Jump to content

False Positive on www.SuperUtils.com


superutils

Recommended Posts

A block was put on the range due to a plethora of malicious content spanning a variety of IPs and over a time span of 2009-present. The owner of the range has not responded to abuse reports or the block would've not been made.

However, I'll get an exception put on the block so your site will be unblocked as of the next update, but I'd urge you move the site elsewhere.

Link to post
Share on other sites

Hello, Steven.

Thank you very much for the helping hand!

I'm gonna contact my hoster to address on this issue. But moving is not an option, since we've changed shared hostings several times, and I cannot be assured than a new one isn't blocked by MB or anyone else.

Valerian Kadyshev

Senior Developer

SuperUtils Software Company

http://www.superutils.com

Link to post
Share on other sites

Thank you Valerian.

If it helps, there's only one incident left on the same IP as your site (obviously, don't run this on anything other than a thrrowaway test machine);

download.korefan.info/free-ro/RCX.rar

Link to post
Share on other sites

Wierd, it was live a few mins before I posted it.

/edit

Seems they've moved it and hidden the direct URL;

HTTP/1.1 200 OK
Date: Sun, 14 Aug 2011 14:33:47 GMT
Server: Apache/2.0.63-lk.d (Unix) mod_ssl/2.0.63-lk.d OpenSSL/0.9.8o mod_dp20/0.99.2 mod_python/3.3.1 Python/2.6.5 mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_wsgi/3.3
Set-Cookie: fusion_visited=yes; expires=Mon, 13-Aug-2012 14:33:47 GMT; path=/
Content-Disposition: attachment; filename=".rar"
Last-Modified: Mon, 17 Jan 2011 04:11:16 GMT
Content-Length: 59277
Keep-Alive: timeout=30, max=115
Connection: Keep-Alive
Content-Type: application/octet-stream

Link to post
Share on other sites

Steven, how to reproduce this? I need some summary to report to my hosting company.

It gives me just 404:

Requesting download.korefan.info/free-ro/RCX.rar .. Ok

Reply received (reply time: 422 ms)

-----------------------------------

HTTP/1.1 404 Not Found

Date: Sun, 14 Aug 2011 14:54:52 GMT

Server: Apache/2.0.63-lk.d (Unix) mod_ssl/2.0.63-lk.d OpenSSL/0.9.8o mod_dp20/0.99.2 mod_python/3.3.1 Python/2.6.5 mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_wsgi/3.3

Content-Length: 213

Connection: close

Content-Type: text/html; charset=iso-8859-1

Valerian

Link to post
Share on other sites

I'll get the team that passed me the URL to take another look, thank you (my test machine is indisposed at present or would look myself). If I recall correctly, it was a variant of W32/Neshta.a so it's possible this is a different file.

Link to post
Share on other sites

Alright, Steven.

But do note that the file sizes in the VT report, and of your server response are the same -- so we can assume that I tested a file you meant:

Content-Length: 59277

---

File size : 59277 bytes

If I recall correctly, it was a variant of W32/Neshta.a so it's possible this is a different file.

Correct, I found a reference on this after googling for the first link you gave me:

http://www.scumware.org/report/download.korefan.info

2011-05-08 20:43:33 <URL_was_here> DBAAF402B448F0250A334F2E9EE1E58F 77.222.40.148 RU RCXRCXRCXRCX.exe Virus identified Win32Neshta.A

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.