False positive on the website - need help how to resolve this.

Avast reports a false positive on the https://bobinakit.com, the site I maintain which is run by the jewelry company operating in Serbia for almost 20 years now.

I sent multiple requests on the contact form but no one replies and the issue is still present, though the site is clean. This is hurting the business a lot and I would like to find an efficient way to resolve this as quickly as possible.

Please help.

Hi

Some code to be retired: -https://bobinakit.com/
Detected libraries:
jquery - 1.8.2 : (active1) -https://bobinakit.com/js/eternal/jquery/jquery-1.8.2.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
prototypejs - 1.7 : (active1) -https://bobinakit.com/js/prototype/prototype.js
jquery-ui-dialog - 1.9.2 : (active1) -https://bobinakit.com/js/eternal/jquery/jquery-ui-1.9.2.min.js
Info: Severity: medium
http://bugs.jqueryui.com/ticket/6016
jquery-ui-autocomplete - 1.9.2 : (active1) -https://bobinakit.com/js/eternal/jquery/jquery-ui-1.9.2.min.js
jquery-ui-tooltip - 1.9.2 : (active1) -https://bobinakit.com/js/eternal/jquery/jquery-ui-1.9.2.min.js
Info: Severity: high
http://bugs.jqueryui.com/ticket/8859
(active) - the library was also found to be active by running code
3 vulnerable libraries detected
Script blockers block: uMatrix has prevented the following page from loading:
-https://bam.nr-data.net/1/363cfd5bd
See: https://oscarotero.com/embed/demo/index.php?url=https%3A%2F%2Fbobinakit.com&options[minImageWidth]=0&options[minImageHeight]=0&options[facebookAccessToken]=&options[embedlyKey]=&options[soundcloudClientId]=YOUR_CLIENT_ID&options[oembedParameters]=
Avast detects an infection on chrome.exe and blocks accordingly.

Checked the site for cloaking: There is a difference of 71 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that’s trying to hide from browsers but make Google think there’s something else on the page: http://isithacked.com/check/https%3A%2F%2Fbobinakit.com

polonus

Also check this:
Most script blockers also block this. But I should not worry too much about this monitoring script.

polonus

html scan
https://www.virustotal.com/en/file/87e809c866c4b5b31d9552a1245896894fefcb1e55b252434be9c48f496e3a1a/analysis/1452201444/

Hi Pondus,

Similar malcode here, with a wider detection pattern on html_sample.txt: https://www.virustotal.com/nl/file/9f4fa1a7176bbc3befb3acee5d941e7fdaf6a09208b391558826f4fe312db0a4/analysis/1442419761/

polonus

file name comes from me, one of my previous uploads to VT https://forum.avast.com/index.php?topic=176544.msg1251946#msg1251946

Avast reports a false positive on the https://bobinakit.com
No, avast is not reporting a false positive. URL:Mal = IP/domain is blacklisted, and that is true. http://multirbl.valli.org/lookup/198.211.120.11.html

And there are security issues with the site:
http://retire.insecurity.today/#!/scan/65af4cde066ba2a059d308b4ca3ea0efbd9b24b12e4708f2fcea2557fca1fcd3

SSL/TLS problem :
Still vulnerable to a Poodle attack.
Over a year ago there already was a solution for it >:(
https://www.ssllabs.com/ssltest/analyze.html?d=bobinakit.com

Second opinion from F-Secure

=================================================
The submitted website has been verified to be clean and is not malicious.

As we have established now, site should not be flagged as it is free of malcode per se.
That means an AV software should not flag it as malicious.
As we start to look whether the site has vulnerable code that should be retired and updated/patched,
then the site is vulnerable and these insecureties should be addressed asap by any responsible website admins.

polonus

I do not see any malicious activity on the domain now, so I am unblocking the domain now.