Malicious URL Blocked

I have some websites that are hosted with Hostgator and all of a sudden Avast is giving a popup one each site for Malicious Site; Infection: URL:MAL. This is happening all the browsers that I have tried: Chrome, IE, and Mozilla. The browser I use all the time is Chrome. My system is Windows XP.

I have been in contact with Hostgator and their securities team. They have performed multipe scans on my sites and they can not find any virus/malware/spyware on my sites that would be causing the message from Avast.

I opened a support ticket with Avast about 3 days ago and I have not had a reply yet and the problem is still occuring.

I have scanned my computer with Avast free, malwarebytes, and super anti spyware to see if was my machine and I have not found anything.

I have uninstalled Avast, then visited my websites which showed up normally like that should with correct formating, then scanned my computer again, found nothing, and finally reinstalled Avast to have the same popups showing up and the same messed up pages.

I found a post on this forum talking about OTL and aswMBR so I followed what the post said to do. I have attached the results of those scans. I tried to attach some screenshot of what my sites look like when I visit them, but it made the file attachment sizes to large.

Any and all help that can be given to me is greatly appreciated.

Thank you. Marcus

FYI: Here are the sites on my hosting account at Hostgator:

fatlosssecrets dot net
mylifeinsurancequote dot org
marcusblalock dot com
moneysage dot net

the problem is not in your computer…and avast does not say the site is infected
it say malware URL and that means the URL/domain is at some block list

you may attach screenshots of the avast warnings

also you can check your websites here
urlvoid.com
sucuri.net
zulu.zscaler.com

Thanks for the reply.

Hostgator told me that the my sites were not showing up on any blacklisted sites. I will check them on the sites that you provided.

I have attached a screenshot of what I am seeing when Avast is installed. When Avast is not installed I have not problems with the sites.

Any ideas, suggestions, etc. on what I should do?

Thanks. Marcus

I just checked all my urls on the sites provided above and they were all marked as beign, not blacklisted, and clean.

Any ideas on what my problem is?

Thanks.

you can report false positive/wrong url block here. http://www.avast.com/contact-form.php?loadStyles

you may also add a link to this topic…if lucky you get a reply here

I suspect that the problem is because all of your domains are hosted on the same IP address, probably with many other domains, e.g. non-unique hosting. So you may be getting the hit because some other domains on this IP 50.22.90.61 are infected/hacked or delivering malware.

So this looks like an IP block rather than a specific domain name block.

Thank you all for your replies. I have submitted by domains to the link provided above. Will see what happens. It has been aggravating. Thanks again.

You’re welcome.

I have went and checked the IP address: 50.22.90.61 and have found 4 sites that have blacklisted this IP address. They are as follows:

APNEWS level 1
APNEWS level 2
BBQ
D. D. N. S. B. L.

Could this be my problem? I checked the ip at the following site: multirbl.valli dot org/

Still awaiting to hear back from Avast support where I submitted the domains.

Thanks once again.

I believe this is almost certainly your problem (as I mentioned in my first reply), when host companies use a single IP address to host multiple domains, the actions of the others can impact on other domains on the IP if the block is on IP and not domain.

I have been in contact with Avast support, sending them screenshots, etc. They in turn sent out a fix in an update and this morning all my sites are showing up like normal with not Avast popups, etc. I do not know what they did but everything is back to normal.

Thank you all for your help.

You’re welcome.

They have probably removed the block on the IP and will probably block on specific domains that are infected, since there are many domains on that IP.