The website eutenhovalor.com has been wrongly blocked by Avast. I’ve been trying to report the false positive but I don’t get any answer from Avast. Do you know any protocol to ask for a reevaluation of the website?
Site has 9 malicious pages: http://killmalware.com/eutenhovalor.com/
Outdated Web Server Apache Found Vulnerabilities on Apache 2.2 Apache/2.2.22
polonus
Thank you for the diagnosis.
I went through information on the diagnosis, but I can’t understand why it is considered a threat.
I am trying to update the Apache, so this problem should be solved in no time. But still, I really can pinpoint what’s wrong with the report. Could you help me?
your IP (137.117.160.174) is blacklisted at apews.org
Entry matching your Query: E-474971 137.117.0.0/16CASE: C-22
Dynamic IP space, generic DNS/rDNS, no PTR
Direct connections to MX not permitted, you
need to use your ISP servers or smarthostHistory:
Entry created 2011-06-15
your site seems to be hosted at afraid.org
see info from Milos here
https://forum.avast.com/index.php?topic=148018.msg1075293#msg1075293
http://i.imgur.com/vd5ipaP.png
hello
The server is hosted by afraid.org
change of hosting will solve the problem
http://whois.domaintools.com/eutenhovalor.com
[tr][td]|___ ns4.afraid.org [eutenhovalor.com] (70.39.97.253) (cached)
| |___ ns4.afraid.org [eutenhovalor.com] (2610:0150:bddb:d271:0000:0000:0000:0002) Not queried
| |___ ns3.afraid.org [eutenhovalor.com] (69.197.18.162) (cached)
| |___ ns2.afraid.org [eutenhovalor.com] (208.43.71.243) (cached)
| |___ ns2.afraid.org [eutenhovalor.com] (2607:f0d0:3001:000e:0000:0000:0000:0002) Not queried
| ___ ns1.afraid.org [eutenhovalor.com] (50.23.197.95) (cached)
| ___ ns1.afraid.org [eutenhovalor.com] (2607:f0d0:1102:00d5:0000:0000:0000:0002) Not queried
[table][tr]
[td][/td]
[/tr]
17 suspicious files
http://quttera.com/detailed_report/eutenhovalor.com
this script is suspect
[/td][/tr][/table]
<Script src = "http://ssl.securetransfer.biz/_utils/fbTenhoValor.php" type = "text / ript javasc"> </ sc ript>
http://zulu.zscaler.com/submission/show/18c29d3482dfee2f4e6f3612273d2cf6-1403300433
norton safe web
https://www.owasp.org/index.php/Category:Attack
http://safeweb.norton.com/report/show?url=eutenhovalor.com
http://www.thaizone.com/products/domain/expired/27062011.html
excessive evals
see attached
Thank you very much for your help! Everything should be solved by now. I’ll run some additional analysis and submit to Avast and I’ll let you know how the results.
We are still being confronted with detection of drive-by-download malware here:
http://safeweb.norton.com/report/show?url=eutenhovalor.com
polonus
I thank.
url was unblocked VPS 140623-1.
Hello,
I have the same problem with the site www.alertsms.ro not understand why !!!
I changed DNS (there were at afraid.org)
On sucuri.net it appears relatively ok now.
But the problem still remains …
Can someone help me with some advice … because I do not know what to do
Thanks!
report and explain to avast lab here http://www.avast.com/contact-form.php
You are wrong. Securi.net says it is not ok.
Outdated Web Server Apache Found: Apache/2.2.22
http://sitecheck.sucuri.net/results/www.alertsms.ro
Problems on the same ASN:
http://urlquery.net/report.php?id=1407921773693
IP blacklisted in multiple lists:
http://multirbl.valli.org/lookup/84.232.210.38.html
You are wrong. Securi.net says it is not ok. Outdated Web Server Apache Found: Apache/2.2.22 http://sitecheck.sucuri.net/results/www.alertsms.rowhere do you see that?
but IP has an old listing (2010) at apews.org
Oooops 84.232.210.38 is currently listed in APEWS :-( Entry matching your Query: E-409408 84.232.192.0/18 CASE: C-1375 Spambots/zombies within CIDR History: Entry created 2010-08-28
Whatismyipaddress.com - quote
Whatismyipaddress.com does not recommend the usage of this blacklist. It has the potential to block large segments of IP addresses.[b] If you are listed with them it is generally not a problem.[/b]
The situation was solving the sucuri.net.
please recheck.
http://prntscr.com/4cch1r
I use dynamic ip.
Oooops 84.232.210.38 is currently listed in APEWS 
Entry matching your Query: E-409408
84.232.192.0/18CASE: C-1375
Spambots/zombies within CIDRHistory:
Entry created 2010-08-28
When I just checked it really said “old apache version”, now it doesn’t say it. Strange.
I never look at apews, we know that they don’t update their database.
Using a dynamic IP for a website?
Why the heck are you doing that ?
Edy think I digress.
1 do not think that should be the problem using dynamic IP.
2 sucuri.net site uses cache after re-scan results are OK.
How to get out of this situation?
(Sory for my bad englesh)
Thanks a lot!
See reply nr 9 (Pondus).
Using a dynamic IP certainly can be a problem.
Let’s say the current IP is not blacklisted, if the IP changes the new one can be on a blacklist causing a block on the site again.
Use over two years for this domain dynamic ip without trouble … until a few days …
No other antivirus does not have this rule …
Well, other av’s don’t maintain a blacklist the protect the users 
Eddy I think you induce users in error.
I received an official response and I Aras it for other users who Intan same problem.
All the best!
On Wednesday, August 13, 2014 1:58 PM, Shared wrote:
Hello,
it will be fixed in next VPS.
We blocking your site, because you before use afraid DNS.
Best regards,
Valerij Medviď
Virus analyst
Site seems OK now: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.alertsms.ro%2F&useragent=Fetch+useragent&accept_encoding=
Consider this info when in need of loading local scripts: http://stackoverflow.com/questions/5257923/how-to-load-local-script-files-as-fallback-in-cases-where-cdn-are-blocked-unavai
polonus