Advice Request Infected website or False Positive from Fortinet?

128BPM · Nov 15, 2018

Hi,

Every day I visit this page without problems, however this morning was blocked by Fortinet. Why?

Code:

http://www.amen-amen.net/RV1960/

I checked it with VT and the result is clean. But VT shows this file: c99f26061658e9461804e2deeed87823149ff0c7f847859b43c55a15255dca76

Is a little suspicious

Screenshot_2018-11-15 Web Filter Violation.jpg

128BPM · Nov 16, 2018

Hmm they apparently already removed the site

harlan4096 · Nov 16, 2018

Still up here, but only the main page, sub links don't work/broken...

TairikuOkami · Nov 16, 2018

Http does not work, https refuses to connect, probably blocked by DNS or something, either way, it is not a good sign, might be hijacked.

128BPM · Nov 16, 2018

It is strange that VT shows the download of a file.

ForgottenSeer 58943 · Nov 16, 2018

If Fortinet alerts, you should be concerned.

Primarily because Fortinet doesn't auto-classify, there are a couple of hundred engineers who sit around working on the classification. Also remember, FortiGuard, the TAC's primary feed also takes in from other sources ranging from FortiSandbox, IPS hits and other channels so it will often hit much sooner than other web classification services.

128BPM · Nov 16, 2018

@ForgottenSeer 58943

Talking about Fortigate, have you ever used the external dynamic block lists feature? I think that it is similar to Pi-hole.

Mahesh Sudula · Nov 16, 2018

The site is down already now....
However it is a legit website. Definite False positive from Fortinet.

Search

Advice Request Infected website or False Positive from Fortinet?

128BPM

Level 2

128BPM

Level 2

harlan4096

Super Moderator

TairikuOkami

Level 37

Attachments

128BPM

Level 2

ForgottenSeer 58943

128BPM

Level 2

Mahesh Sudula

Level 17

Similar threads