Website False Alarm? Please help.

Hello,

I have some problems with 2 websites hosted on a dedicated server from Hetzner, Germany with the IP: 88.198.41.180.

First problem is that people using Avast! Antivirus solution are immediately blocked when trying to visit the websites.
We did a scan of the websites ourselves and they are clean but still the Avast! Antivirus behaves the same.

The second problem is the following

There was a record of an Russian website falwar.ru using the IP of this server. Now it’s gone, they’re only our 2 websites (fefco.org and citpa-europe.org).

We think that this particular anti virus (Avast!) has blacklisted this IP caused by some eventual treats made previously from the Russian website.

The Russian website is now under this IP 31.31.204.60 in Russia, along with other 30,741 websites. (examples: 0-pem0nte.ru 0084.ru 00ss.ru 017-programs.ru).

What can I do?

I already sent a message to Avast! to unblock the IP which is clean now but no reply yet.

Thanks in advance,
Sebastian

that IP is also on McAfee block list

http://sitecheck.sucuri.net/results/88.198.41.180

virustotal
https://www.virustotal.com/url/6db94e2240963e4ee5a8a75c3e053ee5d35d8a277eacc1f26663dc01f71f783d/analysis/1350395863/

IDS alert from sucuricata filter. http://urlquery.net/report.php?id=234446

Thanks

So, I may be right about what I said previously, that the IP is blocked due to the previous usage?

Multiple Fraud/Scam domain IP: http://www.malwareurl.com/ns_listing.php?ip=31.31.204.60
See: http://www.malwareurl.com/ns_listing.php?ip=31.31.204.60
AS details: AS Name: DOTSI Dotsi, Unipessoal Lda.
IPs allocated: 4096
Blacklisted URLs: 2

Hosts…
…malicious URLs? No
…badware? Yes
…botnet C&C servers? No
…exploit servers? No
…Zeus botnet servers? No
…Current Events? Yes
…phishing servers? No

from IP Malicious Toolkit Website 2 attacks were being launched
Web Attack: Malicious Toolkit Website 2
Attacking Computer: 88.198.41.180, 80
Attacker url: wXw.zonis.co.tv/9s1hjngl/?2
spider activity and spambot activity and comment spammer activity being performed from that IP range according to project honeypot,
PHP.ShellExec malware on http://mcn.team.cx/scripts/box

polonus

In the end the hosting company offered to change the IP and I guess I will accept.

I mean, it’s not my job to clean an IP provided already with problems.

Anyway, Avast! should pay more attention to this! It’s like someone said, you buy a new house and the next day you have people at the door asking you for money that the old landlord owed them…

Trough my searches I found an interesting name: ET RBN Known Russian Business Network IP (398). Maybe you might want to pay attention to them if you are not aware of them.

All the best!

Trough my searches I found an interesting name: ET RBN Known Russian Business Network IP (398). Maybe you might want to pay attention to them if you are not aware of them.
everyone know, no secret, and it was listed in my urlquery link posted above

Russian Business Network
http://en.wikipedia.org/wiki/Russian_Business_Network