How to remove website from Avast blocklist ?

Hello dear Avast Support team,

I checked my website today and my Avast firewall blocked it with reason URL:Mal.

I checked all files, including logs, server is under control and i don’t have any viruses on any pages. I checked site with many online checkers and all scans shows that site is clear from any malware. So i think it was blocked by mistake, please help, how i can unblock it from your lists ?

Website url: hxtp://bestporntube.ru

I am using liveinternet.ru counter to count my visitors and i read that liveinternet.ru service is suspicious script and it also blocked by Avast, maybe problem is here ? But it’s only counter… not virus…

I carefully watch for the safety on the server, my site had no viruses, no malware, no any suspicious scripts, please tell me how to remove my site from your blocklist?

Already sent ticket with web-form here: http://www.avast.com/contact-form.php?loadStyles

Thanks for your time and for Avast product!
Yours, Igor.

TrendMicro doesn’t like it either, VirusTotal site check..

Same TrendMicro in another scan site http://www.urlvoid.com/scan/bestporntube.ru.

Though Sucuri finds nothing.

Normally the reporting using the form is quick to investigate and correct as required.

EDIT, liveinternet.ru also gets hits, http://www.urlvoid.com/scan/liveinternet.ru

well…pornsites are suspicious ;D

Pondus,

Agree these kind of sites always pose an additional risk attracting malcreants,
to add malcious code, especially to perform tracking_click fraud, etc.
Who is going to complain?

Well, I think it is the link to -http://www.liveinternet.ru/click
and on that link the following javascript code is suspicious:
-www.liveinternet.ru/ReActive/js/global/lib/lici.js suspicious
[suspicious:2] (ipaddr:88.212.196.87) (script) -www.liveinternet.ru/ReActive/js/global/lib/lici.js
status: (referer=-www.liveinternet.ru/click)saved 14363 bytes f86c1307ab3dff55cc6d14b520970d2d3c87e2bb
info: [decodingLevel=0] found JavaScript
suspicious: click is infected with JS/Redir.FU :
http://vscan.urlvoid.com/analysis/cbd7e81c6670c720207ec566d41d66b5/Y2xpY2s=/
-http://counter.yadro.ru/hit;li_face?q;r;s102476824;uhttp%3A//-www.liveinternet.ru/;hen;0.75505052332

polonus

Hello guys and thanks for your help, still did’t receive any answer from Avast support team on email from my ticket…

So i just need to remove liveinternet.ru counter code to get unlisted ?

I am in shock because of most russian webmasters are using this counter and statistics for counting visitors, etc… really millions of websites using it and all they will be blocked with Avast ?

Don’t you think that’s absurd? I am sure that the counter code is not malicious, liveinternet.ru working more than 10 years and no one from webmasters or russian Antivirus like AVP complained to malicious code…

Hello,

this was a false positive. It will be fixed in the next virus definition update.

Best regards

Alena Varkockova

Hello dear Alena, thank you for fast answer! Waiting for next virus definition update.

Hi drugshater,

The flag on the counter code was just a possibly suspicious via a jsunpack check on that particular site’s code. Does not mean anything to be out of order, just mentioned by me as an issue to check up, as we do not take anything for granted. Got word from DrWeb’s that that counter code is OK,

polonus

I have the same issue while browsing http://mixsms.com and having issue an error message appeared again and again however when I browsed same site on other computer having NORTON SECURITY I didn’t got any error.

Please guide how to fix it?

First, when posting links to suspect sites please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

I have been able to connect to that site without alert using avast and firefox 16.0.2 - You will have to be more specific on the alert, either full text of alert window or attach a screenshot of the alert window.

hello, my site www.lombardi.com.ar has also been listed on avast by error. Please let us know how to fix it asap
Thanks

Hi,
I unblocked the domain.

Please unblock DuxburyNews.com.

Thanks!

Please unblock www.telos.de and www.telos.info

There are no harmful things there. We have testet it with a bunch of software packages.

Thank you

Sites are opening without a problem for me.

Avast sees that there is something else loading with the page the /|>{gzip} bit at the end of the URL in my attached image. The same alert is occurring at both links that you gave.

Having seen this type of alert before, the indication is that it is loading a compressed script file. Is there anything like that loading intentionally at your site ?

Address is could be redirecting to banner malcode?
Issues with telos dot de.
OpenSSH 5.5p1 Debian 6+squeeze7 (protocol 2.0) PHP/5.3.3-7+squeeze1
PHP vulnerable to arbitrary PHP code execution.
Site risk status 1 red out of 10: http://toolbar.netcraft.com/site_report?url=http://satellit.telos.de
For wxw.telos.de → Overview
Cookies not flagged as “HttpOnly” may be read by client side script and are at risk of being interpreted by a cross site scripting (XSS) attack. Whilst there are times where a cookie set by the server may be legitimately read by client script, most times the “HttpOnly” flag is missing it is due to oversight rather than by design.

Result
It looks like 2 cookies are being set without the “HttpOnly” flag being set (name : value):

PHPSESSID : mk16r3l8l278mpqh8oc7uhjul0
nf_wp_session : 69eb2731a4e2578d600b0d0f57a9bb46%7C%7C1444863977%7C%7C1444863917

This is what is flagged: Requested URL: -http://www.telos.de/ | Response URL: -http://www.telos.de/ | Page title: telos Systementwicklung GmbH | telos | HTTP status code: 200 (OK) | Response size: 31,367 bytes (gzip’d) | Duration: 1,625 ms Clickjacking…

polonus

Hi,
Avast was complaining about including link to zero-creatives.de, which we blocked since February 2012. I am now unblocking zero-creatives.de, so you should not see any warnings on telos.de or telos.info domains.
Thanks for reporting!

Confirmed no alerts on those domains now.

Dear Avast,

It seems one of our website is blocked by mistake from Avast Antivirus.
The website url is http://kidsingreece.com.
Some Avast users reported that http://merinannies.com is blacklisted as well, but my latest version of avast antivirus marks it as safe.

Please remove them both from your blacklists.

Thank you in advance.

Best regards,
Yannis