Clean web sites in blacklist

[chertenok]

Hello.
I need help. My two sites were blocked, but all scanners show that they are clear from any malware.
Reports:
1) kit-iphone.ru
http://www.urlvoid.com/scan/kit-iphone.ru/
https://www.virustotal.com/url/310e59f7dfed3cc2944d32b93a88ba6a9bfd63a251ed4e667f1a5c2650157baa/analysis/1336399708/
http://safeweb.norton.com/report/show?url=www.kit-iphone.ru
http://vscan.urlvoid.com/analysis/1af1052852211b3b85f4fc72dcf6c186/d3d3LWtpdC1pcGhvbmUtcnU=/
http://www.UnmaskParasites.com/security-report/?page=www.kit-iphone.ru

2) svoj-dom.ru
http://www.urlvoid.com/scan/svoj-dom.ru/
http://www.UnmaskParasites.com/security-report/?page=www.svoj-dom.ru
https://www.virustotal.com/url/1a9a064ed1085c63951431e7e2d0d4fb9de1ba3e3ab9b8a20202cd6972cc05ff/analysis/1336400929/
http://vscan.urlvoid.com/analysis/9cf5196cb976ddd8d91998f9ed1a01c6/d3d3LXN2b2otZG9tLXJ1/

I lose the users. Help me, please.

[DavidR]

Nothing on http://sitecheck.sucuri.net/results/www.kit-iphone.ru/ nor http://sitecheck.sucuri.net/results/www.svoj-dom.ru/ for the sites.

Since they are both hosted on the same IP address it is more likely the IP that is blocked rather than the domains as such. It may be that there are other domains that are hosted on this IP address and it could be that they are the problem or the actual host.

####
- There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for:  * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.

- If you are reporting an FP, then you get another input field open, click Browse button and navigate to the file or enter the web URL for the site you wish to submit for review (network shield - IP address), etc. A link to this topic also wouldn't hurt.

[polonus]

The only minor hick-ups I see are the following - as DavidR says: ....IP address has been identified as risky by one/more sources....
Malware (i.e. riskware)  from that IP like  Skodna.ArchSMS.P, Win32:Malware-gen and unknown_html malware have been since closed
or is no longer responsive (dead)!

Given as suspicious here: htxp://zulu.zscaler.com/submission/show/1f714da6809d9b6e7fa5160ec580db2b-1336410803
and this link: hxtp://zulu.zscaler.com/submission/show/4751f19d60d403f1f5896a659a62d89f-1336411127
Issue here: wXw.svoj-dom.ru/engine/classes/js/jquery.js benign
[nothing detected] (script) wXw.svoj-dom.ru/engine/classes/js/jquery.js
     status: (referer=wXw.svoj-dom.ru/)saved 93868 bytes 9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [decodingLevel=0] found JavaScript
     suspicious
See:  htxp://zulu.zscaler.com/submission/show/e7df941958a9b152601a823082ec9bf5-1336411852

polonus

[kubecj]

The hosting server got killed because it distributes malware. I temporarily removed it from the block, but I'll kill it again in any other case of malware.

[chertenok]

Thanks to all.  It is necessary to change a hosting provider? My sites are blocked because another's sites on the same IP address are distribute viruses?

[polonus]

Hi chertenok,

The now closed malware came from IP 176.9.118.22, also hosting hxtp://load-rar2.ru/ via which domain malware has been launched. Skodna.ArchSMS.P stayed active for 159.8 hrs before it was killed, and  Win32:Malware-gen stayed on for 74.8 hrs.
Your site seems to be secure. You could remove the "X-Powered-By" HTTP Header, which gives away that content is being generated dynamically.

Spamcheck and Safebrowsing secure. Web rep: http://www.webutation.net/go/review/kit-iphone.ru

If you experience new blocks because of the hosting server being abused,
you could reconsider hosting your site somewhere else, but that is up to you.
The AS has 3098 blacklisted URLs, re: http://sitevet.com/db/asn/AS24940
From your side on everything seems hunky-dory,

polonus

[chertenok]

 Thank you very much for the operative help.