depuis une semaine chaque jour je trouve que avast bloque l’un de mes sites
hesball.net
zizocar.net
vanball.com
jbilo.com
havanvan.com
i don’t know what is the problem , all the sites not contain any virus
depuis une semaine chaque jour je trouve que avast bloque l’un de mes sites
hesball.net
zizocar.net
vanball.com
jbilo.com
havanvan.com
i don’t know what is the problem , all the sites not contain any virus
URL : Mal means they are on an URL or IP Block list.
It appears you’ve been hacked. Massive redirects to hXXp://wXw.vivocar.com
all websites are on same IP ( 87.98.166.118 ) and is blacklisted here http://www.apews.org/
CASE: C-22 Dynamic IP space, generic DNS/rDNS, no PTR Direct connections to MX not permitted, you need to use your ISP servers or smarthost
urlQuery http://urlquery.net/report.php?id=9867160
Intrusion Detection Systems Suricata filter alerts
Not only that. Yuo’ve been blacklisted for 3 years. 2011-02-21 2011-03-02: Entry changed from 87.98.166.0/23 to 87.98.166.0/24
Oh, Pondus, thanks for removing that dupped post
Oh, Pondus, thanks for removing that dupped posthuh ? ???
I removed it.
This is a double post.
http://forum.avast.com/index.php?topic=147487.msg1070921#msg1070921
In fact, the OP did post it 4 times, 2 were removed, leaving the ones in different languages.
i don’t know what i do now , i need to change the host ???
no , i just redirect the old site to the new
Then why does it also redirect to other sub-domains?
If you’re attempting to redirect to your new domain, then why have a buch of other redirects? It looks very suspicious too me.
THank Asyn, thought Pondus removed it.
Suspicious code there, see image attached.
Emsisoft reports this as Gen:Adware.MPlug.1 (B)
polonus
not is a false positive
vanball.com
hesball.net
http://urlquery.net/report.php?id=9867160
URL unblocked
zizocar.net
jbilo.com
havanvan.com
Hi Polonus,
What does that code do? I cannot see all of it.
What exactly is malicious here? Up until now I’ve seen scan results that have yielded false positives.
~!Donovan
Hello,
hesball.net and vanball.com are using DNS afraid.org. Any domain hosted on afraid.org can be used by other persons for dns hosting without your control. It happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later.
Milos
Hi Milos,
Thanks for the confirmation.
Best,
~!Donovan