Hi, I am the developer of a website (galileofive.com) that is an analytics app, roughly similar to Google analytics. The service works as a client side API, so users’ browsers will make many requests to the API while using a website.

A user of one of our customers’ sites reported that Avast is reporting the site as malware. I installed a Windows VM and was able to replicate the problem. Unfortunately the “More details” button was not useful and didn’t offer any details besides the URL (https://galileofive.com/api/tick), the “Infection” (URL:Mal), and the process (IE, Chrome, etc).

The API simply accepts some JSON as a POST body and responds with JSON of its own. I’m reasonably use it’s not malware, but if anyone from Avast can tell me why it looks like malware that would be great.

I’d love to know what the cause is and how to get it fixed. Thank you.

Why redirecting to a external server?

http://sitecheck.sucuri.net/results/galileofive.com
http://urlquery.net/report.php?id=1421435156506
http://urlquery.net/report.php?id=1421435140740
http://quttera.com/detailed_report/galileofive.com
http://multirbl.valli.org/lookup/galileofive.com.html
http://multirbl.valli.org/lookup/54.69.120.25.html

Why redirecting to a external server?

It’s an API and we haven’t built a marketing site for it yet. In the meantime, the homepage serves a 302 redirect to a temporary landing page.

Is there a way to tell if that’s what’s being categorized as “malware”?

I am going to push out a change to remove the 302 redirect. Do you know how long it will take for the blacklist (apologies if this is not technically the way the scan works) to update?

I removed the 302 redirect and replaced it with a (very very) simple temporary page.

I started a new fresh VM and installed Avast to confirm that the warning is still thereon a clean install. Do you know how I can get it re-evaluated to remove the threat warning?

Submit a ticket to avast through the website and ask for a new evaluation.