Hi, my site keeps getting blacklisted by Avast, although its clean by all major virus scanners.
This is causing me serious issues with my visitors, because avast is very popular in my country.
Please, fix this.
As has been explained a lot of times already…
URL:Mal = IP and/or Domain is blacklisted
Redirection, suspicious IFrame, suspicious scripts :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=www.sportvdireto.online
Parked domain:
http://zulu.zscaler.com/submission/show/2b301e59387393ae476e016aafcca151-1454761260
Quttera detects: http://quttera.com/detailed_report/sporttvdirecto.org (redirections)
Probably IP related: https://www.virustotal.com/en/ip-address/104.27.156.254/information/
Furthermore 1 error and 3 warnings detected: https://mxtoolbox.com/domain/desportonline.com/
Adware and tracking related scripts on your site come blocked for me by a script blocker!
This is blocked for me at your site: -http://s10.histats.com/js15.js & -http://dsms0mj1bbhn4.cloudfront.net/v2/c583ee95b4cd4d90f006e909aa60e15f526c7f3c/apps/sharebuttons/app.js
as ad- and tracking. Script blockers block: -https://partner.shareaholic.com/partners.js?location=http%3A%2F%2Fwww.desportonline.com%2F&canonical=http%3A%2F%2Fwww.desportonline.com%2F&site=f0346e9849b4811d01c594949b56c96e & -http://px.owneriq.net/stas/s/sholic.js & -http://px.owneriq.net/eexelate.js?pc=sholic&eid=0&uid=Q5080488672114184924J & -http://api.viglink.com/api/domains
polonus (volunteer website security analyst and website error-hunter)
I see…but you realize that Cloudflare, Shareaholic, and Histats, are idoneous companies, and those scripts are being blocked by mistake, right?
No, they are not blocked by mistake.
A script blocker that doesn’t block (certain) scripts would not make any sense.
As Eddy says here, there is always something to it,when and why it is being blocked, for instance read here: http://www.pamelahazelton.com/social-media-tips-for-small-businesses/wordpress-shareaholic-viglink/
A lot of users use ad- and scriptblocking also to be protected against certain kinds of threats (fraudulent clicks, adware, malicious adverts etc.). At least some of these bulkhosters have some dubious reputation, not malicious per se. But for Cloudflare read here:
[i]http://www.crimeflare.com/cfssl.html[/i]
(About the nature of the site and contents that is open to some discussion, but general conclusions seem convincing.)
More information:
- http://www.unrest.ca/cloudflare-keyless-ssl-and-the-selling-of-secure
- https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/
- https://scotthelme.co.uk/cloudflares-great-new-features-and-why-i-wont-use-them/
- https://scotthelme.co.uk/tls-conundrum-and-leaving-cloudflare/
- https://www.reddit.com/r/programming/comments/2grd1d/cloudflare_annouces_keyless_ssl/
- http://arstechnica.com/information-technology/2014/09/in-depth-how-cloudflares-new-web-service-promises-security-without-the-key/
As you asked about it, I think you deserve a reply like this.
polonus
I will remove Shareaholic and see what happens, i highly doubt cloudflare has anything to do with that…even so, Avast is the only one complainting about my website… :-X
Hi freetvhelpdesk,
It would be interesting to know why Avast blocks your website, let us wait for an Avast Team Member to respond.
We here are volunteers with relevant knowledge. I too certainly doubt that Cloudflare has been flagged, as we do not see Avast flag invalid SSL signatures recently. So wait for an Avast Team Member to reply, he has been informed, but this may be after the weekend.
polonus
I removed Shareaholic and no effect until now, let´s wait for a Tech then…i too am curious about the reason for this.
You also need to remove histats.
http://viralgandhi1990.blogspot.nl/
http://support.clean-mx.de/clean-mx/viruses.php%3Fsort%3Dfirstseen%2520desc%26domain%3Ds4.histats.com&rct=j&q=&esrc=s&sa=U&ved=0ahUKEwi-ofGBo-TKAhWDCSwKHaT7CAAQFggnMAI&usg=AFQjCNF1c4golTpBdQCEXN_ksANieU2WAg
http://killmalware.com/histats.info/
Hi Eddy,
A very likely candidate for a block, as DrWeb has it blacklisted:
htxp://s10.histats.com/js15.js is in Dr.Web malicious sites list!But let’s wait for the final word from Avast Team
Damian
I do not see any malicious activity on the domain now, so I unblocked it
Hi HonzaZ, first of all thank you, but it is still blocked here.
Can you try turning off your shields, then turning them back on, then accessing your website again?
Perhaps the OP doesn’t have the latest vps/stream-updates.
Perhaps, but Avast holding the cache a bit too long is more likely from my experience
It seems to be clean on avast now, but as a bonus google blacklisted that domain, although it is a 301 redirect…and the final domain appears ok on google webmaster tools. Anyone has an idea how to fix this?
Thank you
Contact Google.
It´s now blocking again >:(
Avast is really obsseced with my website, this popup appears on chrome and there is no option for the user to continue:
http://s30.postimg.org/abg0m5tot/caralho.jpg
This is the url: http://www.desportonline.com/index.php?canal=sporttv5
I really would like to solve the issue myself, but taking in to account that ONLY avast considers my website unsafe, i guess only avast can fix it…
Well both Avast and Google-Safebrowsing now flag it.
Reason could be: http://quttera.com/detailed_report/sporttvdirecto.org
scan results of the past gave a detected HTTP redirection to hxtp://www.sportvdireto.online/.
and a hidden reference to detected hidden iframe tag to ‘-getanotherurl.com’
File name: /filmeseseries_if.php
[[<iframe frameborder="0" border="0" height="1000" src="-http://getanotherurl.com/redirects/sports/movies.php" width="930" style="margin-top:-65px; " scrolling="auto" allowfullscreen>]]
Potentially suspicious
File name: -connect.facebook.net/pt_pt/all.js#xfbml=1
[[\x00\x01\x02\x03\x04\x05\x06\x07]]
or has these issues now been cleansed? According to the latest Quttera scan they have disappeared.
polonus