Help: Site blocked - URL:Mal

Hello, our site http://pixieset.com started getting blocked by Avast this morning (Nov 19). It’s giving us the message “Infection type: URL:Mal”. We have done investigation on our end and everything appears clean, and believe that this is a FP.

External scan results:
http://sitecheck.sucuri.net/results/pixieset.com
http://zulu.zscaler.com/submission/show/7d72a16e72e7dd73668ec689cb91ee73-1416420065

Can someone help us get off the Avast block list?

Thank you!

This could be a general IP block (one of the other domains on that same IP address gave rise to that) or it is the beacon-4.newrelic.com Adware or PUa (Conduit) that is flagged. See code: http://jsunpack.jeek.org/?report=9820a0be6cbe1e7e37476e388fde81c0fee2710e
You should take this up with an avast team member via virus@avast.com.
We are volunteers here with relevant knowledge, but unblocking comes through avast team members.

pol

Hi Pol, thanks for the reply.

Is emailing virus@avast.com same as contacting Avast here: http://www.avast.com/contact-us.php?subject=VIRUS-FILE ? I have done that this morning but I haven’t received any updates yet. Do you know if removal usually happens quickly? It’s impacting a number of our users so we’re trying to get this fixed asap. I will also try removing New Relic stuff to see if it helps.

I think what’s strange is that even our 3rd party service with our domain name mapped (i.e. http://support.pixieset.com ) is also blocked. It doesn’t look like it’s IP specific.

Hi simon-ps,

As an avast team member looks into the matter (also mail them there and you could include a link to this thread also) and the block is no longer needed, then these issues can be solved rather quick. Sometimes with an upcoming update. You might have to wait until to-morrow, because in Central Europe it is half an hour before midnight and soon people will call it a day and go to bed.
I hope the issue will be settled soon for you, your website and your website visitors naturally,

regards,

polonus

Emailed virus@avast.com and our site was removed off the block-list the next day. Thanks Pol!