URL:Mal | Feb-2015

Viruses and worms
1

I am a web developer and I keep getting the URL:Mal popup referring to devenv.exe (Visual Studio) when i try to publish a site (while uploading).
and when i disable avast and publish then visited the site on my mobile (with avast mobile installed)
I got a popup with “this site may contain malicious software, continue at your own risk” but when i tested the site with McAfee site adviser it says that it is clean.
attached are the requested logs based on https://forum.avast.com/index.php?topic=53253.0

2

The alert suggests that it is the web site that is infected and not your computer. Could you post the site address but make it non clickable

3

am not really worried about the site popup, as i have tested it from multiple devices. and its not showing.

did you find out anything from the logs gathered from my Desktop machine ?

4

URL:Mal means URL or IP is on a blacklist for whatever reason …

5

There is no apparent malware in the logs

One of the sites may enable us to look at the site and see where avast is alerting

6

i host my sites on Azure - they all has a custom sub-domain and end with azurewebsites.net, the ip is 23.101.63.214.
so am guessing someone on the same ip with a different site has a malware issue.

7

IP history https://www.virustotal.com/en/ip-address/23.101.63.214/information/ click more button under list for more info

IPvoid http://www.urlvoid.com/ip/23.101.63.214

[b]IP ADDRESS: 23.101.63.214[/b]

We have found in our database of already analyzed websites that there are 9 websites hosted in the same web server with IP address 23.101.63.214 and IP hostname waws-prod-db3-015.cloudapp.net. Remember that it is not good to have too many websites located in the same web server because if a website gets infected by malware, it can easily affect the online reputation of the IP address and also of all the other websites.

virustotal IP history seems to find lots more…

8

A quick visit to the IP revealed this

9

Is there a setting on avast to ignore this as a temp solution. And do u have any suggestions to permanently solve this.

I have already reported this using avast