Avast blocking website URL

system · 2015-07-03T18:30:29.000Z

Hello,

Avast is blocking our site chasehr.in for no good reason.

We submitted the URL to some online malware scanning tools, and all of them reported it as clean.

Downloaded and Scanned all files on the server with avast and no infection was found.

Anybody here have heard of similar problem? Anyone know how to solve it?

Is it because our domain is blacklisted by avast?

chasehr.in/phpinfo.php shows PHP Version 5.4.30. Does it have anything to deal with the php version on server? The site was developed almost 5 years back.

Our clients are complaining about the malware infection and is affecting our business. Any help will be greatly appreciated .

Thank you,

Varun

magna86 · 2015-07-03T19:17:29.000Z

Hi varuncsivan,

I am not a good web expert so you’ll have to wait for someone who is more equipped for this. But I can give you some clues with which you can start to fix the issues.

http://zulu.zscaler.com/submission/show/4db6556c75b09fd58690ee13c72f61f3-1435950572

It would seems that avast! flags something in index.php
Using Zulu, click on hxxp://chasehr.in/index.php

My advice is that in parallel with this issue, you contact the avast! team web support using this form;
https://www.avast.com/contacts

We have people who know very well how to analyze, our expert in website analysts. So hold on for their replys as well and they may help you a bit.

Eddy · 2015-07-03T19:31:11.000Z

Blacklisted IP, malware detected:
http://zulu.zscaler.com/submission/show/4db6556c75b09fd58690ee13c72f61f3-1435950907

Blacklisted:
http://multirbl.valli.org/lookup/208.117.38.119.html
http://urlquery.net/report.php?id=1435951245740
http://urlquery.net/report.php?id=1435951258261

Malicious script detected:
http://quttera.com/detailed_report/chasehr.in

More problems:
http://dnscheck.pingdom.com/?domain=chasehr.in
https://www.ssllabs.com/ssltest/analyze.html?d=chasehr.in

polonus · 2015-07-03T20:21:29.000Z

Hi magna86,

Some additional info to pinpoint at the issues found there. Avast Online Security also flags site.
These scan results say enough: https://www.virustotal.com/nl/domain/www1.bmo.security.b35ecabbc6d47cc406c94fa6085a4485.mail.chasehr.in/information/ Phishing went on there pr could be going on there.
Check the ocsp reponder - detected by Avast Webshield: https://forum.avast.com/index.php?topic=170731.0
external link: https://www.virustotal.com/nl/domain/vassg141.ocsp.omniroot.com/information/

JQuery issue jquery.min.js potentially insecure - embedded code (injection). Closed bug: http://bugs.jquery.com/ticket/12341
Excessive server header info proliferation: Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
FrontPage/5.0.2.2635 PHP/5.2.10 vulnerable → https://www.exploit-db.com/papers/13654/
HTTP Server: Apache HTTP Server 2.2.27 (Outdated)
Operating System: Unix
PHP Version: 5.4.30 (Outdated)
OpenSSL Version: 1.0.1e-fips
Control Panel: cPanel

polonus (volunteer website security analyst and website error-hunter)

Announcements