Avast still block my website

system · 2014-05-14T13:50:30.000Z

Hi, I’m new here and I don’t know if this is the right topic for my problem.
Here’s my problem:
Avast blocking my website.
Website: http://www.rso-sofia.eu
A year ago, my site and vps was hacked and used to send spam.
I changed my website system, reinstall the entire server, even then I changed my host provider.
My website is absolutely clean (0/51):
https://www.virustotal.com/en/url/96dd5fa75f0b65b73cd253818ab3d03652bbe0c947ab2ff49d49e1c8fdb70a98/analysis/1400074726/
All antivirus show that there are no problems, but unfortunately Avast even one year later continues to block my website, why?
What is the problem with this antivirus?
I sent many reports that it was a false threat, but Avast still block my website.
Avast says: “URL:Mal”
What to do, where to test it to show that my site is safe and Avast to unblock my website?
Please Avast community help me.

polonus · 2014-05-14T14:18:32.000Z

There are DNS issues, see: http://dnscheck.pingdom.com/?domain=www.rso-sofia.eu&timestamp=1400075977&view=1
Javascript check: Suspicious
“login”>login |

Side wide check: Suspicious
idaj&usg=afqjcneqy2ouezfgehmei7skdi_aw01qpg">im cache11 ð°ð¿ñ� 2014
Included scripts check: Suspect - please check list for unknown includes
hxtp://www.rso-sofia.eu/counter.php

Sign site was attacked, compromised is htxp://www.rso-sofia.eu/test404page.js

Possible avast detection is because of malware on other domains on same IP: http://urlquery.net/report.php?id=1400076448756

polonus
and PHISHING on this freeserver dot me IP: http://support.clean-mx.de/clean-mx/phishing.php?id=3736428

You have 2 script blocks in the same file, try to put them in a separate file.
Links To External Script Files - 1
Script URL Type
htxp://www.rso-sofia.eu/counter.php text/javascript
put scripts together and link them from an external files rather then put them in the same file as the main page.
See: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.rso-sofia.eu%2Fcounter.php&useragent=Fetch+useragent&accept_encoding=

polonus

system · 2014-05-15T10:08:29.000Z

The file counter.php is simply a counter of visitors, nothing more.
I have another site with the same javascript counter.php and there Avast does not block my site, so the file counter.php is not the problem.
Ok, I deleted counter.php but Avast again blocked my website.
About the second javascript “test404page.js” this file does not exist on my website, maybe it’s something old archive from previous scans when my site was hacked but that was a year ago, I don’t know.
But I think that Avast blocked my website because of malware on other domains on same ip (thanks for your report).
I changed host provider and now the site is not blocked.
But it’s too bad, because only one site may cause problems for many sites on free or paid shared hosting.
I think this is a weakness of Avast, you should make an option to recognize different domains even if they are from the same ip.

Pondus · 2014-05-15T10:46:42.000Z

your IP is blacklisted by apews.org

Testresults
Oooops 31.170.163.221 is currently listed in APEWS
Entry matching your Query: E-898056
31.160.0.0/12
CASE: C-131
Unallocated CIDR, no traffic until allocated,
or allocated to bad reputation provider
or allocated but dynamic / generically named IPs,
or bogons, see www.cidr-report.org,
or orphaned IP / CIDR in routing table
History:
Entry created 2013-12-09

uerlQuery http://urlquery.net/report.php?id=1400150755615 see Recent reports on same IP/ASN/Domain
you find two domains using same IP ( spartan.boxhost.me/ and hj.cx/ ) Listed at malwaredomains.com as Phishing

polonus · 2014-05-15T15:24:55.000Z

Hi Dubina,

If you could confirm your domain on that IP does not hold any malcode,
then you can ask avast! team members to make an exclusion for your domain
on the general IP block via www.avast.com/contact-form.php and mention this thread here,

polonus

jeffersonsant · 2014-05-18T23:17:07.000Z

there is a redirect returns with 404 error in response

a href=JavaScript:newPopup("http://rso-sofia.eu/frame.php?file=http://www.firedrive.com/embed/02538CA446D9644E");>Отвори да слушаш</a>

<p class="date"><a href="http://www.rso-sofia.eu/music/krasivi_katcheta_ot_rila/#Коментар1">
href="http://www.rso-sofia.eu/vicove/obiava_za_teatar_ot_nachaloto_na_minaliia_vek/"
>Обява за театър от началото на миналия век</a></h2>В едно село глашатай бие тупана и прави обява: -
 По тъмно даскалиците ще дават в читалището.... Отпреде - 3 лева... отзаде - 2 лева.... стоешком пез пари... Бързай народе

<p class="date">
<a href="http://www.rso-sofia.eu/vicove/obiava_za_teatar_ot_nachaloto_na_minaliia_vek/#Коментар1">

rso-sofia[1] file is detected as by avast HTML:RedirBA-inf [Trj]

https://www.virustotal.com/en/file/ae96f08c8b1c240dd4481247d9ab57aec6cf071acf1dff0b04d4971cc3c25b53/analysis/1400454541/

Announcements