Hello there,
I just discovered that my website is being blocked (URL:Mal2) by avast! Free Edition.
My website is : http://www.leblogduhacker.fr.
There is no threat on the website and I guess avast is reading a little too fast the “hacker” term.
I help people to protect their computer and privacy and I encourage you to check by yourself in case of any doubt.
Regards.
URL:Mal = IP and/or domain is blacklisted.
vulnerable libraries :
http://retire.insecurity.today/#!/scan/b303e907b38c77bcef48ccdfc68ce959be63fd570f4e2ef3808b030174cc3069
Blacklisted :
http://multirbl.valli.org/lookup/104.28.21.53.html
http://zulu.zscaler.com/submission/show/274bf25731b3acf3ea0a150ea82c317a-1459797248
Perhaps the main problem is caused by you using Cloudflare.
Thank you for your quick answer Eddy. I disabled CloudFlare but the alert doesn’t stop showing up. I also had a “Script:inf” threat alert, do you think it has something to do with the jQuery lib?
@Jakub, it’s not just the logo, I also had the favicon.ico and all the other files detected.
It can have to do with the JQuery insecurities, but only someone from avast can tell what exactly was detected/why the site is blocked.
I suggest you solve the JQuery problems, it will make the site more safe.
I will try to fix the jQuery insecuritites, but the problem is that Wordpress itself load the libraries : http://www.leblogduhacker.fr/wp-includes/js/jquery/jquery.js?ver=681a0fbf01ffa8a1c3226acc958ffdd9
There is also WordPress insecurity detected.
Check all: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
woocommerce-follow-up-emails
woocommerce 2.5.5 latest release (2.5.5)
http://www.woothemes.com/woocommerce/
jetpack 3.9.6 latest release (3.9.6)
http://jetpack.com
wp-polls 2.72 latest release (2.72)
https://lesterchan.net/portfolio/programming/php/
thrive-visual-editor
jquery-image-lazy-loading 0.21
http://github.com/ayn/wp-jquery-lazy-load/
wysija-newsletters 2.7.1 latest release (2.7.1)
http://www.mailpoet.com/
what-would-seth-godin-do 2.0.6 latest release (2.0.6)
http://richardkmiller.com/wordpress-plugin-what-would-seth-godin-do
Also consider this scan: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.leblogduhacker.fr
But the alert from Avast on the browser executable can only be explained by an Avast Team Member,
and we here are not, just volunteers with relevant knowledge.
polonus
You are definitely volunteers with relevent knowledge, and thank you again for that.
Now jQuery is up to date : http://retire.insecurity.today/#!/scan/db6f8b22d96d358b973bd570d68f01522fa89e62444dbec7bd695bf4b84fcd0b
The domain is not blacklisted (as I can see) and VirusTotal doesn’t see any problem with my website : https://virustotal.com/fr/url/bb5768e71d616deeb33cbcda95a97a9eb77f073de22593f430a043a6c7efc544/analysis/
I guess thousands and thousands of website are using those plugins…
Is avast really blocking my website because of the term “hacker”??
As far as I know, avast doesn’t look at domain names for hacker (and other strings like that)
I guess that the threat “URL:Mal” means that the domain name is problematic, but I contacted the support to report the false positive anyway. I hope they will be as fast and helpful as you.
For now I don’t see anything else that could lead to this alert. Nothing changed on the website, and every single URL is detected by avast, which brings me more than 50 ‘threat blocked’ alerts…
The amount of detections comes from the blacklisted domain and/or IP.
There is URL:Mal and URL:Mal2
According to someone from avast the difference is likely what scanner of avast is detecting it.
Both however (as far as avast told me), mean that the IP and/or Domain is blacklisted.
The problem can very well be the use of CloudFlare.
They don’t take security, blocking malicious sites and such not exactly serious.
I removed leblogduhacker.fr from our blacklist 
As others said:
URL:Mal or URL:Mal2 detections both mean the URL (either a domain, subdomain, path, IP, or any combination of these) is on our blacklist.
If the domain is blacklisted, the Avast popup shows the URL entered in the browser (so if the user entered “images.leblogduhacker.fr/logov2.jpg” and “leblogduhacker.fr” was blocked, Avast would show “images.leblogduhacker.fr/logov2.jpg”).
If the domain is not blacklisted, Avast lets your browser check the DNS for the IP, and then tests the IP. If the IP is blacklisted, Avast would show something like “104.28.20.53” when displaying the popup.
This was the old “Network Shield” - checking if the URLs are blacklisted.
Then we have the old “Web Shield”, which actually checks the inside of the page (the source code). When Avast sees a suspicious code, it shows a popup with whatever was suspicious: this includes all JS: and HTML: detections.
A strange crossover is the HTML:Iframe-inf, HTML:Script-inf, etc - this means a blacklisted domain is being loaded into an otherwise clean domain.
The old network shield and old web shield were merged into Web Shield, as we know it from the current versions of Avast, as a means of simplification. Deep down there, though, it still works as previously, merging is mostly a GUI issue.
If you guys have more questions, I will be happy to answer them 8)
Hello HonzaZ and thank you for your support and the clarifications!
May I know why exactly the domain was blacklisted? And did the alert really come from the insecure jQuery libraries?
Regards.
Hard question, as the analyst who blocked it isn’t at work today :).
I would say it is possible though!
Hello there,
Any news about the blacklisting of my website? I have still sometimes an alert for the subdomains like //images.leblogduhacker.fr.
I have no idea if it comes from my version of Avast or not, but I’m not totally sure the problem is fixed 
Did you try turning your shields off then back on again? Sometimes Avast holds the cache a little too long…
Indeed, it looks like the alert stopped showing up after disabling/enabling.
Thank you again!
I have the same false positive problem with Avast on my site at rplstoday.com – I can assure you it is clean, as we constantly monitor and scan it for problems. The only reason I found out was because a few users told me that Avast was blocking them. Both Sucuri and VirusTotal show the site as safe, not infected, and not blacklisted.
https://sitecheck.sucuri.net/results/rplstoday.com
Can you please explain WHY this is happening and remove the site from your blacklist?
It is not a false positive.
avast says the Domain and/or IP is blacklisted and that is true.
https://www.virustotal.com/en/url/d2df0bcb11b63f160b6bc857e25cad8d6c02104d347bc1a0f2b040045bb4ec7e/analysis/1460658508/
http://www.urlvoid.com/scan/rplstoday.com/
http://multirbl.valli.org/lookup/67.225.159.47.html
Insecure headers :
https://securityheaders.io/?q=rplstoday.com
No support for TLS 1.2, which is the only secure protocol version
https://www.ssllabs.com/ssltest/analyze.html?d=rplstoday.com
http://urlquery.net/report.php?id=1460658913387
http://urlquery.net/report.php?id=1460658915212
Wow, thank you for all that great information. We are looking into it! 
I do think the notifications from Avast and BitDefender are misleading though. They both claim malware.
avast doesn’t say there is malware.
avast says that the Domain and/or IP is blacklisted.
https://forum.avast.com/index.php?topic=185110.msg1304746#msg1304746