How do we get our domain Whitelisted again?

After pulling some hair out, we realized avast Network Shield was blocking our domain, alltech (dash) computers (dot) net. This is really frustrating since most of our customers use avast and now can’t pull up our website.

This started a couple days ago for some unknown reason. Our code has not changed in about two years and we’ve ran it thru other malware scanners and everything comes up clean.

What must we do to have our site available to avast users again?

Thank you.

You can report a possible FP here: http://www.avast.com/contact-form.php?loadStyles

http://sitecheck.sucuri.net/results/alltech-computers.net
http://zulu.zscaler.com/submission/show/879fe3454a1ec4eedaa7871e54e67ac1-1333201635

I think you may have a hosting problem as aside from your domain there are others on/associated with that same IP address.

Whilst your site comes up clean in urlvoid, there are other sites associated with that IP which don’t, see http://www.urlvoid.com/scan/alltech-computers.net/, so the block may be at IP level.

  • There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for: * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.

  • If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for review, etc. A link to this topic also wouldn’t hurt.

Thanks everyone for the quick replies. I went ahead and forwarded a message to avast support. Fingers crossed

You’re welcome.

Hopefully they can drop the IP level blocking and be more defined on the domain only.

Still given suspicious here: http://urlquery.net/report.php?id=36624 (but no specific alerts given - must be because of various spam blacklists)
Just also check this in the code, might not be anything but I get a suspicous code alert for this:
alltech-computers dot net/scripts/clock2.js benign
[nothing detected] (script) alltech-computers dot net/scripts/clock2.js
status: (referer=alltech-computers dot net/)saved 1242 bytes e77859dc4aed2bce0255fe205210bd94ab470827
info: [decodingLevel=0] found JavaScript
suspicious:
The IP has been associated in the past with distributing the following malware: PHP/Pbot.A.6, PHISH/TAM.A, VBS/Agent.psi, mdl_Leads to Blackhole exploit, all malware all dead since: 2012-01-21.

The AS AS13237 has the following issues - according to the sitevet report:
AS Name: LAMBDANET-AS European Backbone of LambdaNet
IPs allocated: 393216
Blacklisted URLs: 963

Hosts…
…malicious URLs? Yes
…badware? Yes
…botnet C&C servers? Yes
…Current Events? Yes

Other specifics about http://alltech-computers dot net/ only issue Spam check gives a suspicious for your domain - found in various blacklists.
Here we have an all safe: http://www.webutation.net/go/review/alltech-computers.net
BrightCloud Content and Reputation gives the site an index of green 96 so that is O.K.
But the IP get a yellow 40 meaning that “There is a higher than average probability that the user will be exposed to malicious links or payloads”,
but why this has been explained to you in previous messages of this thread,

Hope soon our visitors can again visit your site, stay secure online,

polonus

I went ahead and removed this line just to see, but it made no difference. It’s basically a little js that displays the current date on the page, had it on there for years. Was worth a shot anyhow. Thanks.

I suspect this is a IP block on my shared host. Looks like one bad apple has ruined it for the bunch. I hope avast can somehow omit my dns from that IP.

There were four bad apples on that bunch of eight other domains (not just one) on that shared host, urlvoid link.

Those names you linked in that image just sound suspicious.

I guess I’ll just have to wait and see what avast support has to say next wk. I’m sure they’ll be able to clear things up somehow. Thanks for all your help and insight.

It isn’t that uncommon on some shared hosts, that they get a lot of bad apples and aside from the weird/suspicious names, the country codes are somewhat suspect also, like why they would be hosted on a German server. Though I don’t believe there is any pre-requisite that you have to have your domain hosted in line with its country code.

You’re welcome.

I haven’t received a reply to the email I sent, but the problem seems to be corrected as of this morning. I’ll post here if something should change. Thanks again.

Generally you wouldn’t get a reply unless they required more information, they would just analyse and correct as required. So in this case it looks like they may have lowered the blocking level from IP to domain specific.