Advice Request Infected website or False Positive from Fortinet?

[128BPM]

Hi,

Every day I visit this page without problems, however this morning was blocked by Fortinet. Why?

http://www.amen-amen.net/RV1960/

I checked it with VT and the result is clean. But VT shows this file: c99f26061658e9461804e2deeed87823149ff0c7f847859b43c55a15255dca76

Is a little suspicious

 

[128BPM]

Hmm they apparently already removed the site

 

[harlan4096]

Still up here, but only the main page, sub links don't work/broken...

 

[TairikuOkami]

Http does not work, https refuses to connect, probably blocked by DNS or something, either way, it is not a good sign, might be hijacked.

 

[128BPM]

It is strange that VT shows the download of a file.

 

[ForgottenSeer 58943]

If Fortinet alerts, you should be concerned.

Primarily because Fortinet doesn't auto-classify, there are a couple of hundred engineers who sit around working on the classification. Also remember, FortiGuard, the TAC's primary feed also takes in from other sources ranging from FortiSandbox, IPS hits and other channels so it will often hit much sooner than other web classification services.

 

[128BPM]

@ForgottenSeer 58943

Talking about Fortigate, have you ever used the external dynamic block lists feature? I think that it is similar to Pi-hole.

 

[Mahesh Sudula]

The site is down already now....
However it is a legit website. Definite False positive from Fortinet.