Avast warning URL:Mal on my URL

hxxp://barnesinmandesign.com

I have checked the site as instructed elsewhere on this forum, the site and database have been removed and the URL forwarded to a completely rebuilt site. The new site has also been checked and is reported to be free of any malware.

We found no evidence of any kind of malware on the site or in the database however the site continues to be reported to our clients as a malware site by Avast.

Is this Avast block fixed on the IP address or the URL?

http://zulu.zscaler.com/submission/show/f615fc1fb6e799131dda3fca31b86532-1414682471
https://www.virustotal.com/en/url/532429c0bd30db27f796071c702dcfe47ffd04a13b281b03cb7610ce01015af8/analysis/1414682548/
http://urlquery.net/report.php?id=1414682705683
http://www.urlvoid.com/scan/barnesinmandesign.com/
http://urlquery.net/report.php?id=1414682814369
https://www.ssllabs.com/ssltest/analyze.html?d=barnesinmandesign.com
http://safeweb.norton.com/report/show?url=barnesinmandesign.com
DRIVE BY DOWNLOADS!
http://multirbl.valli.org/lookup/217.199.187.58.html
IP Address 217.199.187.58 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

Thanks

There are no files or databases on the site so I can’t remove or change anything other than the hosting. If I change the hosting will that help?

seems like a IP block

IP history
https://www.virustotal.com/en/ip-address/217.199.187.58/information/

and as you see here (posted by Eddy) it is on 7 blacklists http://multirbl.valli.org/lookup/217.199.187.58.html

CBL info http://cbl.abuseat.org/lookup.cgi?ip=217.199.187.58&.pubmit=Lookup

Thanks I’ll change the IP.

Hi Graham9,

DNS test results are fine: http://dnscheck.pingdom.com/?domain=barnesinmandesign.co.uk&timestamp=1414692830&view=1
With such IDS alerts like “ET POLICY SSLv3 outbound connection from client vulnerable to POODLE attack” hosting elsewhere could be an option. Moreover because your domain is on that same IP with 1720 other domains: https://www.virustotal.com/nl/ip-address/217.199.187.58/information/
Avast detects HTML:Iframe-inf malware from one of these domains, and also Win32:RmnDrp malware and others, like Win32:RmnDrp.
Also quite some header security issues, scan with http://cyh.herokuapp.com/cyh to see the details.Only categorey content correctly configured. So the hoster just seem to be in there for the money and security is a last resort issue.
Eddy went over most of the third party cold reconnaissance scanning results and I came up with some additional issues all out of your hands as a responsible webmaster. Pondus’s suggestions are valid ones. :wink:
Ask an avast team member for a domain exclusion for that general IP block. We here cannot do that as we are just volunteers with some relevant knowledge, and just into this for the good of our soul.

polonus (volunteer website security analyst)

Thank you.

I am migrating to another provider as we speak.