Avast WEBforum
Other => Viruses and worms => Topic started by: multu40200 on August 16, 2020, 01:11:10 PM
-
Morning, everyone!
I've been using your antivirus for over 10 years now, except that for the first time today it prevents me from accessing a site I visit every week.
Indeed, when I go to the notube.net site, I get an access error and Avast opens by saying: URL:Blacklist. Yet the site is reliable and has been working for several years.
Is it possible for you to remove the domain from your blacklist?
Also, is it possible for me to fill in the "false positive" form even if I am not the author of the site? What would be the resolution time?
I use this site every week for video editing, it saves me from downloading an application but it's very embarrassing not to be able to go there!
Thank you in advence
-
-> https://sitecheck.sucuri.net/results/notube.net
-> https://zulu.zscaler.com/submission/9c30a492-5d00-4c23-a95c-855c5699d0aa
-> https://www.virustotal.com/gui/url/56bb59bfbf1a99f69d076957891a6e84e85f2a6d2a3cd0b344064e76e69b7c1e/detection
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
-
Oh, great! I'll fill out the form.
Do you know how long it will take before it's released? Thank you
-
You're welcome. Wait for the verdict from threat lab, you should get a reply within 48 hours.
-
I do not see any blocking or alert on an avast av running laptop in the browser opening up to
-https://notube.net/en/start-converter
polonus
-
I do not see any blocking or alert on an avast av running laptop in the browser opening up to
-https://notube.net/en/start-converter
polonus
Ah yes, in English it works, but if you try it in French: htxps://notube.net/fr/start-converter - then you'll get blocked.
(https://zupimages.net/up/20/33/0vnx.png)
-
The site was working and then no longer works. What does the avast team do? lol
-
Why doesn't anyone take the time to sort this out? It's very annoying and I hesitate to remove Avast to change my antivirus software!
-
Hello,
thank you for the notification. It should be fixed since 2020/08/28, 19:03 CET.
Milos
-
It's okay now, amazing!
-
Aaaaaaaaaaaaaand blocked. What's going on ^^
-
Hello,
the URL above is not blocked. Can you provide the blocked URL, please?
Milos
-
Hi,
There was redirect to malicious site unreshiramor[.]com. Now both sites looks clean so detection has been removed.
Lukas
-
Having this same issue. Is there any way to edit the blacklist locally? Adding an exception to the webshield doesn't work, even wildcarding the end of it. Like it was said above, i'd hate to have to change to a different antivirus over such a prepotent posture over a very, very simple concept.
-
hello!
I can't access this link https://blacksea-cbc.net/
Avast says it's blacklisted
-
Website has 4 Word Press issues:
Word Press version outdated. Version does not appear to be latest.
Outdated plug-ins: cookie-law-info 1.7.6 Warning latest release (1.9.5)
https://www.webtoffee.com/product/gdpr-cookie-consent/
wp-paginate 2.0.7 Warning latest release (2.1.4)
https://wordpress.org/plugins/wp-paginate/
page-list 5.1 Warning latest release (5.2)
http://wordpress.org/plugins/page-list/
One engine to give it as suspicious: https://www.virustotal.com/gui/url/77caeba4c930c6c882db54555984789832b6d0a660295467bf864f63980c0c31/detection
Wait for a final verdict from avast team. Only avast team members can come and unblock or state it is an FP,
we here have relevant knowledge but cannot.
Question therefore remains is that site still being compromised?
F-status here: https://observatory.mozilla.org/analyze/blacksea-cbc.net
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Can you remove www.kurina.vip . From URL Black list . Its so annoying to use website without antivirus .
-
Can you remove www.kurina.vip . From URL Black list . Its so annoying to use website without antivirus .
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
-
Sent it already . I am now waiting to see what will happen.
-
Well it is still alerting, over the weekend there is likely to be a skeleton staff in the virus labs (or working remotely from home).
Scans at these sites
Medium Security risk, https://sitecheck.sucuri.net/results/kurina.vipnsidered
Some security hints that could be considered https://webhint.io/scanner/8d8a01d3-b2a3-492d-931f-bc54ac154a39
Whilst these may not be why avast is alerting but something that should be considered.
-
L.S.
References found on Virus Total may contain live malware
Results from scanning URL: -https://www.kurina.vip
Number of sources found: 207
Number of sinks found: 352
Results from scanning URL: -https://www.kurina.vip/wp-content/litespeed/cssjs/996f4.js?be9da
Number of sources found: 396
Number of sinks found: 223
Apart from what DavidR has commented,
see various suspicious javascript.based64 scripts being loaded: https://retire.insecurity.today/#!/scan/f45f3f30f55b9edf54b98a09a257ed4ca993c5859634818df6f8b0c987065dbb
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Please remove my site: elcanaldeluisaguilera.cl
I did all the analysis of my site and there are no problems ... Mcafee ... Google ...
-
-> https://www.virustotal.com/gui/url/31aee123ae5a10747e995a7694dc1569cfd77f08f4bc0ef0f5513aadb103e9c2/detection
-
Please remove my site: elcanaldeluisaguilera.cl
I did all the analysis of my site and there are no problems ... Mcafee ... Google ...
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
-
Hi bob3160,
This is not avast that flags. This should be taken up with the hoster, as this website at IP 186.64.114.65 won't resolve, so cannot be scanned: https://sitecheck.sucuri.net/results/elcanaldeluisaguilera.cl
Re: https://www.shodan.io/host/186.64.114.65
luis.temple.valdes should take it up with ZAM LTDA, the hoster of this website,
@ blue135.dnsmisitio dot net, mail.blue135.dnsmisitio dot net
Site has been parked -aguilera.cl. En Construcción. Servicio de parking proporcionado por CDmon.com -
Hosting y dominios.
So it is out of avast team's hands,
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Please remove my website URL from your Blocked database URLs.
https://kaambesh.com/
It's showing Phishing because of IP address, later I moved website to another server. Now everything is okay but still because of old IP address it shows Phishing warning by Avast.
(https://snipboard.io/kdlrDK.jpg)
-
-> https://sitecheck.sucuri.net/results/kaambesh.com
-> https://www.virustotal.com/gui/url/b77930b92f3e3dbeeac207ae5d5f79fe17df1e1d1801c9a8b6870dfa95082e35?nocache=1
-
There are three Word Press CMS related issues with this site, that needs addressing:
1. & 2. Outdated Word Press plug-ins detected:
-accordions 2.2.32 Warning latest release (2.2.34)
https://www.pickplugins.com/item/accordions-html-css3-responsive-accordion-grid-for-wordpress/
strong-testimonials 2.51.5 Warning latest release (2.51.6)
https://strongtestimonials.com
3. User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.
Username Name
ID: 1 admin admin
ID: 2 not found
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Site speed is under par.
A more extensive report here: https://www.immuniweb.com/websec/kaambesh.com/0krSxIs4/
Virus Total relations states that AS was involved in mail.phishing and Trickbot abuse.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Hello, avast has added our site to the blacklist. I don't know how long this has been. There is nothing negative about the site. I left a record to be removed from the blacklist but no response. What should I do? site: snewstr.com
-
I left a record to be removed from the blacklist but no response.
You should get a reply within 48 hours.
-
Hello.
The domain of our company (hxtps://level2.webhmi.com.ua/) was added to the blacklist for no known reason. Other site aliases are fine.
Checked by:
https://sitecheck.sucuri.net/results/level2.webhmi.com.ua
https://zulu.zscaler.com/report/69b966a9-c506-447c-a49e-926fd2d081b7
Please remove it from the blacklist.
-
Use the link given in an earlier post.
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
-
Witam WebHMI,
Good to report this issue and then get a final verdict from avast team, whether this is indeed an FP.
Also consider there are at least two more vendors that flag that website as malicious:
https://www.virustotal.com/gui/url/58d860b4ea97461b9ac8489264fd0b7c7fa33e0319049667167dd73f982082cb
However the following retire.js library issues should be looked into:
bootstrap 3.3.7 Found in -https://level2.webhmi.com.ua/public/js/libs/bootstrap.js?85a31cf4 _____Vulnerability info:
Medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 1
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
Medium XSS is possible in the data-target attribute. CVE-2016-10735
handlebars 4.0.11 Found in -https://level2.webhmi.com.ua/public/js/main.js?0952e4e0 _____Vulnerability info:
High A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template
High A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template
Low Disallow calling helperMissing and blockHelperMissing directly
Medium Prototype pollution
jquery 1.10.2.min Found in -https://level2.webhmi.com.ua/assets/js/vendor/jquery-1.10.2.min.js _____Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution 123
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
moment.js 2.15.1 Found in -https://level2.webhmi.com.ua/public/js/libs/moment.js?6a270a2f _____Vulnerability info:
Medium Regular Expression Denial of Service (ReDoS)
Low Regular Expression Denial of Service (ReDoS) CVE-2017-18214
pozdrawiam,
polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
-
Good afternoon, my site http://xn--90aogst.xn--p1ai / was blacklisted, at the moment the site is completely cleaned, I ask you to assist in excluding it from the blacklist.
-
-> https://sitecheck.sucuri.net/results/xn--90aogst.xn--p1ai
-> https://www.virustotal.com/gui/url/460203373c10c4102d8d628ecd10f2396316f1d0d29d3a4d37b3c0cb8054bec5?nocache=1
-
Apparently Avast isn't the only one that tags the site.
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
-
please help. My website newsnet.ro os in blacklist, avast blocked
-
please help. My website newsnet.ro os in blacklist, avast blocked
Use the link already given above your post to report it - However some issues you need to address, see below.
Nothing found here, but this is a basic check - https://www.virustotal.com/gui/url/ff93432f213226bf006bf8b7ce08cafc5554ea158f2f4d9c2edbfebd0b8c1e07?nocache=1
Aside from this, there are lots of things you need to address to improve security. Outdated software and security issues could put your site at risk:
Security issues reported here - https://en.internet.nl/site/newsnet.ro/1709938/
No malware but hardening improvements - https://sitecheck.sucuri.net/results/newsnet.ro
More outdated software reported here - https://awesometechstack.com/analysis/website/newsnet.ro/
Webpage Security Score F JavaScript Libraries with vulnerabilities - https://snyk.io/test/website-scanner/?test=220917_BiDcD2_9EH&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner
-
Hello.
The domain of our company (https://www.twilead.com) was added to the blacklist for no known reason except a breach in our security last June where someone could create a fake account on our platform and sent some phishy-looking emails. We have right away identified the issue, banned the user and hardened our security which makes it totally impossible to do so again ever since. Btw Other sites are fine.
Could you please remove us from blacklist and recategorize us as "marketing software" or "business cloud apps" ?
Thank you!!
-
Hello.
The domain of our company (hxxps://www.twilead.com) was added to the blacklist for no known reason except a breach in our security last June where someone could create a fake account on our platform and sent some phishy-looking emails. We have right away identified the issue, banned the user and hardened our security which makes it totally impossible to do so again ever since. Btw Other sites are fine.
Could you please remove us from blacklist and recategorize us as "marketing software" or "business cloud apps" ?
Thank you!!
Report Suspicious File or URL: https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php)
-
Hello.
The domain of our company (hxxps://www.twilead.com) was added to the blacklist for no known reason except a breach in our security last June where someone could create a fake account on our platform and sent some phishy-looking emails. We have right away identified the issue, banned the user and hardened our security which makes it totally impossible to do so again ever since. Btw Other sites are fine.
Could you please remove us from blacklist and recategorize us as "marketing software" or "business cloud apps" ?
Thank you!!
First please modify your url so it isn't active (avoiding accidental exposure) as we have done in the quoted urls.
There are some other things you might consider from checks on the domain:
Some hardening - https://en.internet.nl/site/twilead.com/1739533/
Also blacklisted here - https://sitecheck.sucuri.net/results/twilead.com
Webpage Security Score E - https://snyk.io/test/website-scanner/?test=221013_BiDcWE_97M&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner
Outdated software also reported here - https://awesometechstack.com/analysis/website/twilead.com/
Whilst these may or may not have been the reason being blacklisted by Avast - addressing these could make it harder to exploit.
-
if you don't remove my website ,,newsnet.ro" from this list I will notify the police, the European Commission and all possible investigative bodies. We have no viruses or malware.
-
if you don't remove my website ,,newsnet.ro" from this list I will notify the police, the European Commission and all possible investigative bodies. We have no viruses or malware.
There are other issues with your site that you could also address:
Some security improvements - https://en.internet.nl/site/newsnet.ro/1740341/
Medium security risk - https://sitecheck.sucuri.net/results/newsnet.ro
Webpage Security Score F - https://snyk.io/test/website-scanner/?test=221013_AiDc34_FYJ&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner
Outdated software risks - https://awesometechstack.com/analysis/website/newsnet.ro/
This however may not be why Avast detects it.
Note I don't work for Avast, but an Avast user.
-
if you don't remove my website ,,newsnet.ro" from this list I will notify the police, the European Commission and all possible investigative bodies. We have no viruses or malware.
Just report it as requested. If it's a false positive, it will be quickly removed.
Threats are never the best way to handle this type of situation.
I also don't work for Avast.
-
Hi Leontius Marius,
Additionally to what DavidR and bob3160 have been reporting, just take notice of the following issues.
Avast is not alone here, see: https://urlscan.io/result/be44819e-389c-45cd-b284-ae7840f19458/
Verdict Potential Malicious & Malicious Activity detected.
Mentioned as being phishing against facebook.
And website is still being flagged by Avast as I come to write this.
Wait for an avast member's final verdict, as they are the only ones to come and unblock.
Also look here for so-called (suspicious) indicators -> https://urlscan.io/result/be44819e-389c-45cd-b284-ae7840f19458/#indicators
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
the website newsnet.ro is created on an OxWall platform. the plugins are bought from OxWall, we have license keys for all of them, including the facebook login plugin which I have disabled now. we have no frauds, newsnet is the official social network of the Evangelical Protestant Church in Romania and I am admin. what Avast is doing is blackmailing us by labeling it as a "fraudulent website". On Monday, if the antivirus continues to categorize it as a virus website, I will also file a criminal complaint with the Romanian Police and the FBI both against Avast and against the others people who own websites where we are maliciously labeled. No one makes fun of our work and the church network. Both the Romanian law, the German law and the American law expressly prohibit false statements in public computer data. The Romanian law punishes with prison for such acts. we live and use newsnet especially in Romania and the law protects us. we will fight for every day of arrest of those who caused us this harm, because even after my warning things have not changed. And attention, I am the coordinating pastor of the Religious Group of the Evangelical Protestant Church in Romania. Avast, you will have to pay millions of euros for what you did to us. Remember: Monday morning today, 8 o'clock in Romania, you have a maximum deadline
-
How is avast blackmailing you, they haven't demanded money from you.
Considering your site as you said is the "official social network of the Evangelical Protestant Church in Romania" a religious based one, these threats are hardly compatible.
We Avast Users have given you information on:
How to harden your site against the weaknesses highlighted.
It can also be reported as a possible False Positive, links already given in this topic several times.
Notably the one immediately before your first post, Reply #35.
<snip>
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
-
Apart from discussed website weaknesses above, I have this to add.
The website is not being flagged by avast any longer,.
It still has 4 site security issues.
I only see content requests and SSL is secure.
Ziaruldebanat.ro & YouTube as external links found.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Is there a way to see the list of addresses in the "URL:Blacklist"? I was in the middle of launching a game and it gave me a URL blocklist error and the game crashed. I attempted to reload the game and now it does not prompt me with the URL:Blacklist msg. I turned off active AV and it worked until the 10 min timer was done and then it locked up and the game crashed again. Please help me find the URL in question so I can file a false positive report.
Thank you,
-
Did you check the url against VirusTotal. Do other vendors block it as well.
You could post a FP notice and wait for a reply from avast team.
pol
-
Good morning,
Could you remove the domain pviformazione.it and all its subdomains including fad.pviformazione.it from the blacklist?
Thank you
-
- Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).
You should get a response in a day or two.