Avast WEBforum
Other => General Topics => Topic started by: alekmega on November 12, 2019, 05:32:46 AM
-
So, Avast suddenly started blocking one of my websites. In fact, it was a URL shortener, which made this whole story even funnier.
It's very strange how Avast decides to block a website. Your competitor goes and reports your website; and suddenly you're on the blacklist?
How can I unblock the URL? Thanks for the help.
-
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
-
What is being blacklisted for?
To my knowledge there is no category for "URL:YourCompetitorReportedYou".
Can you DM me a link, and/or post it here so we can have a look?
Volunteer.
-
What is being blacklisted for?
To my knowledge there is no category for "URL:YourCompetitorReportedYou".
Can you DM me a link, and/or post it here so we can have a look?
Volunteer.
But there is a category URL:Blacklisted and it is pretty much the same!
I am not allowed to send DM since I am a new member I guess :)
-
But there is a category URL:Blacklisted and it is pretty much the same!
Pretty much the same doesn't help others to help you, a screenshot of the avast alert may help. Or the URL as Michael requested.
A competitor reporting your site simply doesn't cut it, Avast does its own analysis based on its own criteria.
-
But there is a category URL:Blacklisted and it is pretty much the same!
Pretty much the same doesn't help others to help you, a screenshot of the avast alert may help. Or the URL as Michael requested.
A competitor reporting your site simply doesn't cut it, Avast does its own analysis based on its own criteria.
Indeed:
VirusTotal reports Clean >> https://www.virustotal.com/gui/url/02886be3eb40c42f2472af8f7fa7ef61d43d3b89a666738f60b72f2006b33111/detection
Outdated PHP Versions Detected however >> PHP/5.6.40. Stable release is version 7.3.11, with Preview in 7.4.0RC4
JQuery is old as well - stable version 3.4.1
HTML5Shiv is also outdated, current stable version 3.7.3 (Not quite as severe though)
URLScan (Clean) >> https://urlscan.io/result/c6b7f202-a08e-422d-9d26-4547569fb93c
URLVoid (Clean) >> https://www.urlvoid.com/scan/fileto.host/
CheckPhish (Clean) >> https://checkphish.ai/insights/url/1573590673605/02886be3eb40c42f2472af8f7fa7ef61d43d3b89a666738f60b72f2006b33111
Zulu (Clean) >> https://zulu.zscaler.com/submission/9a9e30fb-e240-4d5c-8fa1-42842c4e78b4
Nothing much on Aw-Snap! >> https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Zltse3RdLmhdc3Q%3D~enc
No TLS/SSL >> https://sitecheck.sucuri.net/results/fileto.host
Avast! has been reached out to to investigate.
-
On same IP you find these detections …. see Attached screenshot
https://www.virustotal.com/gui/ip-address/184.95.51.100/relations
-
L.S.
Next to the thorough scan report by Michael (alan1998) and the IP relation VT results, Pondus provided,
just some remarks below.
But this particular domain is not flagged at https://www.virustotal.com/gui/ip-address/184.95.51.100/relations
Here are 69 hints for improvement of mentioned website:
https://webhint.io/scanner/5dec1d74-c692-42fe-8df8-fe049b6ce5de
Especially I hint at the 30 security recommendations there:
https://webhint.io/scanner/5dec1d74-c692-42fe-8df8-fe049b6ce5de#category-security
So we wait for a final verdict from an avast team member, as they are the only ones to come and unblock.
We here are just volunteers with relative knowledge of 3rd party cold recon website security analysis
and website security error-hunting.
P.S. also consider the vulnerabilities at the webserver host: https://www.shodan.io/host/184.95.51.100
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
But it has SSH-2.0-OpenSSH_7.4. For this version: https://www.cvedetails.com/vulnerability-list.php?vendor_id=97&product_id=585&version_id=228285&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=2&sha=1879224e96a541c7743ee7c89bb9adf4f047ac22
polonus
-
On same IP you find these detections …. see Attached screenshot
https://www.virustotal.com/gui/ip-address/184.95.51.100/relations
None of these domains is mine except the one that has 0 red flag detections.
Also, the domain no longer appears in the blacklist section. Maybe it's not blacklisted anymore?
Thanks for the help guys, I really appreciate it! ;D
-
On same IP you find these detections …. see Attached screenshot
https://www.virustotal.com/gui/ip-address/184.95.51.100/relations
None of these domains is mine except the one that has 0 red flag detections.
Also, the domain no longer appears in the blacklist section. Maybe it's not blacklisted anymore?
Thanks for the help guys, I really appreciate it! ;D
The concern with leaving your domain on an IP Address that is hosting other malicious domains os that sometimes AV's chose to block the IP Address as a whole, even if that means someone gets caught in the crossfire.