False positive for ecommerce web site - Complaints from users.. Solution?

Hello,

i do not know how to solve a sure false positive URL:mal that popups when users of our ecommerce web site www.anesishome.gr visit the web site.

The web site operates just a month, it has been thorougly checked and in no way does it host malware. The web site is not mentioned anyware as hosting malware, no other antivirus software reports is as a malware site.

I suspect that there is an issue with the ip the datacenter provided us with, because they mentioned that it is not 100% clean, meaning probably that in the past it might have been serving malware. However there is a large number of users using avast that complain that they cannot access the web site, and since this is an ecommerce web site, it is a big problem.

I don’t know if you can resolve this issue by removing the ip from your blacklist, but it is a mess asking the customer to disable their web shields just to browser the web site, not to mention the negative impact this has on the store business

Thank you

First of all, domain name en IP are two seperate things.
Yes a domain has a IP, but a IP can host multiple domains.

blacklisted:
http://zulu.zscaler.com/submission/show/912f1b2181245735a9727c5b9b17934c-1414257496
http://multirbl.valli.org/lookup/178.162.193.236.html

Many problems on the same IDS:
http://urlquery.net/report.php?id=1414257703200

DNS problems:
http://dnscheck.pingdom.com/?domain=www.anesishome.gr
http://dnscheck.sidn.nl/?time=1414257981&id=1776914&view=basic&test=standard

Setting cookie(s) in violation with the European rules/laws for it:
http://fetch.scritch.org/%2Bfetch/?url=www.anesishome.gr&useragent=Fetch+useragent&accept_encoding=

https://www.ssllabs.com/ssltest/analyze.html?d=anesishome.gr&s=178.162.193.236

there is more then one domain on your IP (178.162.193.236)
https://www.virustotal.com/nb/ip-address/178.162.193.236/information/

IP is blacklisted at apews.org and tor.dnsbl.sectoor.de http://whatismyipaddress.com/blacklist-check

apwews blacklist is old … this is what they say

Oooops 178.162.193.236 is currently listed in APEWS :-( Entry matching your Query: E-599435 178.160.0.0/13 CASE: C-131 Unallocated CIDR, no traffic until allocated, or allocated to bad reputation provider or allocated but dynamic / generically named IPs, or bogons, see www.cidr-report.org, or orphaned IP / CIDR in routing table History: [b]Entry created 2012-08-25[/b]

3 of the other URLs are blacklisted
http://www.urlvoid.com/scan/ecuf.mediclujz.ru/
http://www.urlvoid.com/scan/doctorswrs.cn.com/
http://www.urlvoid.com/scan/bxmjgpbj.mediclujz.ru/

so this is probably a general IP block… you may report your issue to avast here http://www.avast.com/contact-form.php

Thanks for the info,

from the links you provided and from what i have checked the ip is the reason behind this issue.
As far as the cookies, etc are concerned the web site has a message about cookie usage, and apart from that this is no reason for a web site to be blocked as malware…

There are no other web sites using this ip at the current time being, only this one. It has been provided by our datacenter when the server was setup.
I do not know the history behind the ip address, who was using it in the past, for what purposes, etc, nor what other ips on the neighborhood are doing…

Do you have any suggestions on how to unblock this. The web site is not hosting malware… Do you think that contacting avast directly will solve this issue?

Thanks again

Thanks for the information… I will go ahead and contact avast…

it is not blocked as malware … URL:Mal means URL or IP is blacklisted for whatever reason, there can be many

use the link i gave above and report it to avast, you may give link to this topic

Delegation error for that sub domain: http://dnscheck.pingdom.com/?domain=www.anesishome.gr&timestamp=1414279508&view=1
nameserver errors and SOA warnings for main domain: http://dnscheck.pingdom.com/?domain=anesishome.gr&timestamp=1414279584&view=1
Read: http://whois.domaintools.com/anesishome.gr
Peter Kleissner’s VirusTracker gives the site as with active malware: AnesisHome dot gr,-ns1.redmob.gr,Criminals,
Furtehrmore there is a security certificate issue for external script: htxtps://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js
Also code hick-up:
-assets.anesishome.gr/assets/js/anesis.js.pagespeed.jm.aied7Vy5Fs.js benign
[nothing detected] (script)- assets.anesishome.gr/assets/js/anesis.js.pagespeed.jm.aied7Vy5Fs.js
status: (referer=wXw.anesishome.gr/module/blockwishlist/mywishlist)saved 10126 bytes b023cd98c82d96138f6f73aa7578ffabff3a3101
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable a.fn
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var a.fn = 1;
error: lin -Re: > http://jsunpack.jeek.org/?report=c54c37c76d1866fa680430f270a8ed00ee36c642

polonus

Thank you all for your information…

As i mentioned the ip the datacenter has provided us with, has indeed a bad history…

Anyway i opened a support ticket with avast, i suppose they did their checks on this, and with the last update, the web site is not blocked anymore.

They were indeed very fast with resolving this…

Hi chopanos,

Good avast team members could unblock for your domain.
Keep a check on that hosting party that they won’t go sloppy again. ;D
Stay safe and secure with your domain, is the wish of,

polonus