www_w8themes_com blocked but not harmful

Viruses and worms
1

Hi - I use [font=verdana]Avast! 7.0.1466 in W7HP SP1.[/font][/size][font=verdana]In the last couple of weeks it’s been blocking www_w8themes_com but it cannot tell me what it sees, so I ran a couple of checks:http://sitecheck.sucuri.net/results/www.w8themes.com/ and https://www.virustotal.com/en/url/c97af5274fef424e018ef42ae812b8adf3f083c5da9335b2d65c11d12f24b784/analysis/1398091525/.Both of them clean. Apart from upgrading to the latest and (not size!) greatest version, what else can I do? Would the latest version have better detection capabilities?It’s really annoying when Avast won’t or can’t give me specific info about what its seen.And there seems to be no method of sending site-related feedback like we can with files.Gordon.[size=1em][/font]

2

Whaty’s the warning Avast! Gives you? Can you attach a screenshot?

This site is on that IP… http://urlquery.net/report.php?id=1386257733423
Most likely cause for a IP Blacklist (URL:Mal)

We have it going to this site: RBN Network. Different IP, but still http://urlquery.net/report.php?id=1398090752067

More sites. Malvertising for the RBN. http://urlquery.net/report.php?id=1398092457321

Conclusion. Report is valid.

3
Hi - I use Avast! 7.0.1466
Would the latest version have better detection capabilities?
yes, lots of bug fixes and updated tech stuff http://forum.avast.com/index.php?topic=149104.0

does avast say URL:mal (w8themes.com/) if so this means URL or IP is on a blacklist for whatever reason…there can be many reasons, it does not have to be infected

only thing i see here http://urlquery.net/report.php?id=1398092830711 see Recent reports on same IP/ASN/Domain
there is one domain (texasgunfestival.tk) using same IP see here http://urlquery.net/report.php?id=1386257733423
and suricata filter give lots of detections so this may be a IP block…

4

Hi -

https://www.dropbox.com/s/l280kat8ltc5scb/MalURL.png
https://www.dropbox.com/s/l280kat8ltc5scb/MalURL.png

If there’s two images, it seems both methods work :stuck_out_tongue:

Collating both of your replies, it would definitely seem to be a blacklist thing. I won’t bother asking how in the name of IANA two people can get the same IP…

So would Avast (latest version) give me any more info than what I already get? And much more important, is there a way to submit URLs the same way we submit files for double/false positive checking? I’m asking now because ATM v7.0.1466 is giving me adequate functionality.
[/size]
[/size]Gordon.

5
So would Avast (latest version) give me any more info than what I already get?
No
And much more important, is there a way to submit URLs the same way we submit files for double/false positive checking?
If you think it is wrong, report it to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)