I’m very grateful for all the helpful comments.

My Domain registrar account was hacked a while ago and DNS redirects put in place, which explains the [police . domain . com] addresses mentioned at https://www.virustotal.com/en/ip-address/109.104.78.40/information/. I’ll leave aside any comments on the security at my domain registrar, although it was covered by the press at the time. All the redirects were cleared.

I’ve just run another maldet scan across the whole shared server and it’s come back clean, so I’m confident that the server is good, as are the sites on it (after the hack I reloaded all the sites from my backups). IN addition, there’s now beefed-up security on the server, so I’m hopeful that it’s fairly well protected against future attacks.

So who should I notify? From reading what you guys have kindly posted, it looks as though Avast is referencing other malicious URL lists…

Thanks in advance.