You got off lucky. Seriously

I host a friend's family website on my personal webserver. No javascript, no cookies, no included links, no copied content, minimal CSS, just some basic family photos, wood working projects, etc. It's as minimal as a website can be and it hasn't been updated in years (and years). Occasionally I browse it after upgrades just to verify everything is OK with the webserver.

Recently Firefox stopped letting me visit the site because in HUGE scary words it tells me that the site is a "Reported Attack Page!". Clicking on the "why is this page blocked" link takes me to a Google advisory, with more scary information.

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 4 time(s) over the past 90 days.

Of the 67 pages we tested on the site over the past 90 days, 49 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-07-21, and the last time suspicious content was found on this site was on 2013-07-21.

Malicious software includes 11 exploit(s).

Malicious software is hosted on 2 domain(s), including dv-suedpfalz.de/, ntrfm.com/.

(I have no idea why those domains are listed? They have nothing to do with my hosting or the blocked website)

I have gone over the entire website with a fine tooth comb. There is absolutely nothing malicious on it. There isn't even a file modified stamp that isn't several years old. None of my other hosted websites are flagged as malicious, so it's not the server. In short the Google advisory is completely bogus.

How's that for a false positive?