false alarm on domain

[idreams]

hello good afternoon all,

i need a big help.. i dont why but avast is treating our website like "malicious url blocked" even i have changed the hosting to another server
tried with out any files

when ever i type the domain in the browser it is giving me the warning.. this is happening only with avast

this is the url of our company website www.eximlinks.in

thanks

[mikaelrask]

welcome to the forum. i suggest you write to the avast support and send them a ticket about this problem.
http://www.avast.com/contact-form.php?loadStyles

according virustotal scan it shows to be clean. but if avast is reporting it to be malware it could be something in the code.
https://www.virustotal.com/url/0dd06c44e8b0212bacb0b4514331f7796e373d7b671c0617915fc046215e1354/analysis/1341497690/

[Pondus]

according to WOT it was/is listed at phishtank.com

http://www.urlvoid.com/scan/eximlinks.in/

[polonus]

Hi Pondus,

Nothing on Phis Tank, and nothing on Sucuri.
But I found site with 'searchmagnified.com' d='manual category browser Hijacker
Searchmagnified.com Hijacker is classified as an invasive browser hijacker which adjusts your homepage, search page and favorites to hxtp://Searchmagnified.com and various unwanted sites. It is able to get into your operating system without your concert.
Content returned: 1: test

polonus

[idreams]

should i contact avast support team or what should i do know ?
the replies are confusing.. and i am not so sure about what does this mean
MyWOT   05-07-2012, 12:01:25    DETECTED

[DavidR]

There is an on-line contact form, http://www.avast.com/contact-form.php?loadStyles for:  * Sales inquiries; Technical issues; Website issues; Report false virus alert in file; Report false virus alert on website; Undetected Malware; Press (Media), issues.

- If you are reporting an FP, then you get another input field open, enter the web URL for the site you wish to submit for review (Network Shield), etc. A link to this topic also wouldn't hurt.

[polonus]

When avast receives your report and the site indeed seems secure, they are known to solve these issues rather quickly, sometimes with a coming update.
So just report as DavidR told you how to and wait,

polonus

[idreams]

thank you so much guys. i have sent a request for review to the support team

lets see what they have to say..

really appreciate your help in this matter. never saw this much pro active community..

[DavidR]

You're welcome.

[idreams]

i guess the problem has been solved.
can anyone please check our domain and confirm it please www.eximlinks.in

thanks

[DavidR]

Well it isn't alerting, but there isn't a whole lot there just a test page 'literally,' see image.

But since this was a Network Shield alert on a malicious site, that looks to have been corrected.

However WOT still needs to be sorted as it has historical data giving the site a bad Rep, see http://www.mywot.com/en/scorecard/eximlinks.in, so you might need to contact them also.

[polonus]

Nothing much I can see: http://urlquery.net/report.php?id=83053
Content returned by request for: htxp://www.eximlinks.in/
1: test

polonus

[true indian]

Hi all,

the IP to the site eximlinks.in is 184.173.229.96 which gives no alert on URLQuery so pol is correct..

However there is a bad boy on: 184.173.0.171

see: http://urlquery.net/report.php?id=83890

this is a IP block for 184.173.xxx [xxx=any ransom numbers]...this will need analysis from a virus analyst to examine

[polonus]

Hi true indian,

That one is actually being reported in the Blackhole URL thread here...http://forum.avast.com/index.php?topic=100591.msg806005#msg806005
A sheer coincidence or the reason for the initial IP block, who will tell?
Arrticle author Fraser Howard did a write up about this particular one here in a Sophos Technical Paper:
http://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit-6/   I mean the "main.php?page= " Blackhole detection variant....
Checked against realtime lists the IP is not being blocked by any now (or going under the radar)..

polonus

[idreams]

how can we contact WOT
i dont see any contact us form in their website