I have some problems with 2 websites hosted on a dedicated server from Hetzner, Germany with the IP: 88.198.41.180.
First problem is that people using Avast! Antivirus solution are immediately blocked when trying to visit the websites.
We did a scan of the websites ourselves and they are clean but still the Avast! Antivirus behaves the same.
The second problem is the following
There was a record of an Russian website falwar.ru using the IP of this server. Now it’s gone, they’re only our 2 websites (fefco.org and citpa-europe.org).
We think that this particular anti virus (Avast!) has blacklisted this IP caused by some eventual treats made previously from the Russian website.
Hosts…
…malicious URLs? No
…badware? Yes
…botnet C&C servers? No
…exploit servers? No
…Zeus botnet servers? No
…Current Events? Yes
…phishing servers? No
from IP Malicious Toolkit Website 2 attacks were being launched
Web Attack: Malicious Toolkit Website 2
Attacking Computer: 88.198.41.180, 80
Attacker url: wXw.zonis.co.tv/9s1hjngl/?2
spider activity and spambot activity and comment spammer activity being performed from that IP range according to project honeypot,
PHP.ShellExec malware on http://mcn.team.cx/scripts/box
In the end the hosting company offered to change the IP and I guess I will accept.
I mean, it’s not my job to clean an IP provided already with problems.
Anyway, Avast! should pay more attention to this! It’s like someone said, you buy a new house and the next day you have people at the door asking you for money that the old landlord owed them…
Trough my searches I found an interesting name: ET RBN Known Russian Business Network IP (398). Maybe you might want to pay attention to them if you are not aware of them.
Trough my searches I found an interesting name: ET RBN Known Russian Business Network IP (398). Maybe you might want to pay attention to them if you are not aware of them.
everyone know, no secret, and it was listed in my urlquery link posted above