Last one took 3 weeks (or more) to get the Polish language help (why isn’t there an ENGLISH version - I can’t understand Polish and did not know what I was clicking when working with support!) CREATE AN ENGLISH LANGUAGE VERSION OF SITE ASAP avast! (at least the rep spoke English, but I had a tough time trying to navigate or use the site in Polish!)
Another website, showing CLEAN CLEAN CLEAN in Virus Total and Securi is being blocked by Avast aggressiveness. http://parentstoolbox.com
I am invited to do a venture with her and I need to reply ASAP. But I can’t VIEW the site to see what this venture looks like!
REALLY ANNOYED with avast! I do NOT have time for this garbage. If it continues I will have to ditch avast (and get a refund for unused time) and find something else that does not hinder my navigating on the web to work!
The DNS for this site http://www.parentstoolshop.com/ is probably hosted on that “afraid.org” site that avast doesn’t like. Avast decides to block EVERYTHING with DNS hosted there is automatically full of malware according to avast. Can someone verify that this is the case?
Avast should NOT create such a stupid “blanket rule”. Instead actually TEST the sites before you block them - what a concept!
I need this unblocked NOW and need access to this site.
I DREAD having to waste time trying to figure out how to post on that non English support site. Can someone here do something to get this unblocked? How do I call in Avast staff? They can understand the Polish language site and get things done.
And please know that this is NOT MY SITE OR DOMAIN that I am being blocked from accessing. It belongs to a business colleague I don’t know well who is offering me a business opportunity to participate in a list building venture. It is not my place to tell her to change her website hosting or DNS hosting. So don’t bother to ask me to do so.
We have found in our database of already analyzed websites that there are 6138 websites hosted in the same web server with IP address 208.91.197.26 and IP hostname 208.91.197-26.confluence-networks.com. Remember that it is not good to have too many websites located in the same web server because if a website gets infected by malware, it can easily affect the online reputation of the IP address and also of all the other websites.
How do I call in Avast staff?
avast support https://support.avast.com/support/home
Contact support https://support.avast.com/support/tickets/new
I’m surprised it is not afraid.org. Must be another one!
There are too many false positives lately with this latest avast! Stupid ones too. Avast! algorithm is not checking or testing, it’s “LUMPING” according to common denominators with websites. That is a bad and inaccurate practice that does not protect, but does cause a lot of grief.
Avast doesn’t bother to check, just “lumps websites with others” depending on where they are hosted. There is NO malware here. Avast! has better engineers and developers than that, they need to write some new algorithms.
When I get a business opportunity I need to RESPOND quickly or lose the chance. I don’t have time to play with the Polish language help site for 3 weeks. I have 9 days to submit an application to be a part of this holiday event. There are 50 slots, she is inviting hundreds. I can’t see what I am applying to be a part of! I may not be interested!
Here are screenshots from avast! , VirusTotal and Securi attached.
How do I get this CLEARED? Without dealing with the Polish site? I did submit a False positive report, but that will not even be considered until Avast decides to do a ‘review’ or whatever they called it.
There are many reasons for blacklisting, not only infected
example: here are the classifications used by hpHosts, and as you will see, there is more then one hpHosts Classification Explanation http://hosts-file.net/?s=classifications
Last one took 3 weeks (or more) to get the Polish language help (why isn't there an ENGLISH version - I can't understand Polish and did not know what I was clicking when working with support!) CREATE AN ENGLISH LANGUAGE VERSION OF SITE ASAP avast! (at least the rep spoke English, but I had a tough time trying to navigate or use the site in Polish!)
Not sure what site you mean .... do you have a link?
Pondus what you’ve shown with that extended report on Virus total shows that SOME SITE on that server has tested pos for malware recently. BUT NOT THIS SITE I AM TRYING TO GET TO. Avast doesn’t test sites… they “lump everything on a server or DNS” together. That is terrible and results in too many false positives that interrupt the flow of business and life and it needs to be stopped. Avast needs to run a quick TEST on the actual site trying to be accessed to determine if it needs to be blocked.
Maybe I should contact Lukas Hasik directly, I have his email and he invited me to contact him if there is anything he can help with. I’m sure he could get support to act quickly. I will send an email to him before trying to work with the support site.
And… the links to support you posted are the same as the Polish language site. Reps speak English, whole site is in Polish so submitting tickets is very tricky and involves a lot of guess work. Since nearly every country speaks some English (maybe badly) an English version of this site needs to be created.
he he Pondus! You helped me with that one too! It was http://modeleskincare.com I got access to it just in time to be greated with that they are updating the site and I can’t access it. Hopefully they are done, I haven’t had chance to check back this week. You discovered it was hosted on afraid.com
Parentstoolshop.com we do block, yes. It is not hosted on afraid.org - why did you make such connection?
Also, we do not block everything hosted on afraid.org, we only block the domains that host malware. Why did you think we just carpet bomb whole hosting? That does not make any sense… That is like blocking every .exe file just because it can potentionally be malicious.
Back to parentstoolshop.com - we block it because it hosted Angler EK - the worst kind of malicious files on the web, capable of infecting users without them even clicking or touching anything. So no, I am sorry about you not being able to view your business partner’s website, but we try to protect our users (you included), and we will not unblock it before the owners/admins tell us they cleaned the domain.
See also the VT report for that IP’s badness history: https://www.virustotal.com/nl/ip-address/208.91.197.26/information/
Another minor issue I also see this adblock circumventing adblockkey at -parentstoolbox.com
adblockkey=“MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_PMLRQ2tMYsRYkOrZ6lLwJSYchu9yJqGnURNuMw3ynkui2QHLwPHv+STi0BLhlhoXtCS5qZX+buTFGc6Qyrys6w==” >(such adblockkey’s are also used to whitelist ads from parked domains etc.).
As this site now comes served up from -http://imptestrm.com/rg-erdr.php?_dnm=parentstoolbox.com&_cfrg=1&_drid=as-drid-2300300503455222
Hi HonzaZ (EDIT: I see it is my sloppy rushing posts that typed parentstoolbox.com first time and then parentstoolshop.com the second. It is the SHOP I need released - it is a false positive. You will see the Avast warning in my jpg above.
YES!!! YES! Avast is blocking parentstoolshop.com Pls see my attached jpgs above showing this. The one Avast_stupid is a screenshot of the popup that identifies the infection only as “mal” nothing in other words for the domain parentsTOOLSHOP.com.
Avast! is PROBABLY blocking ParentsTOOLSHOP.com because it is SIMILAR to parentsTOOLBOX.com the infected site. That is NOT satisfactory.
This is personal development site and a personal development joint venture giveaway. The site is on the up and up and NOT hosting malware.
I am glad that Avast! is working on releasing this site from the block list currently. ParentsTOOLSHOP.com is the site I need unblocked.
The afraid.com info came from Mr. Pondus, who was very helpful pointing out that the last site (4 weeks ago) that Avast blocked was hosted on afraid.com. Supposedly avast blocks websites hosted on afraid because they have a rep for hosting sites infected with malware.
And Pondus.… for some reason, when I filed my original ticket (normal site, in English) and got a reply from a rep, the whole site was now in Polish or another similar language. I had a really tough time navigating it naturally since I don’t understand any Polish. I’m lucky I didn’t click on any wrong things and delete my posts. It was a guess with every click.
OK HonzaZ … I am confused parentstoolshop.com hosted this dangerous ANGLER malware? Or parentstoolbox.com hosted it? Parentstoolshop.com is a personal development site and her business comes through that site. She could not survive if she were launching malware at visitors.
IF you are saying that parentsTOOLSHOP.com has hosted this dangerous malware and you have no evidence they cleaned the site. I will NOT do the venture with her. I will write and tell her why. I will not send 8-10,000 people to a visit a site that is potentially hosting malware for some free gifts. Happy Holidays… NOT!
What should I tell this woman about the malware that had been on parentstoolshop.com and what do they need to do to prove the site has been cleaned. I will draft an email later. Let me know how to present it to her, she like me is not techy.
No, we do not block it because it is similar to another site, we block it because there was a landing page for Angler EK, as I pointed earlier. This is a direct contradiction to “not hosting malware”.
We are not. We need the owners to clean up the mess after the infection (update all systems, change passwords, …), then let us know and we will be more than happy to unblock it.
We do block many domains on afraid.org, but only those that we spotted malware on.
We spotted malware on parentstoolshop.com, which is the only URL that we block.
Keep in mind that this is not intentional - her domain/website was infected (misused) by the bad guys to serve malware. There is 99 % chance that she doesn’t have a slightest idea that this actually happened.
Hi Polonus I noticed too that parentstoolbox.com was in the list - but the domain blocked is parentstoolSHOP.com. It’s all very confusing and quite honestly, I am not techy enough to understand the implications of that list of domains. (are they playing a domain redirect game? and including parentstoolBOX.com in that list?) I can however understand the danger and horror of this Angler exploit kit malware and totaolly understand why avast! is not taking chances with it.
In all probability the domain has probably been cleaned or it would not have come up 100% clean in both Securi and Virus Total. (Virus total reported scans run on this website in Feb 2015 twice - perhaps that was when the infection was first observed.)
That infection is too risky to send my subscribers and clients to risk getting. At this point, I too would want assurances from the host of the even that IF that domain is hosting the giveaway (which it appears to be doing) that it is cleaned. The traffic that will be going to that site during the 6 weeks of the giveaway event is going to be massive as 50 total partners in the personal development niche will be sending tens of thousands of people there.
What evidence of this cleaning do I need to ask for? What does avast! want to see? I want to see something myself!
Wow! This happened to a friend of mine and I was the lucky one that got infected visiting her NEW website (low traffic) and informed her of it. She got it cleaned right away. It took me 3 months to totally clean my computer and registry of that thing. That is when I got avast! btw. My friend had NO idea at all.
What do I ask this woman to have her web person check for and how do they certify to us that it is clean? I am not sending anyone there until I know it is, I’m sure a good percentage of my subscribers do not have avast!.
She should have someone who built the website for her - and this person usually knows. If they don’t, then a pretty safe bet is to remove all content, update all systems (PHP, MySQL, Wordpress, any widgets), change all passwords, then install the website again. Then she has to let us know - we do not monitor all pages all the time if they already cleaned it.
I will write to her and ask her to have her web person check and verify the site has been cleaned. That other option is awful, so labor intensive! Hopefully she has a good website person who knew about the infection and cleaned it.
rg-erdr.php? is pointing at very serious Joomla malware there.
When she goes local e.g. localhost/mysite everything is fine. But when she goes online with he online site www my online address they will redirect to http://imptestrm.com/rg-erdr.php?_ etc. etc.
Notice further that a very important Joomla update has been announced, that should be applied as soon as it becomes available.
Login to your FTP and see if your .htaccess file has been modified lately.
It might well be that the use of virtuemart or likewise php files is at the core of these problems.
Read the faq here: https://docs.joomla.org/Security_Checklist_7
My friend had NO idea at all.