my domain is blocked, says URL: Mal

Hi Avast,

I just active Cloudflare service on my website and now Avast avoid my site to open and says URL: Mal.

my site url is : http://www.bysmaquillage.fr

blog.bysmaquillage.fr is blocked too, but the Spanish version doing fine (www.bysmaquillaje.es).

It seems that only “bysmaquillage.fr” domain is blocked.

Here two malware reports :

Some visitors have bad experience because of it and i don’t know what to do.
Can you please help me ?

VirusTotal does not scan websites.
The link to urlvoid shows a 1(!) year old scan.

EDIT :
URL:Mal = domain and/or IP is blacklisted
http://zulu.zscaler.com/submission/show/8049625c146cbaa7b9cf133d097b30e2-1457074093
http://urlquery.net/report.php?id=1457074331324
http://multirbl.valli.org/lookup/104.18.33.106.html

To report a (possible) false positive:
http://www.getavast.net/support/managing-exceptions
“Report a False Positive Detection to Avast”

IP 104.18.32.106 unblocked :wink:

Hello and thanks for your answers.

It seems that 104.18.33.106 is always blocked.

Or maybe i have to update or something ?

Run manual update and reboot computer

Hi Pondus,

It’s what i have done but the problem persists

My Cloudflare IP is 104.18.33.106

Sorry to insists but are you sure that we didn’t misunderstood ? .33. / .32.

DNS lookup :
[13:05] *** Resolved www.bysmaquillage.fr to 104.18.33.106
[13:05] *** Resolved www.bysmaquillage.fr to 104.18.32.106

Hm… I would have thought one domain resolves to multiple IPs, but I wouldn’t have thought they would differ only in the 3rd byte :-).
Now both 104.18.32.106 and 104.18.33.106 are unblocked :wink:

It is indeed unusual/rare, but it happens :slight_smile:

I asked the Avast Team Member just to check the unblocking again.
All is well that ends well. :wink:

No Cloaking issues found, Status Codes OK, No Spammy Links, No iFrames, No Blacklist to consider. ;D

Various adware scriptlinks may come ad- or scriptblocked by users with ad- and script blockers,
like: -http://apicit.net/target/nowait.js & -http://vu.adschoom.com/trafic/retar.php?type=HOME&boutique=50493 and other such links.

Some SRI Issues detected: https://sritest.io/#report/a86e6c2c-db5f-4ad3-ab6e-2f87128128bb

cookiebanner-inner/ was not found on the server, dead link. For EU law you could consider free Cookie Consent:
https://silktide.com/tools/cookie-consent/ could be the old version does not work, update!

Resource issues with possible Frontend SPOF from:

fonts.googleapis.com - Whitelist
(81%) -
cl.avis-verifies.com - Whitelist
(81%) -
mqment.com - Whitelist
(81%) -

ID Tracking issue: 54% of the trackers on this site could be protecting you from NSA snooping. Tell bysmaquillage.fr to fix it.

Unique IDs about your web browsing habits have been insecurely sent to third parties.

d5fb79cb40414a30xxxxxxxxxxxxxxa1445965753
-local.adguard.com __cfduid for my local Adblocker extension.

At least 11 third parties know you are on this webpage.

-Google
-mqment.com
-www.bysmaquillage.fr
-Google
-Facebook
-Google
-local.adguard.com
-cl.avis-verifies.com
-cdn.doofinder.com
-Google
-www.mustbebuilt.co.uk -www.mustbebuilt.co.uk
5 trackers do not support secure transmission.

On cloudflare: http://toolbar.netcraft.com/site_report?url=http://www.bysmaquillage.fr
hostname: ip132.ip-37-59-163.eu re: http://sitevet.com/db/asn/AS16276 (Blacklisted URLs: 11864)

HTTP Server Apache HTTPServer 2.4.6. mod_wsgi Version 3.4 (version info proliferation detected)
Not DROWn vulnerable.
OS = unix
Python Version 2.7.5
Open SSL Version 1.0.1.e
OpenSSH 6.0p1 Debian 4+deb7u3 (protocol 2.0)
ssl-cert: Subject: commonName=bys2.sutunam.net
http-generator: WordPress 4.3 for Blog BYS Maquillage
|_/wp-admin/
|_http-server-header: nginx
|_http-title: Blog BYS Maquillage
WordPress Issues: WordPress Version
4.3
Version does not appear to be latest 4.4.2 - update now.

WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

wp-pagenavi 2.88 latest release (2.89.1) Update required
http://lesterchan.net/portfolio/programming/php/
cookie-notice 1.2.32 latest release (1.2.34) Update required
http://www.dfactory.eu/plugins/cookie-notice/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

-http://blog.bysmaquillage.fr
Detected libraries:
jquery - 1.11.3 : -http://blog.bysmaquillage.fr/wp-includes/js/jquery/jquery.js?ver=1.11.3
jquery-migrate - 1.2.1 : -http://blog.bysmaquillage.fr/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
1 vulnerable library detected

So the blog may not be administered professionally, that is why I see vulnerable outdated WordPress plug-in code and
retirable jQuery library code - mitigate, zip file for later reference,

reported for you via “cold reconnaissance” third party security scanning by,

polonus (volunteer website security analyst and website error hunter)

Polonus, you are amazing ;D

I understand thoses two advices are important, I will take a closer look.

Hm, you are right.
We will plan a professional upgrade of the Wordpress blog and plugins.

I disabled Cloudflare until tomorrow in the morning.
I will test again at this moment (fewer visitors) and tell you if everything works fine.

Thanks a lot for the time you take helping me.

Thanks too to those who answered :slight_smile:

Hi Antoine43,

You are welcome. :wink:
I hold responsible website administrators in high esteem.
Extended awareness you will gain, and it will pay off as added security.
Stay safe and secure both online as offline, is the wish of,

polonus