Legitimate site blocked (xlnation.net)

Hello Avast! team,

Avast! is blocking a fansite dedicated to a video game, and the website seems to be safe and does not seem to be compromised.
hXXp://xlnation.net/

Could you please take a look at that website please ? :slight_smile:

Please modify the URL, change http to hXXp to break an active link to a suspect site.

See http://urlquery.net/report.php?id=9534072 as this indicates there may be infected sites also on that IP address or that host. So it could be the site is blocked by IP and not by domain.

That said the alert is showing URL:Mal and that normally means that there is a link on that site redirecting or leading to a malicious site.

There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: Report false virus alert on website.

Ask for a Review (network Shield) on the domain name.

IP for that site (70.91.186.29) is blacklisted by barracudasentral.org

The IP address 70.91.186.29 is listed as "poor" on the Barracuda Reputation System.

http://www.barracudacentral.org/lookups/lookup-reputation

Pondus and DavidR,

IP had threats in the past:, was on DShield blocklist, advanced threat, danger level 3, but that was several years ago.
Also your suggestions were not the main reason for the avast block.

At the culprit of the detection and block lies that this domain is at ns1 dot afraid dot org. That is the main reason of the actual block.
As soon as the domain steers away from afraid dot org, it will become unblocked, sometimes this could even be with an upcoming update.

We had Milos explaining these issues here several times on the forums.

polonus

I see it is still blocked!
If Avast isn’t going to get it fixed then it should provide a “I do not care, go there anyway” button.

If it isn’t fixed soon, then goodby Avast.

You can always pause / turn off webshield …if you take the risk

If you go there you stand a good chance of being redirected to a malware/phishing site. Without Avast blocking it you could have been infected. On your head be it if you go there

Milos.. Avast analyst Any domain hosted on afraid.org can be used by other persons for dns hosting without your control. It happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later (avast.com/contact-form.php).

Can confirm that, e.g.:
Nameserver
ns1 dot afraid dot org.
SSL Report: xlnation dot net (70.91.186.29)
Assessed on: Mon Mar 24 21:49:06 UTC 2014 | Clear cache Scan Another »
Assessment failed: No secure protocols supported

That is at the culprit of avast! blocking this domain.

polonus

Hello,
there was “xlnation.net/dl/d615f3ed-8f0a/winx%2Bclub%2B2.exe”, can you confirm that you have cleaned it? I suggest to change all passwords and update all systems.

Milos

To try and resolve this, the latest report from urlquery:

http://urlquery.net/report.php?id=1395986778558

The latest report from Barracuda (Sorry for lack of direct links, you know how http://www.barracudacentral.org/lookups/lookup-reputation works):

The IP address 70.91.186.29 is listed as “poor” on the Barracuda Reputation System.

The domain name xlnation.net is not listed on Barracuda’s Intent Block List.
The domain name xlnation.net was found under the following categories: game-playing-game-media

I was a frequent visitor to XL Nation on its old site and I am a frequent visitor to the new site. While it may have had problems in the past, it does not warrant blocking now because the site has been remade on another server and using different server software with no cross-pollination from the old server (as this has been placed in a quarantine location and is no longer accessible to the general public).
Plus the owner of the new site is doing all the other normal security procedures to counter these issue yet the site is still blocked by Avast for some people.

Part of the security issue may be that because the site offers downloads of mods for the game including some executable files, maybe these are being detected as “bad”. However, I think it may be more a case of the browser because for me, Avast only detects a security threat whenever I use it in conjunction with Google Chrome.
I can access the site if I use Internet Explorer without Avast going insane.
I’ve also tried accessing the site with Chrome and with ALL Avast shields turned off and Avast still blocks the site, I think because I have the Avast extension added to my Chrome browser.
For what it’s worth, I can also access the new XL Nation site on Chrome without security alerts if I use Avasts’ Safezone (although it isn’t worth the effort because I don’t want to be blocked from downloading mods from the site).

There “might” have been some chance of that on the old site but it was a very slim chance. On the new site, the chance is about the same as any other properly secured site so this level of worry is not warranted.

For those wanting the details, I am using the following: -
Avast Internet Security ver. 2014.9.0.2021
Virus Definitions ver. 140910-0
Google Chrome ver. 37.0.2062.103 m
OS Windows8 64bit, ver. 6.2 (build 9200)

Hello

This is a false positive, it should be fixed in the new update.

don’t hesitate to contact me again.

Best Regards Richard Ĺ rank

Website is still usingAfraid.org

Read this:
https://forum.avast.com/index.php?topic=153800.msg1118228#msg1118228

Hello.

The website now has its own hardware and uses XenFORO. All files are stored on this server and none are hosted on external sites. It would be nice if xlnation.net was whitelisted as a lot of members are complaining about this.

That is not the point here. The site might be completely secure and benign the blocking is because of the dynamic DNS nameserver hosting environment, AFRAID DOT ORG. Re: http://dnscheck.pingdom.com/?domain=xlnation.net&timestamp=1411372077&view=1
As long as one does not steer away from using afraid dot org avast! team will continue blocking the site to protect it’s users!
No more no less.

pol

Is there anything else holding it back? I’m going to see what the admin can do to resolve it.

Well the latest updates seem to have fixed all the problems. :smiley:
I have no issues accessing the new XL Nation site whatsoever so “Thank you” to the Avast crew, your efforts are appreciated.

Still using afraid.org:
http://www.whoishostingthis.com/?q=xlnation.net
https://www.webhostinghero.com/who-is-hosting/
http://dnscheck.pingdom.com/?domain=xlnation.net&timestamp=1411372077&view=1

Problems on the same IDS:
http://urlquery.net/report.php?id=1411741711146

IP blacklisted in multilple lists:
http://multirbl.valli.org/lookup/70.91.186.29.html