Avast reports www.bigstash.co as URL:Mal.

However, all scans show that www.bigstash.co is clear from any malware.

http://quttera.com/detailed_report/www.bigstash.co
http://sitecheck.sucuri.net/results/www.bigstash.co
https://www.virustotal.com/en/url/44f693a7cd5c67901eeb9c93f4e9487a8a4bc5f0f93c64262c811233b947d443/analysis/1421947468/

What can we do? We’ve spent hours trying to pinpoint the problem, but we can’t find anything.

http://urlquery.net/report.php?id=1421951067954
http://urlquery.net/report.php?id=1421951227187
http://www.scamadviser.com/check-website/www.bigstash.co
https://www.ssllabs.com/ssltest/analyze.html?d=bigstash.co
http://toolbar.netcraft.com/site_report?url=www.bigstash.co
http://tinyurl.com/ku7cbg6
http://dnscheck.pingdom.com/?domain=www.bigstash.co

https://www.avast.com/contact-form.php?subject=VIRUS-FILE

Eddy, thank you for the links, but I can’t see how they are related to my problem.

None of the links above indicate that the site is malicious.

I hope someone from Avast is looking into this. I’m starting to estimate the damage we are suffering.

Use the last link and avast will have a look at it.

No SOA records and DNSSEC issues http://dnscheck.pingdom.com/?domain=www.bigstash.co&timestamp=1421957858&view=1
IP blacklisted probably due to spam http://multirbl.valli.org/lookup/54.148.211.128.html

Agree with what our friend Para-Noid reports, this lies probably at the root of the avast! detection.
Other issues also needs tackling by webmaster and or hosting party alike.
Your site is a multiple IP site: issues for 54.148.211.128 → https://urlquery.net/report.php?id=1421946896860
Not so far as I can establish for 54.148.80.200 There was also a third IP used in the past.

Server has a leak history → gunicorn/18.0 Netcraft risk 1 out of 10.
Security header check: https://www.uploady.com/#!/download/Q1W9jGPw9j9/bZhS6_k0nsek9lGG
See BigStash embedded links: htxps://dh3qf5xdyy43q. => https://www.virustotal.com/de/ip-address/54.230.89.145/information/
Another embedded detected: https://www.virustotal.com/de/domain/vassg141.ocsp.omniroot.com/information/
Questionable web rep for https://www.mywot.com/en/scorecard/adroll.com?utm_source=addon&utm_content=popup
Better stay away from adroll retargeting? Read: https://www.mywot.com/en/scorecard/adroll.com?utm_source=addon&utm_content=popup
This test seems OK: https://ssl-tools.net/webservers/www.bigstash.co
If you mean your site is free of malware, contact avast at virus@avast.com referring to this thread.
as I am not an avast team member to unblock, I am just a volunteer with relevant knowledge and years of experience ;),

polonus (volunteer website security analyst and website error-hunter)

I think pingdom is supposed to check domains, not hostnames: http://dnscheck.pingdom.com/?domain=bigstash.co&timestamp=1421961048&view=1

No this checks DNS servers - main issue for this scan is

SOA
Delivery over IPv4 to awsdns-hostmaster@amazon DOT com could not be done.

Failed to deliver email for SOA RNAME of bigstash.co (awsdns-hostmaster.amazon DOT com) using awsdns-hostmaster@amazo DOT com.

DNSCheck failed to deliver email to the email address listed as the one responsible for the zone.

Could not get domain’s name servers from parent servers. It is a Multiple IP/Ghosted site.
Also consider: https://www.robtex.com/en/advisory/dns/co/bigstash/www/ (not a dns scan)

polonus

Eddy, thank you for the links, but I can't see how they are related to my problem.

polonus, I insist that the domain is not www.bigstash.co but bigstash.co.

SOA records are not expected on a CNAME or A record, but on the domain. If this was the case, forum.avast.com would fail the tests too: http://dnscheck.sidn.nl/?time=1421973274&id=1792729&view=basic&test=standard

bigstash.co has no DNS issues, not even a warning: http://dnscheck.sidn.nl/?time=1421972672&id=1792727&view=advanced&test=standard

If you think the block is wrong, report it here https://support.avast.com

polonus, I insist that the domain is *not* www.bigstash.co but bigstash.co.

Avast reports www.bigstash.co as URL:Mal. However, all scans show that www.bigstash.co is clear from any malware.

Eddy, there are Domain-related issues and URL-related issues.

When dealing with domain-related issues, one should check the domain. For example, when conducting DNS checks.

When dealing with url-related issues, one should check the host/url. For example, when checking for malware.

The URL:Mal issue seems to be a domain-related one, since all our sites (for example, status.bigstash.co hosted on tumblr and blog.bigstash.co hosted on ghost.org) are also blocked. Any domain checks I’ve seen (the domain is “big stash.co”) do not raise an issue that will explain why the whole domain is blocked by Avast.

We’ve tried contacting Avast using all the available forms, but we’ve had no response. This is getting out of hand, and I’m very angry and disappointed by Avast.

Obviously, the only way to get someone at Avast to deal with this is through our lawyers.

No, the only way is to fix issues and use:
https://www.avast.com/contact-form.php

The problem has been fixed, Avast has removed the “block” on our domain.

Thanks to everyone who helped.

If it isn’t www(dot)bigstash(dot)co why did your original post show it is?

We are still being confronted with a “End-user Non-MTA IP address” -

The first one is Spamhaus’ PBL list which is described as blocking mails from “Non-MTA IP address ranges set by outbound mail policy.”, which as far as I can see requires that the the network administrators add their networks to the list. Since the IP addresses have not been added to their list as being Non-MTA/dynamic IP addresses, I can’t see any logic in them randomly failing with that error code?

polonus

ok … I need a little help with this stuff, not sure if I’m in the right thread or not …

I do a LOT of crocheting, and look for patterns online.
One of my FAVORITE sites http://www.petalstopicots.com now comes up as a malicious url

How can I exclude it from avast blocking it?

https://www.avast.com/contact-form.php?subject=VIRUS-FILE

Change the topic to “report false virus alert on website”

thank you