Avast is blocking my website ( www.artursadlos.com )

system · 2015-06-15T14:40:01.000Z

Yeasterday Ive discoverd that my portfolio website www.artursadlos.com is blocked by Avast

Infection: URL:Mal

It is my personal website hosted on Squarespace. Im only using this adress to redirect to Squaresopace. Also my other domain that is only parked www.moeticonceptverse.com is blocked too.

Could You help me with that?

Pondus · 2015-06-15T14:48:35.000Z

Bitdefender dont like it
https://www.virustotal.com/nb/url/f5aead5b597509428567381be9c956425320dcefcedf16829b350f16da40bed3/analysis/1434379576/

IP history https://www.virustotal.com/nb/ip-address/198.49.23.145/information/
Multiple domains on same IP and many are blacklisted

IP void http://www.urlvoid.com/ip/198.49.23.145

[b]IP ADDRESS: 198.49.23.145[/b]
We have found in our database of already analyzed websites that there are 713 websites hosted in the same web server with IP address 198.49.23.145. Remember that it is not good to have too many websites located in the same web server because if a website gets infected by malware, it can easily affect the online reputation of the IP address and also of all the other websites.

IP blacklist check http://multirbl.valli.org/lookup/198.49.23.145.html

if you think the block is wrong, report it here https://support.avast.com > avast virus lab

Eddy · 2015-06-15T14:57:56.000Z

https://www.virustotal.com/en/url/f5aead5b597509428567381be9c956425320dcefcedf16829b350f16da40bed3/analysis/1434379576/
http://www.urlvoid.com/scan/artursadlos.com/
http://urlquery.net/report.php?id=1434379733373
http://urlquery.net/report.php?id=1434379755737
http://zulu.zscaler.com/submission/show/c20db4c5b033b811c3315791e47e2b78-1434379537
http://dnscheck.pingdom.com/?domain=www.artursadlos.com
https://www.ssllabs.com/ssltest/analyze.html?d=artursadlos.com&ignoreMismatch=on&latest

Looks to me like a legitimate IP block.

system · 2015-06-15T15:51:25.000Z

So basically I have just one domain and thats all. I dont understand why there are others. Its a problem with GoDaddy or with Squarespace?

Eddy · 2015-06-15T16:18:28.000Z

The problem is that you do not have a dedicated server, but a shared on.
Other domains are also on the same server/IP and if they conduct malicious practices the IP will be blocked.

According to your initial post you have multiple domains.

system · 2015-06-15T16:30:32.000Z

Ive this feedback from Squarespace:

“So from what I can see, Avast simply mentioned in that forum that they have blocked our IP addresses due to suspicious behavior (they recognize our IP structure as spammy, even though its not - its just how we have our sites organized)”

“I would say they’re definitely blocking this on their end due to this misunderstanding of our IP structure”

“submit a request to unblock the IP from that link I sent, letting them know its been blocked incorrectly. Basically, just tell them its not malicious and has been verified as ok from almost all of the malware checkers they provided in the links in that forum you sent”

And my question now. Sending a ticket will work? Will this ip going to be unblocked?

Pondus · 2015-06-15T16:46:09.000Z

And my question now. Sending a ticket will work? Will this ip going to be unblocked?

Only way to find out is to send a ticket ;)

Eddy · 2015-06-15T17:17:01.000Z

So from what I can see, Avast simply mentioned in that forum that they have blocked our IP addresses due to suspicious behavior (they recognize our IP structure as spammy, even though its not

No, avast has blocked the IP because there are malicious on it, not just because of a suspicion.

I would say they're definitely blocking this on their end due to this misunderstanding of our IP structure

Sure, avast is blocking that IP but not because avast doesn't understand their structure.

Basically, just tell them its not malicious and has been verified as ok from almost all of the malware checkers they provided in the links in that forum you sent

The links I have posted show very clearly that things are not ok.

It is very clear that Squarespace is not honest about things and/or they don’t have a clue about things.

I run checks on my websites/IP’s and the ones I maintain for others on a regular base.
About two years ago I saw malicious things where happening on the same IP.
I contacted my host, and within 24 hours they gave me a new IP, monitored the other websites and removed the malicious ones.

And my question now. Sending a ticket will work? Will this ip going to be unblocked?

Yes, avast will have a look at your website and if nothing malicious is found they will allow it. They will not unblock the IP as long as there is malicious going on there.

polonus · 2015-06-15T18:04:20.000Z

It is not only Avast, Bitdefender TrafficLight is also blocking this website.
The malicious history of the IP address: http://cyberwarzone.com/malicious-history-of-198-49-23-145/
Reasons why 198.49.23.145 is listed on Cyberwarzone:

History of being on a blacklist History of being used in an aggressive marketing campaign History of malicious traffic or use Triggered as a spam-bot or aggressive crawler We were lazy and we did not see that it is a false-positive

Also consider: https://www.virustotal.com/en-gb/ip-address/198.49.23.145/information/
See: http://www.dnsinspect.com/artursadlos.com/1434391068
WARNING: MX records duplicates (same IP address):
188.121.52.56: [mailstore1.europe.secureserver.net. smtp.europe.secureserver.net.]
Although technically valid, duplicate MX records have no benefits and can cause confusion.
See: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.artursadlos.com%2F

Please check this list for unknown links on your website:

htxp://instagram.com/artursadlos → ’ instagram ’
htxp://www.inprnt.com/gallery/artursadlos/ → ’ prints ’
htxp://instagram.com/artursadlos → ‘instagram’
htxp://www.inprnt.com/gallery/artursadlos/ → ‘prints’
htxp://www.inprnt.com/manage/print/whale-rider-2/ → ‘here.’
htxp://instagram.com/artursadlos → ‘’
htxp://pinterest.com/artursadlos → ‘’
htxps://www.behance.net/artursadlos → ‘’
htxp://artursadlos.tumblr.com → ‘’

polonus (volunteer website security analyst and website error hunter)

system · 2015-06-16T10:01:00.000Z

Thank You for help. I have provided this information to Squarespace support and to Avast support. Hope theyll help me. Im really green in this matter and Im having hard time to understand what is happening in my case.

Im trying to figure out is it a problem with Squarespace or with GoDaddy because it is really unclear for me. Both services are costly for me and pushing me around isnt helping at all.

BTW The squarespace adress works fine: http://www.artursadlos.squarespace.com/ The problem appears with www.artursadlos.com

polonus · 2015-06-16T10:11:08.000Z

Hi artur.sadlos,

When your site is hosted as a dedicated website these problems may not take place.
Sharing various domains/websites on one and the same IP means that one or more bad apples there may give the whole basket of apples a bad name. That is what has happened in your case, all of the IP blocked, because the hoster is not acting towards abuse by others on that same IP. In that case you are not doing anything wrong, but you are a victim of such sloppy hosting abuse policies. Similar message but a bit differently put came from our forum member Eddy in his earlier reply.

polonus

P.S. Also consider the CMS technology used: http://www.dtelepathy.com/blog/philosophy/do-you-really-need-a-cms

IP info: Server IP(s):
198.185.159.145
198.49.23.144
198.49.23.145
198.185.159.144
D

system · 2015-06-16T13:10:42.000Z

Ive contacted GoDaddy. There was lots of subdomains created on both my active and parked domain. The cleared it for me. Soo there was some breach or hacking on their end becausre I dont remember creating hundreds of subdomains

I wonder if it will help and my domain will be unblocked. Or still there will be some issue with Squarespace infrastructure.

Thanks You once more for great support!

polonus · 2015-06-16T19:27:18.000Z

You are welcome, good that you are aware now you have to investigate yourself and never again take issues for granted, as they cannot be. These days you can only really trust what you have tested yourself or what was tested on your behalf.
Glad to be of any assistance. May your website prosper! Stay safe wit Avast,

polonus (volunteer website security analyst and website error-hunter)

system · 2015-06-16T21:57:28.000Z

Great sucess! My website is clean again and runs like butter. This forum was super helpfull. Bless You all with the Force!

Eddy · 2015-06-16T22:08:38.000Z

Oh no! Not the force again ;D

mchain · 2015-06-17T04:35:19.000Z

I think what he meant was “May the Force be with you.”

polonus · 2017-09-29T18:59:49.000Z

Update the IP address is certainly still spreading malcode -
Re: https://ransomwaretracker.abuse.ch/ip/198.49.23.145/
Re: https://cyberwarzone.com/malicious-history-of-198-49-23-145/
flagged: https://www.threatcrowd.org/ip.php?ip=198.49.23.145
and https://www.threatminer.org/host.php?q=198.49.23.145

polonus

system · 2017-10-06T16:00:16.000Z

Tengo el mismo problema con mi web http://guardamueblesen.es/villavieja-del-lozoya-madrid/

Pondus · 2017-10-06T16:06:42.000Z

palomaperez404 post:18:

Tengo el mismo problema con mi web http://guardamueblesen.es/villavieja-del-lozoya-madrid/

Non-english zone >> https://forum.avast.com/index.php?board=21.0

How to report >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

polonus · 2017-10-06T16:24:46.000Z

Ola palomaperez404,

Outdated: The following plugins were detected by reading the HTML source of the WordPress sites front page.

contact-form-7 4.6 latest release (4.9) Update required
https://contactform7.com/

Retire http://retire.insecurity.today/#!/scan/97bc66f0b78ceac4d69d19874293cc6effb24cf64c2e38ba2b638efa2e9421d0

Not much here: http://isithacked.com/check/guardamueblesen.es%20

Wait for an avast team member to give the final verdict, as we are volunteers with relevant knowledge but we cannot unblock,

Consider also: https://urlscan.io/result/5aa6371b-cb1a-4c61-ad92-8bcbbb3fad44#summary

Con Dios,

polonus (volunteer websitre security analyst and website error-hunter)

Announcements