web shield false positive: "website-unavailable.com" - part of OpenDNS

avast web shield (from avast free av) keeps blocking

http://website-unavailable.com

this domain is owned by OpenDNS and the opendns resolvers 208.67.222.222/208.67.220.220 will automatically redirect users to it in various cases.

[Querying whois.PublicDomainRegistry.com]

Registrant:
OpenDNS
OpenDNS Hostmaster (hostmaster -=at=-opendns.com)
410 Townsend st.
Suite 250
San Francisco
California,94105
US
Tel. +001.4153443118
Technical Support: 415-344-3166, Option 1

[…]
Creation Date: 14-Sep-2011
Expiration Date: 14-Sep-2012

Nameservers:
auth1.opendns.com
auth2.opendns.com
auth3.opendns.com

dig @auth1.opendns.com website-unavailable.com

;; ANSWER SECTION:
website-unavailable.com. 3600 IN CNAME guide.opendns.com.

No alerts here using firefox 12.0 and avast free 7.0.1426, VPS version 120510-0.

Do you still get an alert and if so please post a screen shot of the alert window ?

same problem here with opera , firefox …

build, AIS 7.0.1426 , 120510-1

Interesting.

It did not alert with VPS 120510-0, but it is blocked with VPS 120510-1

I am having website-unavailable.com blocked in both Iron Portable 18.0.1050.0 and Firefox 12.0 A screen cap would duplicate those already posted.

Same here. Using Open DNS as well. Clicked the http_// address in OP post, and got this.

I am getting this problem. Web shield is generating a popup every few minutes for “website-unavailable.com”. I’m using OpenDNS, Firefox 12.0, and Avast! IS 7.0.1426, VPS 120511-0.

Screen shot of the popup is attached.

I’m glad to know this is a false positive.

Is there any way to stop these messages from coming up until Avast fixes the problem?

Thanks!

Yes I too am getting an alert on it today, I have reported it for analysis/network shield review at http://www.avast.com/contact-form.php?loadStyles.

Since this is a Network Shield alert and there are no user defined settings, e.g. exclusion list for sites you need to report a possible false positive alert on a website using the above contact form, so that it can be reviewed and hopefully the detection corrected, assuming that the site hasn’t been hacked.

No detections on the site from http://sitecheck.sucuri.net/results/website-unavailable.com/ or http://www.urlvoid.com/scan/website-unavailable.com/

@ DavidR,

Link is not alerting anymore as of 5/11/12, vps version 120511-0. Will do as you say, send off a false-positive report to Avast! if it happens again.

Thanks.

The correction could also come in the form of a streaming update.

There have been 10 streaming updates today (obviously not all would be corrections), all of them time stamped after my last post. Hopefully it would have been one of those that corrected it.

I use OpenDNS and have been getting alerts about unavailable.com all morning. This is what’s in the alert box:

Infection Details
URL: http://www.website-unavailable.com/?wc
Process: C:\Users\Frank\AppData\Local\Google\Chro…
Infection: JS:Includer-AHH [Trj]

Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

Follow the reporting process outlined in Reply #7 above, though in this case it isn’t the network shield, but the web shield which is alerting on this javascript redirection.

Also getting this. I use Norton DNS but tested it and found JS:Includer-AHH

Sucuri: http://sitecheck.sucuri.net/results/www.website-unavailable.com
Virustotal: https://www.virustotal.com/en/url/eb39ee4ab6da46f94e6cc0b740f8ccb9bd609e544ba6767e9de3bbccde4092cf/analysis/1376406007/
Quettra: http://www.quttera.com/detailed_report/www.website-unavailable.com
URL Query: http://urlquery.net/report.php?id=4532577

You can report a false positive here: http://www.avast.com/contact-form.php

You may add a link to this topic in case they reply.

Hallo Liubomirwm,

Norton says that the site is safe:

http://safeweb.norton.com/report/show?url=website-unavailable.com&ulang=eng

Hi Steven, i know that. I haven’t said that norton blocks it, just avast. I think it’s a false positive and reported to avast from here: http://www.avast.com/contact-form.php the site is safe by Bitdefender: https://trafficlight.bitdefender.com/info?url=http://website-unavailable.com/

OK. I understood that wrong. my own fall…

Ok, no problem. :wink:

Hi there, the site is a false positive and will be fixed in the next update.

This FP is not solved yet.I changed from NortonDNS 2 hours ago to OpenDNS because NortonDNS is slow
at the moment.Phishing test site is blocked by Web Shield.VPS 130813-1.
http://www.opendns.com/welcome/
https://www.virustotal.com/en/url/851a121e978a166fb90538367a32b32b16e856149d94db896e3e7510bc89c14b/analysis/1376420802/