Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on June 23, 2014, 03:53:43 AM
-
Avast keeps reporting my church's podcast site as having a URL:MAL Infection. Their main site: connectioncc.org loads just fine, but their podcasts are hosted on connectioncc.com/podcast/files/. If I try to go here with webshield on, it says its infected by URL:MAL. Turning off webshield if's just an index of MP3 Files, so I don't see there being any malware. Can I tell avast to ignore this site (Exceptions TAB isn't working), without disabling malware url checking entirely or get Avast to remove the site from their database?
Thanks!!
--Matt
-
hello
use virus@avast.com with "False positive" in email subject.
or http://www.avast.com/contact-form.php
-
Avast keeps reporting my church's podcast site as having a URL:MAL Infection
URL.mal is not a infection ..... it means the URL and/or IP is on a blacklist for whatever reason ..... does not have to be infected
-
sorry for the delay but that I can do it
we will unblocked now
Hello Matt,
This is a false positive, it should be fixed in the new update.
Best Regards
Richard Šrank
avast! Technical Support Specialist
-
Please help me,
I have the same problem, when I access the my site:
http://www.publiguiaperu.com/
I am thinking that is a FP.
Thanks.
-
JQuery vulnerable libraries (need to be fixed) :
http://retire.insecurity.today/#!/scan/5078b0779e8607a81190aaaf34449fbc909bf19e9d07c864d31ce830c731e0e3
Blacklisted :
http://urlquery.net/report.php?id=1460540143143
Browser difference :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=www.publiguiaperu.com
The problem is likely the use of shared hosting.
-
I removed publiguiaperu.com from our blacklist ;)
-
Please help me,
I have the same problem, when I access the my site:
https://www.myshop.lk/
i have cleaned the files now and its still showing "URL.mal"
it means the URL and/or IP is on a blacklist, can you please remove it now
Thanks.
-
-> https://sitecheck.sucuri.net/results/www.myshop.lk/
-
Yes, i have checked securi site, but i have scanned the whole site by eset and avast virus guard, its showing its all are clear, but i am confused now. What should i do now?
-
Guess you haven't read the Sucuri results :
How to get my site removed from their blacklist?
If you are a Sucuri customer, just fill a malware removal request in your support dashboard. Our team will double check your site (and clean whatever needs to be cleaned) and contact ESET about it.
If you are not a Sucuri customer (and using our free sitecheck), you will need to make sure your site is cleaned first. Once you do that, email samples@eset.com and they will re-check the site.
Here are more scan results :
http://zulu.zscaler.com/submission/show/90e08d4502b32f4a3dcc5be2e20e88c9-1469165407
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=www.myshop.lk
https://www.virustotal.com/en/url/5fcbcf42c33ab23c15670c439cc9f206c0f12d39f5a6372248c1c83416bbd016/analysis/1469165422/
http://www.urlvoid.com/scan/myshop.lk/
http://urlquery.net/report.php?id=1469164450793
https://www.virustotal.com/en/ip-address/166.62.10.227/information/
http://urlquery.net/report.php?id=1469164607118
http://multirbl.valli.org/lookup/166.62.10.227.html
What should i do now?
- Step away from GoDaddy and get yourself dedicated hosting at a reliable host that takes security seriously
- Contact Sucuri and have them fix the problems
-
OK, thank you sir, i will send a mail to 'samples@eset.com' and update you, but avast also blocking my website? its showing URL:Mal??
-
You can report a URL here: https://www.avast.com/report-a-url.php
-
I have removed "myshop.lk" from our blacklist ;)
-
Hello,
It seems my website has the same problem: http://pouyas.com/
Could you please remove it from the blacklist?
Thanks
-
Blacklisted IP :
http://zulu.zscaler.com/submission/show/d79772dfd3540950ed0d759372ab38d9-1471798737
Outdated software :
https://sitecheck.sucuri.net/results/pouyas.com
Problems on that ASN :
http://urlquery.net/report.php?id=1471799039616
http://urlquery.net/report.php?id=1471799061736
Vulnerable libraries :
http://retire.insecurity.today/#!/scan/799ab1b9714b9603c97bfdaf9eeeccde2b1f8717888e557814454b80152b5006
-
Hello,
It seems my website has the same problem: hxxp://pouyas.com/
Could you please remove it from the blacklist?
Thanks
(http://i.imgur.com/B1Kaa95.png)
Hello.
IP compromised
http://www.ipvoid.com/scan/67.23.226.139/
http://www.urlvoid.com/ip/67.23.226.139/
I will Report to virus analyst
-
The IP was infected with Locky ransomware 20 days ago. I have unblocked it for now, but I strongly advise using a different hosting.
-
HonzaZ is right and the more so,
because the IP there functions as a Locky distribution site,
re: https://ransomwaretracker.abuse.ch/host/67.23.226.139/
Confirmed here for that sample MS5 dc9db417c58c2c1e9615b6c0e0aed913
See: https://tracker.h3x.eu/corpus/400
Latest 100 files (malware samples) dropped by this distribution site.
polonus (volunteer website security analyst and website error-hunter)
-
Hi Avast Team.
I have the same issue (false infection). I need your help to take my site out of your black list.
espanholparaviagem[.]com
Thanks a lot.
Regards,
Tarcisio.
-
Wat message is avast giving you ? (screenshot)
Suspicious (possibly malicious) :
https://quttera.com/detailed_report/www.espanholparaviagem.com
Issues on that ASN :
http://urlquery.net/report.php?id=1474702349281
Vulnerable library used :
http://retire.insecurity.today/#!/scan/c44362f50116f6ee223f0c0fb4fc4f79977b64ca5ae5acacacfeec6c06237db1
Wordpress issues :
WordPress Version 4.5.4
Version does not appear to be latest 4.6 - update now.
Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID User Login
1 None admin
2 None dx2brasil
-
Suspicious > http://www.UnmaskParasites.com/security-report/?page=www.espanholparaviagem.com/oferta3/
-
IP 198.199.66[.]75 (which espanholparaviagem[.]com points to) was blocked in March due to CSRF attack coming from it.
I have now unblocked it.
-
Being on SSL via CloudFlare with a Let's Encrypt Authority 3 Certificate is no reason for not implementing security headers,
see the meagre F-Status found here: https://securityheaders.io/?q=www.espanholparaviagem.com&followRedirects=on
Relying simply on a cdn solely for keeping your website secure, is not enough.
Also tackle the following issues. see: https://mxtoolbox.com/domain/www.espanholparaviagem.com/
polonus (volunteer website security analyst and website error-hunter)
-
need help ASAP .
One year , our company purchased the domain yyw[.]com as our company page .
but too many custermers repokrted as blocked for URL : Mal .
pls check and process for us .
my email : admin@yyw.com or 1398630@qq.com
-
- Remove the links to the blacklisted site (beads)
https://www.virustotal.com/en/ip-address/50.23.125.205/information/
- Retire the vulnerable library
http://retire.insecurity.today/#!/scan/d3aa5aa3c5e07d7f41b9f8fbc89c482fd5de37bfef2f07dde9ec9f0e93c8a0c1
- Fix the security issues
https://www.ssllabs.com/ssltest/analyze.html?d=www.yyw.com
-
thanks !
i will check now
-
Hello,
detection of yyw.com was disabled.
Milos
-
We are having this issue also. Our company purchased allegiantcare.com a few years ago and avast users report our domain gets blocked for blacklisting. Can you please remove allegiantcare.com from your blacklist?
-
Site is not even loading and avast doesn't give a alert when trying to load the site.
Blacklisted :
https://www.virustotal.com/en/url/fedaa175143a03d4493bf8721b4515610f51141453ce3ed2e96ca35977839b11/analysis/1498143939/
http://www.urlvoid.com/scan/allegiantcare.com/
https://sitecheck.sucuri.net/results/allegiantcare.com
https://www.virustotal.com/en/ip-address/71.245.183.172/information/
Wordpress issues :
Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID User Login
1 sjunker sjunker
2 None
Warning Directory Indexing Enabled
Certificate issue :
https://www.ssllabs.com/ssltest/analyze.html?d=allegiantcare.com
Very likely also vulnerable libraries are used.
-
allegiantcare.com >> BLACKLISTED X 3
https://virustotal.com/en/url/fedaa175143a03d4493bf8721b4515610f51141453ce3ed2e96ca35977839b11/analysis/1498143939/
and as said, site does not load, see screenshot http://urlquery.net/report.php?id=1498142085520
-
https://yandex.com/infected?l10n=en&url=allegiantcare.com&redircnt=1498144545.1 (https://yandex.com/infected?l10n=en&url=allegiantcare.com&redircnt=1498144545.1)
Issues for more than 24 hours.
-
Strange that it is not loading because we have customers on it all day and it is working for me off site.
I have contacted yandex and they have cleared my site but I guess it's not updated.
I contacted the other too but have not heard back from them expect for sucuri, they want money to remove me. That doesn't seem right. Is there anything else I can do?
-
You could start with fixing the Wordpress issues and the certificate issue.
-
allegiantcare[.]com is unblocked since yesterday, 17:42 CEST, but I strongly suggest following advice of other people commenting on this issue.
-
No direct threat coming from website, so it was unblocked by Avast Team: http://urlquery.net/report.php?id=1498213066446
However for the Word Press settings User Enumeration and Directory Listing should be set disabled.
The server at Verizon's is set to speak too loudly Server: Apache/2.4.23 (Win64) OpenSSL/1.0.2j PHP/7.1.2
X-Powered-By: PHP/7.1.2 (excessive server info proliferation, we call this issue). PHP also can be' a can of worms' (vuln.).
For this external link we see a secure cookies warning, clickjacking warning and a http to https warning: https://asafaweb.com/Scan?Url=go.microsoft.com%2Ffwlink%2F%3Flinkid%3D66138%26clcid%3D0x409 - was on: https://aw-snap.info/file-viewer/?protocol=secure&tgt=accreditnet2.urac.org&ref_sel=GSP2&ua_sel=ff&fs=1 (hhtp blocked for shared hosting)!
Suspicious urls with this external link: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.surveymonkey.com&ref_sel=GSP2&ua_sel=ff&fs=1 with particular issues and warnings here: https://asafaweb.com/Scan?Url=https%3A%2F%2Fwww.surveymonkey.com
So you have issues for the website and you have to take up certain proliferation issues with provider Verizon's (not maintaining best policies because of incompetence, not being interested to tackle issues or other factors, which is not offering you the best of infrastructure, a shame really but what can we do when regulators turn a blind eye and commerce rules big time ;).
polonus (volunteer website security analyst and website error-hunter)
-
Hi, i need help please!!
My website is block with URL:Mal by avast, how i resolve it?
Thansk
-
which website? Post a link here or at least a printscreen of the detection ;)
-
We are in the same boat - I have numerous clients reporting our site is unsafe, but as the IT Director, of app.espace.cool - I can guarantee we are safe and behind a secure firewall at LiquidWeb. It's really starting to impact our business. We serve many large churches in the US and they are soon going to be moving to other anti-virus software if we can't get someone from Avast to answer our false detection report. I've seen in 3 separate emails and even called. Was told someone would call me right back.. that was 3 days ago.. still waiting. PLEASE HELP!
-
We are in the same boat - I have numerous clients reporting our site is unsafe, but as the IT Director, of app.espace.cool - I can guarantee we are safe and behind a secure firewall at LiquidWeb. It's really starting to impact our business. We serve many large churches in the US and they are soon going to be moving to other anti-virus software if we can't get someone from Avast to answer our false detection report. I've seen in 3 separate emails and even called. Was told someone would call me right back.. that was 3 days ago.. still waiting. PLEASE HELP!
You can report a URL here: https://www.avast.com/report-a-url.php
-
I have removed app.espace[.]cool/account/login from our blacklist ;)
-
;D ;D ;D ;D - Thank you!
-
If Avast is reporting MAL:URL on the basis of the domain name being on a blacklist would you PLEASE, PLEASE display the name of the blacklist on which it was found?
When the Avast popup says "...because it was infected with URL:Mal", if it is really just reporting that the target website is being blocked because it is listed on a blacklist, then why not display "...because it is listed on the Barracuda blacklist" (or whatever blacklist)?
Or display "...because it is listed on the one or more blacklists" and list the blacklists in the "details" section.
If I have not understood URL:Mal then I apologize but it seems to get a lot of people running around wondering how to remove the "URL:Mal infection". Again, if URL:Mal is simply indicating a blacklist entry then calling it an infection causes a waste of time and effort.
-
Blacklisted infection entries are there for your protection. Sometimes, but not often, these blocks are false positives, but these can occur when a known blacklisted site shares an IP address with many websites and is itself not infected with malware.
Some real-time security websites are listed below to verify an URL:Mal block:
https://www.virustotal.com/#/home/url (https://www.virustotal.com/#/home/url)
https://sitecheck.sucuri.net/ (https://sitecheck.sucuri.net/)
http://urlquery.net/ (http://urlquery.net/)
Please treat blacklisted sites with due care and caution, always.
-
If Avast is reporting MAL:URL on the basis of the domain name being on a blacklist would you PLEASE, PLEASE display the name of the blacklist on which it was found?
Avast is using there own Blacklist
If I have not understood URL:Mal then I apologize but it seems to get a lot of people running around wondering how to remove the "URL:Mal infection". Again, if URL:Mal is simply indicating a blacklist entry then calling it an infection causes a waste of time and effort.
You can only remove it if you own the website, and there are many reasons why a website is blacklisted, it does not have to be infected
-
Domain probably blocked by avast because of malware on that particular IP: https://www.threatcrowd.org/ip.php?ip=64.37.52.189
Also in attack archive: http://overflowzone.com/archive/geoip/64.37.52.189/
Only avast team members can unblock or exclude your domain from a general IP block,
wait for one to appear and give the final verdict.
We here are just volunteers with relevant knowledge, but cannot unblock,
polonus (volunteer website security analyst and website error-hunter)
-
mchain, I get a clean report for my daughter's web site, www.katinaarnott[.]com, from your suggested web sites:
- https://www.virustotal.com/#/home/url
- https://sitecheck.sucuri.net/
- http://urlquery.net/
I have also run tests on several other sites like pentest-tools.com and webinspector.com with no issues. Also I have a blacklist monitor at mxtoolbox.com and it shows no entries on 103 blacklists. But still Avast insists on aborting connections to www.katinaarnott.com "because it is infected with URL:Mal".
Now, of course I want get a clean bill of health for this website but I'm also concerned as to why Avast calls it an infection (URL:Mal) and just leaves it at that. I have googled URL:Mal extensively and cannot find a definition of a virus/infection of this name. I do, however, see posts like these:
- What is URL:MAL and How to remove URL:mal virus from Windows
- Remove URL:Mal Virus Infection (Uninstall Guide)
Both of these posts just give a generic description of how to clean up a pc.
So, if we can agree that "because it is infected with URL:Mal" means that Avast has detected an issue on the target website, then for goodness sake, Avast, tell us what the issue is.
As for my specific web site, the only issue of which I'm aware is the lack of SPF/DKIM/DMARC. This is a problem I'm having with GoDaddy because they used to be set up ok. I still have absolutely no idea what Avast thinks is wrong at my website.
-
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
-
Hi, this was caused because the IP (50.116.55.30) was blocked due to Blackhole EK.
I hope the IP is clean now, and I am unblocking it.
-
Hi HonzaZ, I am very grateful for your input. Can you please tell me how you found out that my site was blocked due to Blackhole EK? Like I've been saying, the Avast warning just says the site is blocked (URL:Mal) but doesn't say why. More importantly, how can I determine what the cause was?
And thank you for unblocking. I also "hope the IP is clean now" but I have run checks from just about every web site I can find plus I have installed and run the AntiVirus and ExploitScanner WordPress plugins. No problems reported.
Again,many thanks and I look forward to your response.
-
IP history >> https://www.virustotal.com/#/ip-address/50.116.55.30
click on items for details
https://en.wikipedia.org/wiki/Blackhole_exploit_kit
-
Cannot add much more than what Pondus already said/linked, but if you have other questions, feel free to ask :)
-
HonzaZ,
There is still my main point, which is that the Avast warning just says the site is blocked (URL:Mal) but doesn't say why. If it is Avast that has determined there is a problem then Avast knows what the problem is (e.g. Blackhole EK) so why not display that information? It would save people like me (and many others) from having to bother you guys by asking over and over "what caused the URL:Mal".
In other words, just displaying the cause of the issue would save everybody time and effort.
But again, thanks for all your help.
-
Hi zapappa,
Little old me was abroad and away for a week without my regular laptop and only on android, so when I saw this thread, I performed a few third part scans to make you feel more comfortable with the avast alert and to help and amend issues.
In addition to what has been said in the thread above, which of course is right, I add the following:
First a retirable and vulnerable jQuery script running: http://retire.insecurity.today/#!/scan/c807bedbcf04aa0acd86b08811f455bbabb6ebc4433266431625a22828d30b5a
See that the site has been banned here: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.katinaarnott.com&ref_sel=GSP2&ua_sel=ff&fs=1
Reason: Your IP address has been automatically flagged as abusive. You are currently banned from viewing this site. To remove the ban, please < a href="https://app.getflywheel.com/unban?name=fw071912&error=481"> visit the un-ban page< /a> .< /p>
The ban should be lifted here Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
nginx/1.12.1 + Phusion Passenger 5.1.8
X-Powered-By:
Phusion Passenger 5.1.8
IP Address:
-54.243.154.12
Hosting Provider:
Amazon.com
Shared Hosting:
2 sites found on -54.243.154.12
Also consider: Loaded Resources
Compromised sites will often be linked to malicious javascript or iframes in an attempt to attack users of your WordPress installation. Look over the listed resources, you should be familiar with all scripts and investigate ones you are not sure. In addition removal of unneeded javascript will speed up your website.
-https://app.getflywheel.com/unban?name=fw071912
GoogleSafe:
OK Load:
111ms Server: -54.225.179.161
nginx/1.12.1 + Phusion Passenger 5.1.8 ASN: 14618 United-States
Amazon.com, Inc. Reverse DNS:
-ec2-54-225-179-161.compute-1.amazonaws.com
-http://fonts.googleapis.com/css?family=Source+Sans+Pro:200,300,700,900
GoogleSafe:
OK Load:
20ms Server: -172.217.7.138
ESF ASN: 15169 United-States
Google Inc. Reverse DNS:
iad30s08-in-f10.1e100.net
-https://js-agent.newrelic.com/nr-1071.min.js
GoogleSafe:
OK Load:
25ms Server: -151.101.34.110
AmazonS3 ASN: 54113 United-States
Fastly Reverse DNS:
-http://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdo.woff
GoogleSafe:
OK Load:
17ms Server: -172.217.7.131
sffe ASN: 15169 United-States
Google Inc. Reverse DNS:
iad30s08-in-f3.1e100.net
-http://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlxdo.woff
GoogleSafe:
OK Load:
17ms Server: -172.217.7.131
sffe ASN: 15169 United-States
Google Inc. Reverse DNS:
-iad30s08-in-f3.1e100.net
h-ttp://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdo.woff
GoogleSafe:
OK Load:
18ms Server: -172.217.7.131
sffe ASN: 15169 United-States
Google Inc. Reverse DNS:
-iad30s08-in-f3.1e100.net
-http://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdo.woff
GoogleSafe:
OK Load:
19ms Server: 172.217.7.131
sffe ASN: 15169 United-States
Google Inc. Reverse DNS:
-iad30s08-in-f3.1e100.net
-https://bam.nr-data.net/1/d31ab27ce7?a=23297107&v=1071.385e752&to=Jg1YQBRcCVpdS0taUwwMGUEIUQRYF0wKVVML&rst=190&ref=-https://app.getflywheel.com/unban&qt=1&ap=5&be=108&fe=160&dc=159&af=err,xhr,ins&perf=%7B%22timing%22:%7B%22of%22:1519556150832,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22ce%22:0,%22rq%22:0,%22rp%22:0,%22rpe%22:111,%22dl%22:102,%22di%22:159,%22ds%22:159,%22de%22:160,%22dc%22:160,%22l%22:160,%22le%22:161%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
GoogleSafe:
OK Load:
194ms Server: 162.247.242.20
ASN: 23467 United-States
New Relic Reverse DNS:
-bam-8.nr-data.net
Login for
To fix it you can:
1. In the Slider Settings -> Troubleshooting set option: Put JS Includes To Body option to true.
2. Find the double jquery.js include and remove it. Your client address was checked by-> https://toolbar.netcraft.com/site_report?url=https://l2.io
More issues and recommendation: https://observatory.mozilla.org/analyze.html?host=www.katinaarnott.com
Issue should be taken up with the AS - Net Access Corporation e.q. Flywheel, comsider Linode abuse.
Re: https://urlquery.net/report/51cf5840-4139-456a-b321-93773bccf4c1
Netcraft risk score 9 red out of 10: https://toolbar.netcraft.com/site_report?url=http://50.116.55.30
polonus (volunteer website security analyst and website error-hunter)
-
There is still my main point, which is that the Avast warning just says the site is blocked (URL:Mal) but doesn't say why. If it is Avast that has determined there is a problem then Avast knows what the problem is (e.g. Blackhole EK) so why not display that information? It would save people like me (and many others) from having to bother you guys by asking over and over "what caused the URL:Mal".
In other words, just displaying the cause of the issue would save everybody time and effort.
You are a very rare user though. We block thousands of URLs a day and you are one of the few who cares, and even of those who care and want their website without any warnings, most people don't know or care what happened earlier. They will just wipe it, update it, change passwords, and that's it. I am literally talking about one person a week who wants to know what happened and knows what "being infected by an exploit kit" means.
And even if there were many people who cared, it would be difficult to change the GUI, and I am not even talking about all the trouble with localization...
All in all, I understand, but I feel like it is too much effort for too little gain.
-
Hi polonus, that was some very useful input. Thanks very much!
HonzaZ, fair comment, thanks for your help.
-
My web site www.gamereplays[.]org is experiencing the same problem. Many users that have been able to contact me through other means are reporting that they are being presented with the same message and are unable to access the site. They say they are unable to over-ride the block.
We are a respectable site. Please fix this obviously spurious problem and unblock our site.
-
My web site www.gamereplays.org is experiencing the same problem. Many users that have been able to contact me through other means are reporting that they are being presented with the same message and are unable to access the site. They say they are unable to over-ride the block.
We are a respectable site. Please fix this obviously spurious problem and unblock our site.
Well according to Sucuri your website containe spam >> https://sitecheck.sucuri.net/results/www.gamereplays.org
Malware entry: spam-seo.spammy_keywords
http://labs.sucuri.net/db/malware/spam-seo.spammy_keywords?3.14
-
Hi [GR]ToxicShock,
Nothing flagged: http://isithacked.com/check/http%3A%2F%2Fwww.gamereplays.org%2F
& https://urlquery.net/report/ec516cc4-4ecb-4803-a193-29b062e0b26f
What can be flagged is a second redirect via http - https -> to: hxtp://www.gamereplays.org/portals.php -> htxps://www.gamereplays.org/portals.php
See sources and sinks here: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.gamereplays.org%2Fportals.php
uMatrix blocks: -http://cdn.assets.craveonline.com/comscore_branding/cr-branding.js?useDarkLogo=true
(bug-hunter's) script error on site -cdn.assets.craveonline.com/branding/cr-branding.js?useDarkLogo=true
info: [decodingLevel=0] found JavaScript
error: undefined variable clearTimeout
error: undefined function d[m]
error: undefined variable d
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3: <!DOCTYPE html PUBLIC "-/W3C/DTD XHTML 1.0 Transitional/EN"
error: line:3: ...............^
Also see here: https://www.scamadviser.com/check-website/gamereplays.org
Last update of your website -> 2017-11-27 16:36:03 (6 months & 1 day ago) according to your WHOIS data
- Cxxxs Dxxxk, : Array, London, W1G8RJ, GB , hosted by GoDaddy on wXw.pir.org server
We are just volunteers with relevant knowledge, unblocking can only be performed by avast team members.
Wait for one to arrive here in this thread and give the final verdict on your website.
polonus (volunteer website security analyst and website error-hunter)
-
Today have been getting URL:Mal threat detection alerts from Web Shield for all attachments, images or links in emails on Shaw webmail:
wm-so.glb.shawcable.net
Sucuri site checker doesn't show any problems. I added the site to exclusions in Avast settings so I can access my email, but wondering why it has been blocked?
-
Will we be waiting long? It seems a rather obvious false positive to me.
-
Will we be waiting long? It seems a rather obvious false positive to me.
Did you fix your spam issues..!? (See Reply #57 from Pondus)
-
There is no spam issue and never was :D
-
There is no spam issue and never was :D
Just rescanned your site, according to Sucuri it's still there.
-> https://sitecheck.sucuri.net/results/www.gamereplays.org
-
With respect,
(1) That shows no issues
(2) There are no issues (unsurprisingly).
-
Hi,
gamereplays[.]org really looks like a false positive and should be fixed in a couple of minutes.
wm-so.glb.shawcable[.]net also looks like a false positive and will also be fixed soon.
-
gamereplays[.]org >> something to fix >> https://retire.insecurity.today/#!/scan/ee3caaec4312e212efc319235ca6c21eac91a75909f87d5eaae2aa7d1d1bbe2c
-
Hi,
gamereplays[.]org really looks like a false positive and should be fixed in a couple of minutes.
wm-so.glb.shawcable[.]net also looks like a false positive and will also be fixed soon.
Apparently, the site is still blocked.
-
Hi, i need help please!!
My website gazelleclub.ru/forum/index.php is block with URL:Mal by avast, how i resolve it?
-
Hi, i need help please!!
My website gazelleclub.ru/forum/index.php is block with URL:Mal by avast, how i resolve it?
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
-
Hi, i need help please!!
My website gazelleclub.ru/forum/index.php is block with URL:Mal by avast, how i resolve it?
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
I already wrote there two days ago, not what result
-
Hello,
the domain was unblocked.
Milos
-
Hi, i need help please!!
My website https://www.vova.com is block with URL:Mal by avast, how i resolve it?
-
https://sitecheck.sucuri.net/results/www.vova.com/
https://zulu.zscaler.com/report/20db9a2f-79b9-4945-8a7c-c5787c2a1690
https://www.virustotal.com/#/url/1fba29f27c7d07d3e1cf5b1ce26c2a52aced9d6b0ec51ac0aecbe275c08afc95/detection
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
-
Thank you for your reply. We have submited the FP report through the website you provided. How long does it take usually for Avast to process our report and unblock our website?
Thank you again!
-
You're welcome. (Usually rather quick, few hours at most)
-
You're welcome. (Usually rather quick, few hours at most)
Thank you!
-
No problem.
-
Hi dyang,
You're probably flagged because your on a google amp.site as image, but I am not sure about that.
Some remarks on the code your run on that page and some glitches there flagged:
error 3rd party cold reconnaissance tested vulnerable uri: -https://www.vova.com/faqs.html?service=1
error (script) -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/main.js?eb94dfeb
status: (referer=-www.vova.com/faqs.html?service=1)saved 268918 bytes 255c4412dbc3c4d4033276fb9fecc7feb85b97b4
info: [img] -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/
info: [iframe] -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 second
&
-www.vova.com/public/a/images/footer-accept.jpg?eb94dfeb
info: [decodingLevel=0] found JavaScript
error: undefined variable f
pervasive criteo tracking detected, but that is ad-tracking and not malicious per se.
Security 1 error detected: -https://www.vova.com
'jQuery@1.11.3' has 1 known vulnerability (1 medium). See 'https://snyk.io/vuln/npm:jquery' for more information.
No vulnerable libraries found on the image when scanned with Erlend Oftedal's scanner: https://retire.insecurity.today/#!/scan/a6fdbd952cfe8c2cdffd06ca0debb848219ecd952582f72915db2d7ad9c391bc
Wait for an avast team member to give a final verdict on your site. Avast Team Members are the only ones to unblock,
we are just volunteers with relevant knowledge.
polonus (volunteer website security analyst and website error-hunter)
-
Hi dyang,
You're probably flagged because your on a google amp.site as image, but I am not sure about that.
Some remarks on the code your run on that page and some glitches there flagged:
error 3rd party cold reconnaissance tested vulnerable uri: -https://www.vova.com/faqs.html?service=1
error (script) -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/main.js?eb94dfeb
status: (referer=-www.vova.com/faqs.html?service=1)saved 268918 bytes 255c4412dbc3c4d4033276fb9fecc7feb85b97b4
info: [img] -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/
info: [iframe] -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 second
&
-www.vova.com/public/a/images/footer-accept.jpg?eb94dfeb
info: [decodingLevel=0] found JavaScript
error: undefined variable f
pervasive criteo tracking detected, but that is ad-tracking and not malicious per se.
Security 1 error detected: -https://www.vova.com
'jQuery@1.11.3' has 1 known vulnerability (1 medium). See 'https://snyk.io/vuln/npm:jquery' for more information.
No vulnerable libraries found on the image when scanned with Erlend Oftedal's scanner: https://retire.insecurity.today/#!/scan/a6fdbd952cfe8c2cdffd06ca0debb848219ecd952582f72915db2d7ad9c391bc
Wait for an avast team member to give a final verdict on your site. Avast Team Members are the only ones to unblock,
we are just volunteers with relevant knowledge.
polonus (volunteer website security analyst and website error-hunter)
Hi polonus,
Thank you for your reply!
If possible, could you please tell me how you can scan our website to find the problem?
Thanks again!
-
Hi, vova[.]com was unblocked yesterday, 09:25 CEST.
-
Hi, vova[.]com was unblocked yesterday, 09:25 CEST.
Hi HonzaZ,
Thank you very much!
-
Hi dyang,
Anyone can do it, when you're careful enough to make the right combinations and deductions.
My website scanning is performed through normal third party cold reconnaissance public website scanners online.
I never actually visit the website to be evaluated.
Recently I use sonarwahl or now known as webhint where I use: https://snyk.io/vuln/npm:jquery to verify
retirable jQuery libraries, another is Redleg\'s file viewer for the code checks and Google alerts.
Also checked retirable jQuery from Erlend Oftedal's scanner - retire.insecurity.today/#
But I also make use of other scanners as seem appropriate.
The script errors that are found, come from a javascript unpacker service run on any particular uri or piece of javascript code.
Going beyond expected runtime is a give away of suspicion and so are scripting errors, I check them at Stack-Overflows.
This is helpful for developers where they missed something while dealing with the scriptcode (undefined this or undefined that etc.).
Another thing that counts is me doing this for 14 years here in the Virus and Worms now, to be short it is called "experience".
Important is that webmasters, hosters, web-developers, etc. learn to code with security at heart,
update and patch en configure according to best practices.
To bring this nearer in practice is also part of my motivation and constant "preaching to the choir".
Also I like avast av and like to give them a helping hand from time to time.
I owe them this platform as a place to post at least and all I learnt here with the help of colleagues.
polonus (3rd party cold reconnaissance website security analyst and website error-hunter)
-
I have the same problem, when I access the my site:
https://beautyloungelk.com/
:-[https://beautyloungelk.com/ (https://beautyloungelk.com/)
-
-> https://sitecheck.sucuri.net/results/https/beautyloungelk.com
-
Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK
Web Server:
cloudflare
X-Powered-By:
PHP/7.3.11 Outdated Software Detected
7.5
CVE-2019-11049
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
7.5
CVE-2019-11047
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
6.4
CVE-2019-11050
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
6.4
CVE-2019-11044
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
5
CVE-2019-11046
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
5
CVE-2019-19246
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
5
CVE-2019-11045
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
4.3
IP Address:
104.31.91.246
Hosting Provider:
Cloudflare.
Shared Hosting:
500 sites found on 104.31.91.246
Configuration OK - external links Google Safebrowsing approved.
Javascript errors related to script blocker action
ReferenceError: jQuery is not defined
/:1194
ReferenceError: jQuery is not defined
/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=2.8.5:2
TypeError: a.extend is not a function
/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.7.3:3
TypeError: Cannot read property 'each' of undefined
/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2:1
ReferenceError: elementorModules is not defined
/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=2.8.5:2
Also consider: https://webcookies.org/cookies/beautyloungelk.com/28957248?678928
Privacy Impact Score = D -> The page loads 39 third-party JavaScript files and 37 CSS but does not employ Sub-Resource Integrity to prevent breach if a third-party CDN is compromised
Wait for a final verdict from an avast team member as they are the only ones to come and unblock.
As we here are just volunteers with relative knowledge in the field of website security and website error-hunting.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
I have the same problem, when I access the my site:
hxxps://beautyloungelk.com/
:-[ hxxpsbeautyloungelk.com/hxxps://beautyloungelk.com/
Detection was removed in 11.02.2020
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
-
Hello,
My site https://streamyard.com has been incorrectly flagged for phishing. The same thing has happened twice in the past and avast/avg removed the warning and said it was a false positive. Please help.
https://sitecheck.sucuri.net/results/streamyard.com
-
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
-
Probably flagged for a hidden iFrame, see code line 65 here:
https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c3R9e3xteXx9Iy5eXW1g~enc
Web Firewall blocks -https://www.googletagmanager.com/ns.html?id=GTM-5KG4PZD as "Ads".
<iframe src="htxps://www.googletagmanager.com/ns.html?id=GTM-5KG4PZD" height="0" width="0" style="display:none;visibility:hidden"></iframe>
Not being flagged at VT here: https://www.virustotal.com/gui/ip-address/35.227.212.162/relations
Wait for an avast team member to give a final verdict as they are the only ones to come and unblock.
polonus
-
Hello,
My site hxxps://streamyard.com has been incorrectly flagged for phishing. The same thing has happened twice in the past and avast/avg removed the warning and said it was a false positive. Please help.
https://sitecheck.sucuri.net/results/streamyard.com
Detection has already been removed.
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
-
Hello Avast,
It seems my website has the same problem: https://www.eshop.lk but my files and site clean and safe according to virus total
So Could you please remove it from the blacklist?
Thank You. :)
-
Hello Avast,
It seems my website has the same problem: https://www.eshop.lk (https://www.eshop.lk) but my files and site clean and safe according to virus total
So Could you please remove it from the blacklist?
Thank You. :)
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
-
Hello Avast,
It seems my website has the same problem: https://www.eshop.lk (https://www.eshop.lk) but my files and site clean and safe according to virus total
So Could you please remove it from the blacklist?
Thank You. :)
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
I am using Core Shields on " High sensitivity " and having no problems with this website.
Greetz, Red
-
Avast does not block this website at the moment.
Only alerts tracking by pinterest
links to gstactic dot com, fonts.googleapis dot com & tawk dot to
This site has 100% content.
That's all we know,
polonus