Avast WEBforum

Other => Viruses and worms => Topic started by: multu40200 on August 16, 2020, 01:11:10 PM

Title: How to remove: URL: Blacklist ?
Post by: multu40200 on August 16, 2020, 01:11:10 PM
Morning, everyone!

I've been using your antivirus for over 10 years now, except that for the first time today it prevents me from accessing a site I visit every week.

Indeed, when I go to the notube.net site, I get an access error and Avast opens by saying: URL:Blacklist. Yet the site is reliable and has been working for several years.

Is it possible for you to remove the domain from your blacklist?

Also, is it possible for me to fill in the "false positive" form even if I am not the author of the site? What would be the resolution time?

I use this site every week for video editing, it saves me from downloading an application but it's very embarrassing not to be able to go there!

Thank you in advence
Title: Re: How to remove: URL: Blacklist ?
Post by: Asyn on August 16, 2020, 01:21:37 PM
-> https://sitecheck.sucuri.net/results/notube.net
-> https://zulu.zscaler.com/submission/9c30a492-5d00-4c23-a95c-855c5699d0aa
-> https://www.virustotal.com/gui/url/56bb59bfbf1a99f69d076957891a6e84e85f2a6d2a3cd0b344064e76e69b7c1e/detection

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: How to remove: URL: Blacklist ?
Post by: multu40200 on August 16, 2020, 01:26:30 PM
Oh, great! I'll fill out the form.
Do you know how long it will take before it's released? Thank you
Title: Re: How to remove: URL: Blacklist ?
Post by: Asyn on August 16, 2020, 01:32:44 PM
You're welcome. Wait for the verdict from threat lab, you should get a reply within 48 hours.
Title: Re: How to remove: URL: Blacklist ?
Post by: polonus on August 16, 2020, 03:41:54 PM
I do not see any blocking or alert on an avast av running laptop in the browser opening up to
-https://notube.net/en/start-converter

polonus

 
Title: Re: How to remove: URL: Blacklist ?
Post by: multu40200 on August 16, 2020, 03:49:40 PM
I do not see any blocking or alert on an avast av running laptop in the browser opening up to
-https://notube.net/en/start-converter

polonus

Ah yes, in English it works, but if you try it in French: htxps://notube.net/fr/start-converter - then you'll get blocked.

(https://zupimages.net/up/20/33/0vnx.png)
Title: Re: How to remove: URL: Blacklist ?
Post by: multu40200 on August 27, 2020, 08:13:20 PM
The site was working and then no longer works. What does the avast team do? lol
Title: Re: How to remove: URL: Blacklist ?
Post by: multu40200 on August 28, 2020, 12:50:01 PM
Why doesn't anyone take the time to sort this out? It's very annoying and I hesitate to remove Avast to change my antivirus software!
Title: Re: How to remove: URL: Blacklist ?
Post by: Milos on August 31, 2020, 09:06:16 AM
Hello,
thank you for the notification. It should be fixed since 2020/08/28, 19:03 CET.

Milos
Title: Re: How to remove: URL: Blacklist ?
Post by: multu40200 on August 31, 2020, 10:08:58 PM
It's okay now, amazing!
Title: Re: How to remove: URL: Blacklist ?
Post by: multu40200 on September 02, 2020, 02:33:35 PM
Aaaaaaaaaaaaaand blocked. What's going on ^^
Title: Re: How to remove: URL: Blacklist ?
Post by: Milos on September 02, 2020, 04:41:36 PM
Hello,
the URL above is not blocked. Can you provide the blocked URL, please?

Milos
Title: Re: How to remove: URL: Blacklist ?
Post by: LukasJ on September 02, 2020, 05:16:48 PM
Hi,
There was redirect to malicious site unreshiramor[.]com. Now both sites looks clean so detection has been removed.

Lukas
Title: Re: How to remove: URL: Blacklist ?
Post by: TAguiar on December 07, 2020, 01:32:48 PM
Having this same issue. Is there any way to edit the blacklist locally? Adding an exception to the webshield doesn't work, even wildcarding the end of it. Like it was said above, i'd hate to have to change to a different antivirus over such a prepotent posture over a very, very simple concept.
Title: Re: How to remove: URL: Blacklist ?
Post by: kyoceragitage on January 28, 2021, 11:42:48 AM
hello!
I can't access this link https://blacksea-cbc.net/
Avast says it's blacklisted
Title: Re: How to remove: URL: Blacklist ?
Post by: polonus on January 28, 2021, 02:30:17 PM
Website has 4 Word Press issues:
Word Press version outdated. Version does not appear to be latest.

Outdated plug-ins:    cookie-law-info 1.7.6   Warning   latest release (1.9.5)
https://www.webtoffee.com/product/gdpr-cookie-consent/
wp-paginate 2.0.7   Warning   latest release (2.1.4)
https://wordpress.org/plugins/wp-paginate/
page-list 5.1   Warning   latest release (5.2)
http://wordpress.org/plugins/page-list/

One engine to give it as suspicious: https://www.virustotal.com/gui/url/77caeba4c930c6c882db54555984789832b6d0a660295467bf864f63980c0c31/detection

Wait for a final verdict from avast team. Only avast team members can come and unblock or state it is an FP,
we here have relevant knowledge but cannot.

Question therefore remains is that site still being compromised?

F-status here: https://observatory.mozilla.org/analyze/blacksea-cbc.net

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: How to remove: URL: Blacklist ?
Post by: meserow150 on February 07, 2021, 02:25:42 PM
Can you remove www.kurina.vip . From URL Black list . Its so annoying to use website without antivirus .
Title: Re: How to remove: URL: Blacklist ?
Post by: Pondus on February 07, 2021, 03:05:35 PM
Can you remove www.kurina.vip . From URL Black list . Its so annoying to use website without antivirus .
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438



Title: Re: How to remove: URL: Blacklist ?
Post by: meserow150 on February 07, 2021, 11:03:33 PM
Sent it already . I am now waiting to see what will happen.
Title: Re: How to remove: URL: Blacklist ?
Post by: DavidR on February 08, 2021, 01:33:26 AM
Well it is still alerting, over the weekend there is likely to be a skeleton staff in the virus labs (or working remotely from home).

Scans at these sites
Medium Security risk, https://sitecheck.sucuri.net/results/kurina.vipnsidered
Some security hints that could be considered https://webhint.io/scanner/8d8a01d3-b2a3-492d-931f-bc54ac154a39

Whilst these may not be why avast is alerting but something that should be considered.
Title: Re: How to remove: URL: Blacklist ?
Post by: polonus on February 08, 2021, 11:58:40 AM
L.S.

References found on Virus Total may contain live malware
Results from scanning URL: -https://www.kurina.vip
Number of sources found: 207
Number of sinks found: 352

Results from scanning URL: -https://www.kurina.vip/wp-content/litespeed/cssjs/996f4.js?be9da
Number of sources found: 396
Number of sinks found: 223

Apart from what DavidR has commented,
see various suspicious javascript.based64 scripts being loaded: https://retire.insecurity.today/#!/scan/f45f3f30f55b9edf54b98a09a257ed4ca993c5859634818df6f8b0c987065dbb

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: How to remove: URL: Blacklist ?
Post by: luis.temple.valdes on March 21, 2021, 02:54:10 AM
Please remove my site: elcanaldeluisaguilera.cl

I did all the analysis of my site and there are no problems ... Mcafee ... Google ...
Title: Re: How to remove: URL: Blacklist ?
Post by: Asyn on March 21, 2021, 05:43:24 AM
-> https://www.virustotal.com/gui/url/31aee123ae5a10747e995a7694dc1569cfd77f08f4bc0ef0f5513aadb103e9c2/detection
Title: Re: How to remove: URL: Blacklist ?
Post by: bob3160 on March 21, 2021, 01:55:00 PM
Please remove my site: elcanaldeluisaguilera.cl

I did all the analysis of my site and there are no problems ... Mcafee ... Google ...
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Title: Re: How to remove: URL: Blacklist ?
Post by: polonus on March 21, 2021, 02:52:48 PM
Hi bob3160,

This is not avast that flags. This should be taken up with the hoster, as this website at IP 186.64.114.65 won't resolve, so cannot be scanned: https://sitecheck.sucuri.net/results/elcanaldeluisaguilera.cl
Re: https://www.shodan.io/host/186.64.114.65 
luis.temple.valdes should take it up with ZAM LTDA, the hoster of this website,
@ blue135.dnsmisitio dot net, mail.blue135.dnsmisitio dot net

Site has been parked -aguilera.cl. En Construcción. Servicio de parking proporcionado por CDmon.com -
Hosting y dominios.

So it is out of avast team's hands,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: How to remove: URL: Blacklist ?
Post by: avakashvedh on October 04, 2021, 12:10:44 PM
Please remove my website URL from your Blocked database URLs.

https://kaambesh.com/

It's showing Phishing because of IP address, later I moved website to another server. Now everything is okay but still because of old IP address it shows Phishing warning by Avast.

(https://snipboard.io/kdlrDK.jpg)
Title: Re: How to remove: URL: Blacklist ?
Post by: Asyn on October 04, 2021, 12:17:00 PM
-> https://sitecheck.sucuri.net/results/kaambesh.com
-> https://www.virustotal.com/gui/url/b77930b92f3e3dbeeac207ae5d5f79fe17df1e1d1801c9a8b6870dfa95082e35?nocache=1
Title: Re: How to remove: URL: Blacklist ?
Post by: polonus on October 04, 2021, 10:24:30 PM
There are three Word Press CMS related issues with this site, that needs addressing:

1. & 2. Outdated Word Press plug-ins detected:
   -accordions 2.2.32   Warning   latest release (2.2.34)
https://www.pickplugins.com/item/accordions-html-css3-responsive-accordion-grid-for-wordpress/

strong-testimonials 2.51.5   Warning   latest release (2.51.6)
https://strongtestimonials.com

3. User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.

Username   Name
ID: 1   admin   admin
ID: 2   not found   
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Site speed is under par.

A more extensive report here: https://www.immuniweb.com/websec/kaambesh.com/0krSxIs4/

Virus Total relations states that AS was involved in mail.phishing and Trickbot abuse.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: How to remove: URL: Blacklist ?
Post by: volkansucu1 on November 30, 2021, 11:27:40 AM
Hello, avast has added our site to the blacklist. I don't know how long this has been. There is nothing negative about the site. I left a record to be removed from the blacklist but no response. What should I do? site: snewstr.com
Title: Re: How to remove: URL: Blacklist ?
Post by: Asyn on November 30, 2021, 11:29:21 AM
I left a record to be removed from the blacklist but no response.
You should get a reply within 48 hours.