Every day avast block my sites !!!!

depuis une semaine chaque jour je trouve que avast bloque l’un de mes sites

hesball.net
zizocar.net
vanball.com
jbilo.com
havanvan.com

i don’t know what is the problem , all the sites not contain any virus

http://www6.0zz0.com/2014/03/12/09/176038724.jpg

http://www6.0zz0.com/2014/03/12/09/430676399.jpg

URL : Mal means they are on an URL or IP Block list.

http://www.urlvoid.com/scan/hesball.net/
http://www.urlvoid.com/scan/zizocar.net/

It appears you’ve been hacked. Massive redirects to hXXp://wXw.vivocar.com

all websites are on same IP ( 87.98.166.118 ) and is blacklisted here http://www.apews.org/

CASE: C-22 Dynamic IP space, generic DNS/rDNS, no PTR Direct connections to MX not permitted, you need to use your ISP servers or smarthost

urlQuery http://urlquery.net/report.php?id=9867160
Intrusion Detection Systems Suricata filter alerts

Not only that. Yuo’ve been blacklisted for 3 years. 2011-02-21 2011-03-02: Entry changed from 87.98.166.0/23 to 87.98.166.0/24

Oh, Pondus, thanks for removing that dupped post :slight_smile:

Oh, Pondus, thanks for removing that dupped post
huh ? ???

I removed it. :wink:

This is a double post.
http://forum.avast.com/index.php?topic=147487.msg1070921#msg1070921

In fact, the OP did post it 4 times, 2 were removed, leaving the ones in different languages.

i don’t know what i do now , i need to change the host ???

no , i just redirect the old site to the new

Then why does it also redirect to other sub-domains?

Eg: wXw.vivocar.com/mercades.

If you’re attempting to redirect to your new domain, then why have a buch of other redirects? It looks very suspicious too me.

THank Asyn, thought Pondus removed it.

Suspicious code there, see image attached.
Emsisoft reports this as Gen:Adware.MPlug.1 (B)

polonus

not is a false positive
vanball.com
hesball.net

http://urlquery.net/report.php?id=9867160

URL unblocked
zizocar.net
jbilo.com
havanvan.com

Hi Polonus,

What does that code do? I cannot see all of it.

What exactly is malicious here? Up until now I’ve seen scan results that have yielded false positives.

~!Donovan

Hello,
hesball.net and vanball.com are using DNS afraid.org. Any domain hosted on afraid.org can be used by other persons for dns hosting without your control. It happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later.

Milos

Hi Milos,

Thanks for the confirmation.

Best,
~!Donovan