SOLVED: "Infection detected!" on non-infected page

Hey gang,

A client has a small Squarespace site - hxxps://smokestak[.]co.uk

Recently they’ve been getting some notifications from customers regarding Malware Warnings. The site has been inspected by Squarespace support, I have run my own scans, everything is being served over https and I have installed other malware / virus detection software (AVG and BitDefender) to check what they pickup - everything indicates that the site is clear.

Avast, however, is showing the following warning. I have seen previous posts where these types of warnings have been coming up incorrectly.

Can anyone shed any light on this / suggest a possible fix?

The first Avast warning - http instead of https - is just from where I tested the hxxp://smokestak[.]co.uk before

Thanks in advance.

https://lh6.googleusercontent.com/Dc6UTVyHUFYgGAaGFv70PS6b5Vbh5hdE5p4_ZLsMFsec2TlhdFpJOVmN0SS5kyXMaO4uOj28c4GrBpc=w1100-h803-rw

You can report a URL here: https://www.avast.com/report-a-url.php

avast doesn’t say that a infection is detected.
avast says that domain and/or IP is blocked/blacklisted.

Blacklistings on that ASN/IP :
http://urlquery.net/report.php?id=1496751620674

Name mismatch with certificate 2 :
https://www.ssllabs.com/ssltest/analyze.html?d=smokestak.co.uk&s=198.185.159.144&latest

Vulnerable library found :
http://retire.insecurity.today/#!/scan/8d9b02f8862b6972cc25c522b11c12ddeb4e80178a14473dcad60890540d568b

Really bad IP history :
https://www.virustotal.com/en/ip-address/198.185.159.144/information/

My advise :

  • Fix the vulnerable library problem
  • Fix the certificate mismatch
  • Get dedicated hosting
https://smokestak.co.uk
http://smokestak.co.uk

Both are blocked by F-Secure. see attached screenshot

I have removed smokestak[.]co.uk from our blacklist :wink:

I hope only that site is allowed but not the entire IP.

There are thousands of unique domains on those IPs, so it is likely we will not ever block those IPs, unless more than ~50% of the domains are malicious.

Thanks for your help and advice guys.

Beers are on me - everything’s working as it needs to.