False positive report URL:Mal

My new site http://www.cardriot.com was launched recently and was setup just 2 weeks ago, but it’s showing a URL:Mal alert in Avast.

I’ve checked with dozen other programs and scanners and they all come up with nothing.

I would like to get this resolved asap.

reported :wink:

Thanks. I reported it as a false positive also, but I saw a bunch of threads here for the same thing, so I posted because I thought it might be faster to get resolved.

Re: https://urlscan.io/result/fbfe877c-96cb-4b12-877a-04c4f2830cd2#summary

Website could be a tad more secure in various respects,

Just check also this: https://urlscan.io/result/fbfe877c-96cb-4b12-877a-04c4f2830cd2/dom/
There is an exploit for register.php from 2003 → https://www.exploit-db.com/exploits/22990/
as this site uses vBulletin indeed.

Site has retirable jQuery library: http://retire.insecurity.today/#!/scan/811fc5614136cbb0366e1ec4143c8b9c5930ee86d954d1d04122fa7a7c4fae61

See the sources and sinks here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.cardriot.com%2Fclientscript%2Fvbulletin-core.js%3Fv%3D423

B-status: https://sritest.io/#report/4f35edb2-17e8-4449-96b5-e928127d060a

A meagre F-status: https://observatory.mozilla.org/analyze.html?host=www.cardriot.com

polonus (volunteer website security analyst and website error-hunter)

I have removed cardriot.com from our blacklist :wink: