Avast WEBforum

Other => Viruses and worms => Topic started by: ThreeHDM on August 07, 2019, 01:51:07 PM

Title: Site blacklisted
Post by: ThreeHDM on August 07, 2019, 01:51:07 PM
Hi, I work with this site and suddenly some of its urls are blacklisted. Why is that? Can it be fixed? Thanks

http://scw.pjn.gov.ar/scw/expediente.seam?cid=2471450

http://scw.pjn.gov.ar/scw/viewer.seam?id=2sPTVv35dmf8T5tNPVMpwCDNsxmxOfuKhOISMmHv68E%3D&tipoDoc=despacho&cid=2471450
Title: Re: Site blacklisted
Post by: Pondus on August 07, 2019, 01:55:23 PM
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438



Title: Re: Site blacklisted
Post by: polonus on August 07, 2019, 07:36:15 PM
Redirects to a PHISHing IP -> https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c153LnBqbi5nXXYufH1gc153YGhdbXsuc3t8bTtqc3tzc1tdblsjPUhra110Nzd3UEJXaFp7NnsjelV3bG5Hdy5zXncyXzExPF5bIz0yNDU3Mzk5~enc  -> seen 39 days in the last 30 days: https://checkphish.ai/ip/200.41.224.3

polonus (volunteer 3rd party cold recon website security analyst & website error-hunter)
Title: Re: Site blacklisted
Post by: polonus on August 07, 2019, 08:21:09 PM
At IP it says "server unavailable - Failed to load resource: the server responded with a status of 503 (Service Unavailable)"
in avast secure browser.
Exploitable: https://notificaciones.pjn.gov.ar/scw/home.seam Error for site-owner:
invalid domain for site-key but info-proliferation on key-exchange: first not recognizable: unknown-linux-gnu - service unrecognized despite returning data. But through code key we know service = JBoss Web/7.0.13.Final has a file extention bypass -
POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 PUT JSP vulnerability.
Netcraft risk 1 red out of 10: https://toolbar.netcraft.com/site_report?url=consultas2.pjn.gov.ar
No alerts on VT relations: https://www.virustotal.com/gui/ip-address/200.41.224.3/relations

polonus
Title: Re: Site blacklisted
Post by: jefferson sant on August 07, 2019, 10:59:39 PM
Detection has been removed

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.