Country IT (Italy)
AS Number 31034
AS Name ARUBA-ASN Aruba S.p.A. - Network
Detections 0 / 19 (0 %)
Status CLEAN

Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee TrustedSource CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard CLEAN
Scanning site with: ZeuS Tracker CLEAN

Hi Epsi and spg SCOTT, Asyn

Yes, Asyn, URLVoid has its status as suspicious, because of a finjan detection. But the detection is now legit, go to finjan here: http://www.finjan.com/Content.aspx?id=574 And then check for yourself, never take things for granted, do not trust anything, that is a great lesson I have learnt.
The requested URL was analyzed and found legitimate
The latest for the Fx extension is here: http://bugs.code.downthemall.net/trac/wiki/NightlyBuilds
But with these sites and services one should always be cautious, they can come packed with malcode, however here the site can be soon cleansed, see its history: http://www.computerworld.com/s/article/9063239/Firefox_3.0_s_malware_blocker_whacks_access_to_popular_add_on_sites
http://www.msfn.org/board/topic/114403-my-hijackthis-log/
http://blog.mozilla.com/dolske/2008/02/17/user-perception-of-safebrowsing/ (issue in 2008)

So check and check these downloads again and again,

greets, your anti-malware fighting friend,

pol

VirusTotal - downthemall.net.htm - 0/41
http://www.virustotal.com/analisis/422fc14b66076672a9dd5f63026fd9cf8e5cf1672a6d2dfaec91eda0bb4a79a0-1277466062

Hi D.,
I already posted a rescan of today… (see above)
Btw, congrats to your team…!!! :slight_smile:
asyn

Just went there now and everything worked again. thanks guys

You’re welcome…!
asyn

What is wormnet PSP…??
Which servers are you refering to…?
asyn