URGENT: Need Reclassification of Domain

Hello,

Somewhat of a unique request but, I work for a digital marketing agency. One of our top clients had an issue with their website that has since been resolved. The site should now be clean and loads fine on computers without Avast and with other scanning software installed. We’ve used the in-app “file as false positive” option to submit a request to have the domain removed from the blacklist but wanted to post here as well in hopes it could speed up the process?

Obviously, the client is very upset that she and her colleagues keep getting the threat warning with the site now fixed.

Domain in question: www.thetirrellroom.com

Thank you very much!

- Craig M.

Blacklisted :
https://sitecheck.sucuri.net/results/www.thetirrellroom.com
https://www.virustotal.com/en/url/5a513f5fed2b456efe8921ed629f42220306ba71d0aa467c18004d1169b7d6ed/analysis/1483563507/

Bad IP history :
https://www.virustotal.com/en/ip-address/172.99.94.187/information/

Vulnerable library :
http://retire.insecurity.today/#!/scan/196aad2507cbf34a38ebcd329b5308b8f7d24a8e8fa40dd0d58078dcf37dbba0

https://www.avast.com/report-a-url.php

It is not only avast, eset also has the site blacklisted: https://sitecheck.sucuri.net/results/www.thetirrellroom.com

There is a hidden iFrame:
The link: -http://www.googletagmanager.com/ns.html?id=GTM-WQKPPS is blocked in browsers by script blockers.
as is this script: -http://dnn506yrbagrg.cloudfront.net/pages/scripts/0025/9827.js

Also please check this list for unknown links on the website:

-http://www.abingtonalehouse.com/ → ‘’
-http://www.thecharliehorse.com/ → ‘’
-http://www.plymouthbaycatering.com/index.cfm → ‘’
-http://www.bhmansion.com/ → ‘’

When the website indeed is non-malicious, the only ones that can unblock is an Avast Team Member.
We here are not, just volunteers with relevant knowledge.

Wait for an Avast Team Member here to give the final verdict and eventually unblock…

For IP also consider: https://www.threatcrowd.org/ip.php?ip=172.99.94.187

polonus (volunteer website security analyst and website error-hunter)

I have now unblocked thetirrellroom[.]com :slight_smile:
The reason was many malicious subdomains appearing on the same IP. This outbreak spanned so many domains that we even have an automatic blocker just for that, although we only block a couple of domains a day these days.

We’re working on repairing the findings here in our system and thank you for unblocking the site. All of your insight was fantastic, thank you Avast community.