my site is denied

[lucio]

Help me my site is denied for avast mfcp.homelinux.com

Infection Details
URL:   hxtp://mfcp.homelinux.com/
Process:   C:\Archivos de programa\Mozilla Firefox\...
Infection:   URL:Mal

I can not access, maintenance had a script that made my domain is blocked ..

 help to unlock my users can not enter.

[mchain]

Hi lucio,

urlquery here:  http://urlquery.net/report.php?id=75459  Screenshot in upper right is actual url page.  Says page is working properly but has yet to be configured.  Shows Fedora server page.

zulu here:  http://zulu.zscaler.com/submission/show/f8b7943673eb2c66fa4e1ed61c1e1ee3-1340655779  Suspicious link found in domain history.

urlvoid here:  http://www.urlvoid.com/scan/mfcp.homelinux.com/  avg threat labs here:  http://www.avgthreatlabs.com/sitereports/domain/mfcp.homelinux.com/

securi site check here:  http://sitecheck.sucuri.net/results/mfcp.homelinux.com/

Please make url non-clickable as in wXw or hxxp: to protect innocent users here.

[polonus]

Hi mchain,

Thanks for that extensive check. Your contributions are very welcome here, and mutually inspiring.
Therefore  I like this corner of the forums, I really do. How much insight it has already brought us all.

Just two additional remarks on a side note for what you report here, my friend:

1. Originally this was flagged by Norton Safe Web for "uklatt.homelinux dot com", and so all of homelinux dot com came under suspicion.
The link to  hxtp://fedoraproject.org/  recently resulted in the infection with two worms according to Google's Safebrowsing, 

2.

Also /sbin/init  on fedora is has been reported as infected with the Suckit rootkit but this could not be proven either
and could well be a false positive or false negative rather,

(quote tahen from a report by Beartooth on fedura's user-list june 7 2012),

polonus

[!Donovan]

I am shown a record that malware was live on this site for 0.1 hours 2012-06-25 22:36:15.

[polonus]

Hi !Donovan,

Right you are, my friend,  and sites for that domain has been spreading the following flaws of malware: unknown html and unknown executable malware, Trojan.Generic.KD.17597, PHP/BackDoor.AR,  Virus.PHP.Small!IK, 5 instances of Win32.SuspectCrc!IK, now all response dead, various IP sites for that domain were being taken down as well. So it could well have been a general domain block.

Sitevet report for the AS for that IP:
AS Name: Uninet S.A. de C.V.
IPs allocated: 12955024
Blacklisted URLs: 23

Hosts...
...malicious URLs? Yes 
...badware? Yes 
...Current Events? Yes 

If despite of all this you might feel your website is secure, then there is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for:  * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.

polonus