1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 3:47 am May 21, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Possible malicious behavior from AVAST IP

Get /.env and POST /index.html

         

SumGuy

12:39 am on Mar 15, 2021 (gmt 0)

5+ Year Member Top Contributors Of The Month



Today I see this in my web server logs:

(404) GET /.env
(405) POST /index.html

User-agent was this:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36

The IP was 95.142.121.30 which rDNS is r-30.121.142.95.consumer-pool.prcdn.net.

However, bgp.he.net tells me it's part of AS198605, which is AVAST Software s.r.o. If this is not malicious behavior from an AVAST owned/operated IP address (or server) then what is it?

JorgeV

10:07 am on Mar 15, 2021 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



Hello,

Avast proposes VPN, so it might be from one of their users.

robzilla

12:06 pm on Mar 15, 2021 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



prcdn.net is owned by Avast, and consumer-pool suggests it's one of their products, so Jorge is probably right in that it's their VPN service.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 3:47 am May 21, 2026