Avast blocked my website (http://www.santodescuento.com)

Site: hxtp://www.santodescuento.com/

Nothing found on analysis from:

https://www.virustotal.com/es/url/9c51fcda005e9097b59d57d4f911c6254ec1edc91643c3be675637e6af9e16d5/analysis/

http://sitecheck.sucuri.net/results/www.santodescuento.com/

http://urlquery.net/report.php?id=8276864

There is good reason avast blocked that web site…it’s blacklisted!

http://evuln.com/tools/malware-scanner/santodescuento.com/
http://maldb.com/santodescuento.com/

And…

http://zulu.zscaler.com/submission/show/60d54fe20423f660ba5e8a2c19c3bb83-1386600763
https://asafaweb.com/Scan?Url=santodescuento.com

edit: http://www.websicherheit.at/en/security-tools/web-security-test-scan-results/
Click “spam check”. Not good!

code hick-up on site detected:
wXw.santodescuento.com/js/poshytip-1.0/src/jquery.poshytip.min.js benign
[nothing detected] (script) wXw.santodescuento.com/js/poshytip-1.0/src/jquery.poshytip.min.js
status: (referer=wXw.santodescuento.com/)saved 9231 bytes 2c2e59c874adc99d8ae1f0bef9b8899b8ac0fbaf
info: [decodingLevel=0] found JavaScript
suspicious:
Potentially suspicious file: /js/jquery-1.8.3.min.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26async=%26=%26=%26=%26=%26=%260=%26=%26=%26=%26=%26=%260=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%26=%260=%26=%26’]] of length 551 which may point to obfuscation or shellcode.
Threat dump: http://jsunpack.jeek.org/?report=d608697a39d3da7178ac5ad4893e4657a3cb69dd (with delimited extract string - probably benign)
File size[byte]: 93636
File type: ASCII
MD5: 3576A6E73C9DCCDBBC4A2CF8FF544AD7
Scan duration[sec]: 82.690000

Site appears to be cleansed: http://www.urlvoid.com/scan/santodescuento.com/ but still resolves to malcode, see the posting from Milos below.

polonus

Hello,
see whois details – hosted on AFRAID.ORG. Answer: http://forum.avast.com/index.php?topic=141924.msg1032791#msg1032791

Milos

I checked in
http://www.websicherheit.at/
and does not detect anything suspicious.

blacklists Found
The website is marked by Yandex as SMS-fraud resource.

http://webmaster.yandex.ru/site/virused.xml?host=20091944
(I’m logged in as webmaster)
In the tab Security, informs me this message:
No malicious code was found on the site.
Our company never use SMS to promote the site.

Luciano.

Read this about afraid dot org as a banned abuser: http://labs.umbrella.com/2013/04/15/on-the-trail-of-malicious-dynamic-dns-domains/
link article author = DHIA MAHJOUB
This is real malware from there: https://zeustracker.abuse.ch/monitor.php?nameserver=ns1.afraid.org

polonus

Based on the post of Milos, if we change our DNS from afraid.org, you would unblock the domain?

Luciano.

Yes.

Milos

We have changed our DNS.
You can check it here:

http://whois.domaintools.com/santodescuento.com

Please, unblock the site.

Regards, Luciano.

Hello,
domain will be unblocked in next stream update (in 5 minutes).

Milos