Network Shield: blocked access to malicious site

Hey,
I am a software developer from 1851franchise. There is problem with your Avast Free Antivirus, I’ve got an alert that malware detected, and web site is blocked. Here is what is in nshield.log :

06.06.2017 21:56:23 Network Shield: blocked access to malicious site hXtp://www.1851franchise.com/ ([104.27.12.90]:80) [ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ( 8528 ) ]
06.06.2017 21:58:55 Network Shield: blocked access to malicious site hXtps://www.1851franchise.com/ ([104.27.12.90]:443) [ C:\Program Files (x86)\Mozilla Firefox\firefox.exe ( 6472 ) ]

Avast shows message: Infection detected! http:… The requested URL contains malicious code that can danage your computer … Warning : The site could have harmed your computer.

Please let me know where I could find what exact problem avast antivirus found there?

First please break active links to avoid exposure to suspect site/s, e.g. hXtp://wXw.1851franchise.com/

The Web Shield, alerts on your site the detection is URL:Mal, this means either that your site is blocked or another site/s on the same IP address. If you have shared hosting it is possible that one or more are infected and the IP is blocked.

The information is still put in the old nshield.log, but it is also in the report folder for the web shield C:\ProgramData\AVAST Software\Avast\report\WebShield.txt this is what gives the reason URL:Mal, which isn’t very detailed.

There is something suspicious.
https://www.websicherheit.at/website-malware-viren-scanner/?url=www.1851franchise.com
https://quttera.com/detailed_report/www.1851franchise.com

http://retire.insecurity.today/#!/scan/2a77229b6d7258e0d4c177b89b729f25b0e03680ebdae3e1808036c08be8df91

Thanks, for your answer, is it possible to get more detailed log, because I would like to fix the problem. Does avast take some “black list” of ip’s to block web site?

There isn’t a more detailed log. Avast does its own rather than other so called black listings. Hopefully some of the other volunteers can do some more analysis of the site.

Checking the other links given by Eddy, could point the way to why the site or IP address could be being blocked. The second one gives 3 potential malicious .js files.

What is your hosting company (possibly cloudflare-nginx according to one of eddy’s links) ?
They may well have tens or more domains on the same IP and you could be getting hit by their bad rep/infection.

You can try getting dedicated hosting package, then it would only be your site on the IP.

Hi,
I have removed 1851franchise[.]com from our blacklist :wink:

Thanks, we will check.
If it is not a secret, why it was in your black list? Just to avoid getting there again.