AVAST Blocking my website...

[REDACTED]

Hi I've tried reaching out in multiple ways about this and hoping to get some help on the forum.

Avast is currently blocking out domain and reporting it as malicious. Kindly see the following reports,
all of which say there is no malware on the site.

https://sitecheck.sucuri.net/results/www.bassguitartips.com
http://www.urlvoid.com/scan/bassguitartips.com/
https://quttera.com/detailed_report/www.bassguitartips.com

Hoping for some assistance.

Cheers

[Pondus]

Blacklisted  https://virustotal.com/nb/url/ede519996ed9c39e67d4f82ec3f4f1f894178c48682180180b92aef38b97a564/analysis/1485206220/

also on URLVoid if you click update report, your scan was 2 years old
http://www.urlvoid.com/scan/bassguitartips.com/


IP history > seems like lots of malicious activity
https://virustotal.com/nb/ip-address/45.56.74.109/information/


Scumware.org info on IP

Query results
    URL   MD5   IP       Threat   
2016-11-04 17:55:39   http://bassguitartips.com/76vvyt?WMghab=WqndiBQgNp   EC140F26E22161E6277F881A25C92FDD   45.56.74.109   US   HTML/ScrInject.B trojan   
2016-11-04 03:42:29   http://bassguitartips.com/43ftybb8?pOHtNWGxKvK=pHOgrMXDHT
TP/1.1   FBD646B935FFA4425B03E63492541895   45.56.74.109   US   HTML/ScrInject.B trojan   
2016-11-03 07:13:42   http://bassguitartips.com/43ftybb8?cQXhBHB=txGcPI   379103A350F989B7ACFA77BFE4E8484C   45.56.74.109   US   HTML/ScrInject.B trojan   
2016-11-03 05:37:00   http://bassguitartips.com/43ftybb8?vsvSMfuqdOF=CFYeGX   9003AC810ED652083B4361994667A72F   45.56.74.109   US   HTML/ScrInject.B trojan   
2016-11-03 05:36:55   http://bassguitartips.com/43ftybb8?pnefqQgVi=CMmSwcoW   FE45B797C6B370DA10661644C7896899   45.56.74.109   US   HTML/ScrInject.B trojan   
2016-11-03 05:36:01   http://bassguitartips.com/76vvyt?UriyesSMaE=msLtYhwjJgW   64D04C010ADE7BDF08120CACA9D0F4BF   45.56.74.109   US   HTML/ScrInject.B trojan   
2016-11-03 01:05:00   http://www.bassguitartips.com/pages/product-catalog/the-2
1day-groove-makeover/   2212283820D0BF01209B361027A33A93   45.56.74.109   US   HTML/ScrInject.B trojan   

[Eddy]

https://virustotal.com/en/ip-address/45.56.74.109/information/

Site is compromised.
Time to remove the infection.

[Pondus]

Seems that IP was spreading locky ransomware
https://virustotal.com/en/file/fc7bcf028e10273d57c55034d2175f8074fa0b0dee7403a285c8da4b606d4a2b/analysis/

[REDACTED]

Hi Pondus,

Thanks for the quick reply. I'm confused though as to how both
quttera and sucuri (who we use for site protection) are reporting
that the site is currently clean.

If or not there was a compromise before as best as I know from
sucuri they informed me that it is currently and has been cleaned,
hardened and scanned every 6 hours since last november.

Again, based on what sucuri tell me these updates have been reported
to all the site you pointed out.

Shouldn't this be clear by now?

I've been following up with sucuri consistently and just figured I'd reach
out here myself.

[Pondus]

Again, based on what sucuri tell me these updates have been reported
to all the site you pointed out.

Shouldn't this be clear by now?

Cleaned and reported does not mean those running a blacklist is quick to update / remove
Anyway i have notified avast team, check back tomorrow for a reply

[REDACTED]

I totally get that there needs to be time between reporting and the database update,
just found two months to be a bit weird. Anyways thanks for the update and advice Pondus.

I'll check in tomorrow.

Cheers!

[HonzaZ]

Yeah, it was unblocked back in December, but then it was blocked automatically again yesterday - most probably just an echo of the past Locky infection.
I have unblocked bassguitartips[.]com now and made sure it will not be blocked automatically again!

[REDACTED]

Thank you Honzaz and Pondus for the assistance.