(goldie_) URL:mal block my site

Re: http://forum.avast.com/index.php?topic=96334.msg771597#msg771597

Avast is not alone. More sites that report blacklisting:
https://www.virustotal.com/url/2c559f2d4c5665b3c30bf316fad8981f5925f9e98a56e8182482962e4c931cd3/analysis/1333570085/
http://www.urlvoid.com/scan/chillout.rs/

Suspicious Patterns Found:
http://zulu.zscaler.com/submission/show/2e2420e5849643a096fc8447c2dc1cd2-1333570124

Unknown Reputation:
http://urlquery.net/report.php?id=38255

Avast! alerts an infected script:
https://www.virustotal.com/file/0b58701937ace49c9583a136033bfc8320b50d253b88d594f62136f0d8097ffc/analysis/1333573551/

However, a Wepawnet report shows clean:
http://wepawet.iseclab.org/view.php?hash=2307f168ba17273b356e1b234a745b0d&t=1333573784&type=js

Because you are the only one with that IP site, I suspect that the site HAS hosted malware recently.

To get your site whitelisted from avast, you can report your site here: http://www.avast.com/contact-form.php?loadStyles

Sucuri report: WordPress version outdated: Upgrade required.

URLVoid http://www.urlvoid.com/scan/chillout.rs/

At some time the IP had TR/Graftor.162 on it a.k.a. P2P-Worm.Win32.Palevo.dulw,
therefore could be an overdue IP ban.
Because that malware was here: htxp://chillout.rs/facebook-pic-#####-JPEG
Has been closed since: 2011-10-20 02:30:36
The WP software should be updated, else there is chance for the site to be re-infected.

polonus

Hi everybody and thanks for quick answer.

It’s true that the website was infected long time ago but it was at the beginning of 2010. Virus was removed successfully in a short period and everything worked normaly after that.
Suddenly on 20th October 2011 Avast started to block that website even though the files on the server remained the same. Since then I’m using MAC OS for browsing that website. I have also used other PCs with other antivirus programs and i could browse the website without any problems.

There is no any facebook.* file on the server for a long time. I have also downloaded all files from server, scanned them with Avast and I didn’t found anything suspicious.

I have already reported site here http://www.avast.com/contact-form.php?loadStyles few weeks ago but nothing happened since then.

Thanks once again for your help.

Try reporting again and give a link to this topic. :wink:

More than 10 days since I sent an e-mail including the link to this topic and still nothing :slight_smile:
In the meantime Trend Micro changed its status about http://www.chillout.rs/ “The latest tests indicate that this website contains no malicious software and shows no signs of fraud.”
http://global.sitesafety.trendmicro.com/

more than a month :wink:

Maybe the avast! team has something to say…? ???