Hey there; I run a website for my writing stuff over here:

http://www.connorcadellin.com/

And while AVG and a number of others seem fine with it, Avast is blocking it on the basis of URL:MAL. I checked it with Succuri’s scanner and while the server is running on an older version of Apache, there doesn’t seem to be anything malicious flagged. I’ve had this problem for months and despite reinstalling various plugins and stripping the site down I have yet to work out the problem. I called a false positive report at the time but heard nothing back, and the site does not appear to be blacklisted anywhere I can find.

Any ideas? Would appreciate some help!

Hello,

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Scanning now. I will add that Avast gives a URL MAL report on other computers as well; I had a friend on the other side of the country check it.

Here we go, the log files from that tool.

There are problems on the same IDS:
http://urlquery.net/report.php?id=1433355721339

Outdated server software (making visitors as well as the site vulnerable to infections)
https://sitecheck.sucuri.net/results/www.connorcadellin.com

Unable to connect to the server:
https://www.ssllabs.com/ssltest/analyze.html?d=connorcadellin.com

IP is blacklisted:
http://multirbl.valli.org/lookup/178.62.11.233.html

Serious DNS problem:
http://dnscheck.pingdom.com/?domain=www.connorcadellin.com

Suspicious scripts:
http://quttera.com/detailed_report/www.connorcadellin.com

Okay, this stuff is beyond me. I will forward it on to the guy who handles the server itself. Thanks for the fast responses, folks.

Tell your host to at least update the server software.
As far as the log files, TwinHead will help you with those.

PC seems clean.

Cheers Twinhead. Intriguing that Quttera is flagging the Tumblr sharing buttons, I wonder if that instance of jetpack is compromised? I did reinstall that component during my attempts to clean it earlier, so that is odd.

URL:mal means url og ip is blacklisted for whatever reason, there can be many, it does not have to be infected

If you think it is wrong, report it here. https://support.avast.com > avast virus lab