reason on website blocking? fake goods site?

[shinewatch]

Just wanted to ask if avast will block a site when the site is detected of selling replica items??
this was a reason they blocked my website but left other websites unblocked
i cannot find any logical reason for this.
previously, when they support site was still the old inteface, they helped in solving the issue, but after everything changed, their attitude seemed to have change also..any reason for this?

[Secondmineboy]

ScanURL: http://scanurl.net/?u=http%3A%2F%2Fshinewatch.com%2F&uesb=Check+This+URL#results
Sucuri:http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fshinewatch.com%2F
Virustotal:https://www.virustotal.com/en/url/77abb4a5a18030021db34707ab9e62e1b1092abd012ec825fad06781896418ad/analysis/1376585137/
URLQuery:http://urlquery.net/report.php?id=4573703
Zulu: http://zulu.zscaler.com/submission/show/cc5b3b0963dc9eaf8119085661569ffa-1376585286
Quettra: http://www.quttera.com/detailed_report/shinewatch.com

There are many suspicious scripts on the site as you can see in Zulu report............

[polonus]

Thanks you, Steven Winderlich for going over these scans for us.
Some additional info to create the full picture here.

Could have been a general IP block: http://urlquery.net/report.php?id=558113  for malware from the same IP
Info on hoster: Blacklisted URLs: 684

Hosts...
...malicious URLs? Yes
...badware? Yes [
...botnet C&C servers? Yes
...Zeus botnet servers? Yes [
...Current Events? Yes
...phishing servers? Yes
...spam bots? Yes
...spam activity? Yes

See this report from MysteryFMC: http://forum.hosts-file.net/viewtopic.php?f=70&t=1775
Crimeware friendly hoster? http://hphosts.blogspot.com/2009/11/crimeware-friendly-isps-ecatel-as29073.html  (same link author)

polonus

[polonus]

Seen with jsunpack
shinewatch dot com/catalog/view/javascript/jquery/jquery.cycle.js benign
[nothing detected] (script) shinewatch dot com/catalog/view/javascript/jquery/jquery.cycle.js
     status: (referer=shinewatch dot com/)saved 3890 bytes 9ba2698a05384e2187a4e6a1f7aed5937d85f252
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined variable D.fn
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var D.fn = 1;  * exploitable -> http://blog.exodusintel.com/tag/exploit/  for var effects via added Button element real..
          error: line:1: ....^
     suspicious:

pol

[shinewatch]

ScanURL: http://scanurl.net/?u=http%3A%2F%2Fshinewatch.com%2F&uesb=Check+This+URL#results
Sucuri:http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fshinewatch.com%2F
Virustotal:https://www.virustotal.com/en/url/77abb4a5a18030021db34707ab9e62e1b1092abd012ec825fad06781896418ad/analysis/1376585137/
URLQuery:http://urlquery.net/report.php?id=4573703
Zulu: http://zulu.zscaler.com/submission/show/cc5b3b0963dc9eaf8119085661569ffa-1376585286
Quettra: http://www.quttera.com/detailed_report/shinewatch.com

There are many suspicious scripts on the site as you can see in Zulu report............

hi if i delete the suspicious scripts, will the website function properly?

[shinewatch]

i guess it has to do with hosting...
i just checked.. all the same ips got blocked...
guess i have to change better hosting ip ..

[polonus]

Hi shinewatch,

Yes, I think you come to some sort of conclusion and it is a valid one. Also consider why here. Security issues as exposing excessive header information that can be abused by attackers:
Running on: Apache/2.2.23
System info: (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.6 Perl/v5.8.8
Powered by: PHP/5.2.17
and the collection of domains on that same IP: http://sameid.net/ip/94.102.48.20/

and they could do this google search query  like example for vulnerabilities  to attack your site with: http://www.google.com/search?q=front+page+5.0.2.2635+vulnerabilities&btnG=Search&client=flock&channel={flock%3Acontext}&oe=utf-8

polonus