Avast is reporting my website as malware

Hello,

My website www.punkoffice.com is being blocked by Avast and reported as malware. There is nothing crazy about this site except some AJAX and webGL. I’ve checked the online scanners and none of them report a problem. Can Avast please remove my website from their blacklist?

You can report a suspected FP here: https://support.avast.com/support/tickets/new?form=3

avast is not reporting it as malicious.
https://forum.avast.com/index.php?topic=185110.0;topicseen

It is AOS blacklisted as it was web rep reported by quite a number of users.
There could be improvement on security → js-code to be retired → -http://www.punkoffice.com/
Detected libraries:
jquery - 1.11.1 : (active1) -http://www.punkoffice.com/lib/jquery-latest.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Security header scan results a meagre F: https://securityheaders.io/?q=http%3A%2F%2Fwww.punkoffice.com%2F

PHP could be made to crash: PHP/5.5.9-1ubuntu4.14

See → http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.punkoffice.com%2Flib%2Fcontact.js
and where it lands at Results from scanning URL: -//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Number of sources found: 2
Number of sinks found: 3

See isues mentioned here: https://seomon.com/domain/www.punkoffice.com/

Sub domain www is a bad zone. Main domain’s DNS: http://www.dnsinspect.com/punkoffice.com/1460201499

Excessive Server Header Info Proliferation detected: Overview
By default, excessive information about the server and frameworks used by an webserver application are returned in the response headers. These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers.

Result
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:

Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.14
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.

HTTP only cookies: Warning

Requested URL: http://www.punkoffice.com/ | Response URL: http://www.punkoffice.com/ | Page title: Punk Office | HTTP status code: 200 (OK) | Response size: 8,337 bytes (gzip’d) | Duration: 24 ms
Overview
Cookies not flagged as “HttpOnly” may be read by client side script and are at risk of being interpreted by a cross site scripting (XSS) attack. Whilst there are times where a cookie set by the server may be legitimately read by client script, most times the “HttpOnly” flag is missing it is due to oversight rather than by design.

Result
It looks like 2 cookies are being set without the “HttpOnly” flag being set (name : value):

PHPSESSID : f6us3masocg1fqf0monpqv6961
sessionID : 53e3a2933bf8b1cfb31a537e0bb52eed
Unless the cookie legitimately needs to be read by JavaScript on the client, the “HttpOnly” flag should always be set to ensure it cannot be read by the client and used in an XSS attack.
Clickjacking: Warning

Requested URL: http://www.punkoffice.com/ | Response URL: http://www.punkoffice.com/ | Page title: Punk Office | HTTP status code: 200 (OK) | Response size: 8,337 bytes (gzip’d) | Duration: 24 ms
Overview

Clickjacking Warning:
Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to invisibly load the target website into their own site and trick users into clicking on links which they never intended to. An “X-Frame-Options” header should be sent by the server to either deny framing of content, only allow it from the same origin or allow it from a trusted URIs. (see header security scan results earlier: https://securityheaders.io/?q=http%3A%2F%2Fwww.punkoffice.com%2F )

Result
It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.

4 warnings for use of obsolete code on the html-code: https://seomon.com/domain/www.punkoffice.com/html_validator/

iFrames to be checked: iframes
Any hidden iframes? Yes there are.

Just a note, social media buttons often show up here. They are probably OK. See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.punkoffice.com%2Ftitle%2Findex.html lands at XSS vulnerable scan result: Results from scanning URL: -http://www.punkoffice.com/lib/jquery-latest.min.js Number of sources found: 318 Number of sinks found: 38

An Avast Team Member should comment whether the URL:Mal blacklisting could be lifted or there are reasons for it to be maintained.
We are just volunteers with relevant knowledge.
This advice based on cold reconnaissance website scans is to get a better overall website security status.

was reported by,

polonus (volunteer website security analyst and website error-hunter)

punkoffice.com was removed from the blacklist :wink: