My site is detected as mal:url

Hi people,

I’ve seen similar topics in here, so I am gonna post my own hoping that someone like polonus is gonna help.

The website is: minedive.com

It has minimal text, minimal scripts, minimal style applied, minimal code in the backend. It’s a launch page for an upcoming product.

Here’s why the problem would come up:

  1. The name of the person that bought the domain (my partner) is hidden - i have another website that does this and it works fine
  2. The date the site came online is 31st December (a week ago) - this shouldn’t be a problem either
  3. The IP seems to be russian - although it’s registered with DigitalOcean and I’ve explicitly chosen London as the server location
  4. The site doesn’t have https
  5. The site doesn’t have www. address.
  6. The website is not in english and english is suggested to be an alternative.
  7. the website only has a big image and minimal text.
  8. favicon.ico is a 302 redirect to /static/favicon.ico

All these reasons shouldn’t be a problem, but maybe malware detectors get upset about this.

I have to mention my dad runs nod32 and he couldn’t get on it either. 2 of my friends told me that they run avast and they get mal:URL or url:mal. I got the same problem last night, when I’ve installed the free version of avast.

What I tried to do:
Wait to be indexed by google (it’s now in the first 2 pages)
Use google webmaster tools.
I searched throughout and I got the idea that I shouldn’t show the Apache version, and so I’ve hidden it.
I’ve also installed a firewall ufw and only enabled port 22 and 80. ( a website was complaining about this).
I’ve tried many ways to see what is the problem with this.

500 people+ managed to enter the website successfully, it works fine as long as avast is not running. What could the problem be?

PS: I’ve installed Avast on a fresh machine. Immediately after I’ve installed Avast, I’ve accessed the site and it was working. I’ve then rebooted the machine and tried to access it, and got mal:url blocked google.exe. After that, no more messages came up. Nothing, all chrome was saying was “can’t load this page”. I’ve searched through the menus on how to remove the website from the list of blocked websites, and I couldn’t find such a thing.

Any help is appreciated.
Thanks.

Here is very likely the problem, blacklisted IP :
https://www.virustotal.com/en/ip-address/46.101.8.81/information/

Blacklistings on that AS :
http://urlquery.net/report.php?id=1483635185324
http://urlquery.net/report.php?id=1483635354055

Vulnerable library :
https://quttera.com/detailed_report/minedive.com
http://retire.insecurity.today/#!/scan/6bdd20917b4706fff565707fed6a62ed74ef7a2bc59ebeb5c72e224d353408af

http://zulu.zscaler.com/submission/show/41aeb144cabda7d1523371b936fe56af-1483635141

I’ve now changed all the JS libraries to a cdn repo and filed in a support ticket to Digital Ocean. Hope they will help.

Thank you a lot, Eddy.

According to totalvirus:

VirusTotal’s passive DNS only stores address records. The following domains resolved to the given IP address.
2017-01-01 minedive.com
2016-01-13 cafonllne.org
2015-10-27 forum.mylif1estreet.accountant
2015-10-22 forum1.bestcarworld11.top
2015-10-14 forum.treeworbest22kcare.xyz
2015-10-12 forum.mybesttreewor22kcare.xyz

The last website that might’ve had malware on it was on 13th of January 2016 (a year ago).

Is there anyway you could whitelist the IP? There is no malware or anything similar on the website.

VirusTotal does not scan websites.

The last website that might've had malware on it was on 13th of January 2016 (a year ago).
Eh no. The last detection in my scans show 20170105 as latest detection(s).
Is there anyway you could whitelist the IP? There is no malware or anything similar on the website.
No, I can't "whitelist" the domain and/or IP as I am not working for avast. Besides that, avast will not whitelist a IP unless there are zero domains on it that host/spread malware/are malicious.

You can ask avast to remove your domain from their blacklist.
https://www.avast.com/report-a-url.php
But is is up to avast if they will do so or not.
It can be they have detected things the few scans I have run do not show.

About the JQuery issue…
Seems to me you have done a good job.
http://retire.insecurity.today/#!/scan/378037447b2149c3a2f7ca1208659af377a3f983e513cbcc5870ede19f2f9265
No more alert(s) on that :slight_smile:

As I said before, the problem is likely the shared hosting that you are using but only someone from avast can tell for sure.
A real easy way to avoid it is using dedicated hosting or using a host(er) that cares about security and is very active in removing malicious domains.

Dear catalin_web,

I see no blacklistings now: https://sitecheck.sucuri.net/results/minedive.com

Try to generate the SRI hash tags for these issues:
https://sritest.io/#report/daa0a0c5-3dd9-4a54-b657-b9480d8a110e

Then we have these issues to mitigate, not all too bad with two fine A-statuses:
https://observatory.mozilla.org/analyze.html?host=minedive.com

Good CSRF token protection ;D : https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fminedive.com&ref_sel=GSP2&ua_sel=ff&fs=1

Hopefully an Avast Team Member can exclude your website from blocking.
Wait for a final verdict from one of them.
We are just volunteers with relevant knowledge,
only Avast Team Members can come and unblock.

At least here everything seems OK: http://urlquery.net/report.php?id=1483635185324

polonus (volunteer website security analyst and website error-hunter)

46.101.8.81 was indeed blacklisted because of the domains - I am now unblocking it! :wink:

Another good example of people working together and solving the problem(s). :smiley:

Thank you Eddy, polonus, HonzaZ - you guys are gold.

I will fix the other issue you’ve guys pointed out, and already fixed some. Awesome community.

Regards,
Ioan.