Hi everyone,
There is a false positive in web scanning:

Site wxw.litoralnorte.com.ar is marked by Avast with “URL:Mal”
Results from VirusTotal shows only 1/51
https://www.virustotal.com/es/url/ce5f7e93a0e616f3e91a57542e37a569138f8cbe1fd9ea70e0bfb179cbe1e32c/analysis/1390189390/

Site webmail.litoralnorte.com.ar is also marked with “URL:Mal”
There is a DNS CNAME pointing to ghs.l.google.com
Results from VirusTotal shows only 1/51
https://www.virustotal.com/es/url/ce5f7e93a0e616f3e91a57542e37a569138f8cbe1fd9ea70e0bfb179cbe1e32c/analysis/

I have sent the false positive inform trough Avast Interface yesterday

Thanks!

Probably a IP block…

see alerts om same IP / ASN / Domain. http://urlquery.net/report.php?id=8902140

Your IP is blacklisted Here http://www.apews.org/

CASE: C-46 Spammer / Scammer / Scanner / Zombie / other within this CIDR

Hello,
there was “litoralnorte.com.ar/dl/87845682-75e5/nai%2b3.3.exe” have you cleaned it? I suggest to change all passwords and update all systems. Also using afraid.org as DNS may easily cause DNS hijack, because it allows creation of subdomains for other persons. I suggest to change DNS hosting.

Milos

Hi,

IP Block is not usefull here.
IP 200.58.111.40 and others in same CIDR are used by a major argentinian webhosting company (formerly Donweb- Dattatec.com ). This company is used for a very high argentinian websites (majority smallest presence pages) since this is very cheap.

I have accessed to manage files and currently there is not present the file indicated by Milos

I have ordered a change in DNS – will see in the next hours.

Thanks.

This is what I got: litoralnorte.com dot ar,200.58.111.40,ns1.afraid dot org,Parked/expired,
PHISHING went on from that IP now dead: http://support.clean-mx.de/clean-mx/phishing.php?id=3479672

polonus

Hello,
domain will be unblocked in next stream update.

Milos

Thanks !!