Author Topic: How to remove my website from your blacklist?  (Read 191102 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 43897
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: How to remove my website from your blacklist?
« Reply #675 on: July 07, 2020, 06:23:04 PM »
Hi, our website is in avast blacklist:
hxxp://westroad.bg/
No malware in site. Pls remove from black list.
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32617
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #676 on: July 07, 2020, 10:54:02 PM »
Hi tehnomobi,

Do as what bob3160 tells you to do. Wait for a final verdict from an avast team member,
as they are the only ones to come and unblock. But the site is not being blocked by avast's as far as I can tell.

VirusTotal does not flag this site: https://www.virustotal.com/gui/url/c0fc4fca99a12b32d1c00db5d0538b5fb733112effff7360cef54ebca145aaa3/details

But here that Bulgarian IP is flagged: https://www.virustotal.com/gui/ip-address/91.196.125.100/detection
More detections here: https://www.virustotal.com/gui/ip-address/91.196.125.100/relations

Consider this code
Quote
var img = new Image(1, 1);
img.src = 'htxp://westroad.bg/index.php?action=track_visitor&'+new Date().getTime();
img.onload = function() { return true; }; 
returning a GIF82 image tag-code...

See threat risk qua TLS recommendations here: https://sitecheck.sucuri.net/results/westroad.bg

Retirable jQuery library found here: Retire.js
jquery   1.3.2   Found in -http://westroad.bg/javascript/jquery.js?1<br>Vulnerability info:
Medium   CVE-2011-4969 XSS with location.hash   
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   

Remarkable that this website is not being blocked by avast's,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: July 07, 2020, 10:56:23 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!