Avast blocks my web site (goldbody.com.ua)

I dont know why, but AVAST has blocked my website http://goldbody.com.ua/,
I’ve checked for viruses by lots of online services
http://www.urlvoid.com/scan/goldbody.com.ua/
http://www.urlvoid.com/scan/goldbody.com.ua/

Nothing has been found. Also Google and Yandex web master tools do not see any malware at the hosting.
I’ve tried to “report false virus alert on website” at https://www.avast.com/contact-us.php?subject=VIRUS-FILE
but I have not gotten any response :frowning:

Pls advise what can I do?
I really appreciate any help you can provide.

http://sitecheck.sucuri.net/results/goldbody.com.ua/
http://zulu.zscaler.com/submission/show/3f58286bc6bff0bb94cbb7c668d93727-1428412286

Site is blacklisted:
http://zulu.zscaler.com/submission/show/3f58286bc6bff0bb94cbb7c668d93727-1428412286
http://multirbl.valli.org/lookup/185.14.29.112.html

Suspicious script and external links:
http://www.web-malware-removal.com/website-malware-virus-scanner/

Problems on the same ASN:
http://urlquery.net/report.php?id=1428413171271
http://urlquery.net/report.php?id=1428413195802

Unable to connect to server:
https://www.ssllabs.com/ssltest/analyze.html?d=goldbody.com.ua

Tor node detected:
http://www.sectoor.de/tor.php

Suspicious files:
http://quttera.com/detailed_report/goldbody.com.ua

On the potential suspicious code: http://lxr.free-electrons.com/source/scripts/kconfig/zconf.hash.c_shipped?v=3.7
See code-snippet here:

static const unsigned char asso_values[] =
 48     {
 49       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 50       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 51       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 52       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 53       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 54       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 55       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 56       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 57       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 58       73, 73, 73, 73, 73, 73, 73, 73, 25, 25,
 59        0,  0,  0,  5,  0,  0, 73, 73,  5,  0,
 60       10,  5, 45, 73, 20, 20,  0, 15, 15, 73,
 61       20, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 62       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 63       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 64       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 65       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 66       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 67       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 68       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 69       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 70       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 71       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 72       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 73       73, 73, 73, 73, 73, 73, 73, 73, 73, 73,
 74       73, 73, 73, 73, 73, 73
 75     };
 76   register int hval = len;

polonus

http://sitecheck.sucuri.net/results/goldbody.com.ua/
Status: No Malware Detected by External Scan.
Web Trust: Not Currently Blacklisted (10 Blacklists Checked)

Hello,
I don’t see it blocked. What alert message do you get from Avast? Screenshot should help.

Milos

You have Tor on your Website (a Node). Why? You de know, Tor is used by Malware Vendors to launch programs Like Cryptowall 1.X/2.X/3.X and other Ransomware payloads right?

What about these results: http://multirbl.valli.org/lookup/185.14.29.112.html
Also consider on this IP:
htxp://whatmyip.co/info/search/1/stxt/steroid-store.com/k/740970123/steroid_store_com.html
Insecure login (1)
Password will be transmited in clear to htxp://whatmyip.co/info/search/1/stxt/steroid-store.com/k/740970123/steroid_store_com.html#logintop (N.B. Alert on above link).
Malware at IP for htxp://forces.uploads-market.ru/get_json? seems down now.
This website is a front for steriod-store.com
http://toolbar.netcraft.com/site_report?url=http://steroid-store.com ERR_NAME_NOT_RESOLVED
see: http://urlquery.net/report.php?id=1429217409108

polonus (volunteer website analyst and website error hunter)

In the future please make “possible” malicious/infectious websites un-clickable.
This can be accomplished by using hxxp or htxp. Doing this will prevent those who lack
any knowledge about website analysis from getting infected.

polonus, !Donovan, Eddy and myself know how to use online tools safely.
We use a multitude of tools to research a website. We don’t use just one or two, we use dozens of online tools.

polonus and !Donovan are the super experts.