IP history https://www.virustotal.com/en/ip-address/85.25.207.150/information/
IP history https://www.virustotal.com/en/ip-address/104.28.25.36/information/
scroll down to support ticket and report it https://support.avast.com/support/home
The IP is blacklisted :
http://urlquery.net/report.php?id=1449683723199
http://urlquery.net/report.php?id=1449683724523
http://zulu.zscaler.com/submission/show/413f0b69cc91b558b8793d1dbaeff673-1449683557
http://multirbl.valli.org/lookup/85.25.207.150.html
We reanalyzed the kidsingreece.com website in virustotal. It says its absolutely safe. You can see the results, here:
https://www.virustotal.com/en/url/3e6d387821a2fc7a86e78f1a537e74a160b902552290f62183a69143a618a90e/analysis/1449685491/
The other website runs through cloudflare, and its ip is from cloudlfare.
Your website may not have actual malware being spread, there are insecurities like jQuery libraries that should be retired asap:
-http://kidsingreece.com
Detected libraries:
swfobject - 2.2 : -http://kidsingreece.com/components/com_imageshow/assets/js/swfobject.js
jquery - 1.4.2 : (active1) -http://kidsingreece.com/templates/gk_the_real_design/js/jquery-1.4.2.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.7.2 : -http://kidsingreece.com/templates/gk_the_real_design/js/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery-ui-dialog - 1.8.23 : -http://kidsingreece.com/templates/gk_the_real_design/js/jquery-ui.min.js
Info: Severity: medium
http://bugs.jqueryui.com/ticket/6016
jquery-ui-autocomplete - 1.8.23 : http://kidsingreece.com/templates/gk_the_real_design/js/jquery-ui.min.js
jquery-ui-dialog - 1.8.4 : http://kidsingreece.com/templates/gk_the_real_design/js/jquery-ui-1.8.4.custom.min.js
jquery-ui-autocomplete - 1.8.4 : http://kidsingreece.com/templates/gk_the_real_design/js/jquery-ui-1.8.4.custom.min.js
(active) - the library was also found to be active by running code
3 vulnerable libraries detected
Check SPF record
WARNING: Domain doesn’t have SPF record. SPF (Sender Policy Framework) record is designed to prevent e-mail SPAM. Typical SPF record would be:
v=spf1 a mx ~all or v=spf1 a mx include:_spf.google.com ~all if you are using Google Apps.
When website is blocked, it is because it shares the same IP with malware spreading domains on that IP: https://www.virustotal.com/nl/ip-address/85.25.207.150/information/
This is the morst likely scenario. Ask for an exclusion via https://www.avast.com/nl-nl/contact-form.php
Remember unblocking can only be performed by an Avast Team Member, and we here are not, we are just volunteers with relevant knowledge,
polonus (volunteer website security analyst and website error-hunter)
I unblocked kidsingreece.com now 
merinannies.com does not seem to be blocked now.
Frist of all, I want to thank you all for volunteeringly helping in the issue.
We made an extented search and we are facing also the same problem for the following domains:
- medical-shop.gr
- kakaounakis.gr
- chamonix-nannies.com
- courchevelnannies.com
- courchevelnannies.com
- chamonix-nannies.com
4 of them, are practicaly the same website.
Can you please unblock them as well?
Yup, I unblocked them just now
is being blocked. I’ve run several URL scans and all say it is clean. Any suggestions?
FYI, it is a Go Daddy site and they say it is clean.
Next time also do a IP check.
URL:MAL = IP is blacklisted
@Eddy: URL:Mal means either blacklisted domain or IP (or both). There is no easy way of finding out (you can connect to the IP directly and see if it is blocked).
@jjswope: The domain was blocked due to suspicion to Angler exploit kit a month ago. I do not see anything malicious coming from it now, so I unblocked it
HonzaZ,
what about the URL:MAL2 that we see lately.
Any difference from URL:MAL ?
If so, what is the difference ?
I think it had something to do with which shield blocks it - if it was network shield (Mal) or webshield (Mal2). Since the merge of the two shields, I think you should only be seeing URL:Mal.
So anyway, for you or me, it should be the same, it is only an implementation detail.
Hello,
I am having the same issue with one of my websites. www.bikerathome.com had a malware attack but was cleaned and cleared by Google yet some of our suppliers are not able to get my emails because of the association with a “malicious” site. They sent me the message from Avast. Can you please remove our site from your blocked list? Anything associated with www.ahastores.com should be clear and no malware messages.
Thank you, David
Aha Stores
Neither sites are blocked by avast.
Though both say:
--2016-02-02 09:57:04-- http://bikerathome.com/
Resolving bikerathome.com... 104.239.136.18
Connecting to bikerathome.com|104.239.136.18|:80... failed: Connection refused.
The first one does now, not when I checked earlier ???
It also does now resolve to 104.207.236.98
Blacklisted :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=www.bikerathome.com
https://www.virustotal.com/en/url/3ac2f82e5638d897e573d6617b3f30ed9cea80eda18b40f5d95d74d12df5bf2b/analysis/1454426042/
http://urlquery.net/report.php?id=1454426328642
http://urlquery.net/report.php?id=1454426382763
http://zulu.zscaler.com/submission/show/84a129bb6eede9d9be0d76282b32b14a-1454375735
Vulnerable and possibly the cause of the infections :
http://retire.insecurity.today/#!/scan/0ec66034341560afcca2459a44664aeae1a63ce59dfb09cc65504bb853dc0983
For the specific vulnerabilities with jquery.min.js → read: https://ttmm.io/tech/jquery-xss/
Re:
2 errors and 7 warnings here: https://mxtoolbox.com/domain/www.bikerathome.com/
and see where this lands: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.bikerathome.com%2Fjs%2Fjquery%2Fjquery-ui.min.js
70% of the trackers on this site could be protecting you from NSA snooping. Tell bikerathome.com to fix it.
Unique IDs about your web browsing habits have been insecurely sent to third parties.
d9ff818778eabdxxxxxxxxxxxxxxxec147b71450263598 -pastebin.com __cfduid
-seal.alphassl.com __cfduid
-local.adguard.com __cfduid
At least 10 third parties know you are on this webpage.
-www.bikerathome.com -www.bikerathome.com
-pastebin.com
-Facebook (Tracker)
-Google
-bikerathome.com
-www.paypal.com
-seal.alphassl.com
-Google
-local.adguard.com
-www.mustbebuilt.co.uk
polonus
Thanks for your help, I will send the details you provided to my developer. He assured me the malware was removed and we also got the ok from Google but obviously there still seems to be some warning errors out there. Explains why we are not getting any orders on that particular website. I know two of our suppliers that use Avast were not even getting my emails because bikerathome.com was in my signature line, and that’s what brought me here. Thanks again.
David
Aha Stores
If you run a business, get dedicated hosting and stay away from shared hosting.
It will prevent a lot of problems already.
Please unblock keximvlc[.]com[.]vn. My website hacked and they injected the virus on my website that’s why avast detect and blocked my domain. It’s completely update and remove the virus, please check and unblock my domain.
Thanks!