My site www.overpie.com has been marked as malicious website?? Please help

I have tried to contact support by filling the contact form about my site being set as malicious site by avast. Unfortunately, I never get a reply back or explanation so I raise my issue in this forum, hopefully someone can help me to remove this false report.

I hope in the future, avast team should carefully review any incoming reporting as people may think your product is doing the reverse thing rather than pick up the virus/trojan but reporting the false information.

Anyway, any help would be good.

thanks

URL:mal means your url or IP is on a blacklist

your IP (91.205.232.162) is on one blacklist here. http://whatismyipaddress.com/blacklist-check
listed at dnsbl.ahbl.org.

IP Address Query Results (dnsbl): 127.0.0.4 - 1336198235 UID1 -[b] Spam Source[/b] - 91.205.232.0/24 - UCE/UBE from translatesmell.in (91.205.232.25)

Reason for listing:

http://ahbl.org/lktool

General security issues found with asafaweb: https://asafaweb.com/Scan?Url=www.overpie.com
a. Red alert Custom Errors:
b. Excessive headers warning:
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
c. Clickjacking Warning: It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.

Enhanced risk of blacklisting because of more sites on one and the same IP: http://sameid.net/ip/91.205.232.162/

Nothing flagged here and given as clean: http://urlquery.net/report.php?id=8167779 & http://maldb.com/www.overpie.com/ &
http://evuln.com/tools/malware-scanner/www.overpie.com%2F/

adware not a virus alerted for link to s7.addthis.com/js/300/widget.js (code that is broken and not functional)
→ error: undefined variable h[h.length - 1]
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var h[h.length - 1] = 1;
error: line:1: …^
See: http://jsunpack.jeek.org/?report=293385c11133e6efbf0ca890e34d8a3d574d7ccf

Quttera scan gives a potential suspicious file here:

/content/syntaxhighlighter/scripts/shCore.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method write __tmpvar186458514 = write;
Threat dump: View http://jsunpack.jeek.org/?report=45f277cb7de422f66d15e18ac1c49b63dd78099f
View in browser with NoScropt and RequestPolicy extensions active and running inside a VM or sandbox.
jsunpack scans are meant exclusively for security researchers)
Code could be tested against: https://code.google.com/p/php-vulnerability-hunter/source/detail?r=143
Content code: view http://jsunpack.jeek.org/?report=8f43078f14d7c683b6b7a2a7e6882cceb0ec8304
File size[byte]: 16175
File type: ASCII
MD5: 488CA2F56C37F84283FC9BE63219304F
Scan duration[sec]: 0.067000

Site given as benign here: http://zulu.zscaler.com/submission/show/2f041d831d6aaed161791a49974ec360-1386250174

Ask to have the server security configuration on which this site is running improved & hardened as outlined above.

Ask via a mail to virus AT avast dot com to have your website wXw.overpie.com excluded from general URL;Mal detection,

polonus

Hello,
any domain hosted on afraid.org can be used by other persons for dns hosting without your control. It happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later.

Milos

Thanks Milos,
I work in web digital agency, where they use afraid dns to host the dns and I dont find any site is being blocked by you guys at the moment. So not quite sure how the measurement is taken by avast antivirus to determine if the site is safe or not. By the way all the domains are controlled private under my account in free dns so it is not open to public to add subdomains. Btw, if it blocks my domain under that my ip address, why my other site like www.dnninfo.com is completely fine, both of them staying on the same ip address. isnt it suppose to block the other site as well? if it is based on IP address?
so based on this one, i believe it is just blocking based on domain name rather than IP address. if you guys could review it again, it would be good, as I tested all most famous antivirus, it passed the test and even google is saying 100% clean.

Anyway, I will let you guys to do another review. Hopefully, in the future avast algorithm detection could be more better and tweaked correctly.

thanks

Hi cmsonnet,

For the IP server there were some gremlins found.
There is some existing issue with x-content-security-policy and one also has to look into cache-control.
About the server configuration security consider the issues flagged here: https://asafaweb.com/Scan?Url=www.overpie.com
It looks like custom errors are not correctly configured as the requested URL contains the heading “Server Error in”.
You spread excessive header information to the world and attackers
There is a click-jacking warning.

DNS check on domain mail.roovv.com/IN does not exist.
Parentlook-up for mail.roovv.com/IN failed
Delegation not found at parent.

Test results for your domain
Delegation
Too few IPv6 name servers (1).
Name server
Name server ns1.afraid.org
Name server ns2.afraid.org
Name server ns3.afraid.org
Name server ns4.afraid.org
Performing generic checks
cross T+10.97s NS1.AFRAID.ORG/50.23.197.95 doesn’t reply to ICMP requests
cross T+20.98s NS2.AFRAID.ORG/208.43.71.243 doesn’t reply to ICMP requests
cross T+31.00s NS3.AFRAID.ORG/69.197.18.162 doesn’t reply to ICMP requests
cross T+41.02s NS4.AFRAID.ORG/70.39.97.253 doesn’t reply to ICMP requests (http://mydnscheck.com/?domain=overpie.com , diagnosis completed with mentioned errors)

Consistency OK
SOA OK
Connectivity OK

polonus

overpie.com points to 91.205.232.162 and 91.205.232.16

On 21th Nov this subdomain was created: anas28za.overpie.com pointing to 192.40.56.226 which is PURE EVIL.

So, despite what you think, even private domain registration on afraid.org does not protect you from this.
And our logic is easy - as soon as ‘your’ domain is not in ‘your’ hands and was used for malicious purposes, it’s malicous.

For comparison, also these domains were hosted on such ip, check their whois - hosted on afraid.org as well.

adorarisg7n5.tikiradon-wow.de
akirglzp.culvernetworks.com
alsalenob9qt.cipov.net
alsariotf4h.skrewthis.com
alsaswynokav2.aleksej.ch

Hi Jindrich
Thanks for that. I probably will just take the dns out from afraid.org, once i take this out from this free dns. do i need to notify you guys?

Hello,
yes, notify us and we will unblock the domain.

Milos

Hi Milos,
I have created the ns1,ns2 dns server in godaddy instead and host those ip directly pointed to my private server.
it is now properly directed. you can check it here.
http://whois.domaintools.com/overpie.com

Hopefully you can remove my domain…
thanks for the advise though…

cheers

Hello,
thanks for the response, domain will be unblocked in next stream update.

Milos

Cool thanks Milos,
have a nice day

Hi Moderator,
Is it possible to remove this thread for SEO purposes?

Thanks heaps and have a nice weekend.

Even if it’s deleted, Google and the rest never forget. :slight_smile: