Author Topic: How to remove my website from your blacklist?  (Read 197860 times)

0 Members and 2 Guests are viewing this topic.

Offline sgt39

  • Newbie
  • *
  • Posts: 2
Re: How to remove my website from your blacklist?
« Reply #225 on: September 06, 2016, 09:02:30 PM »
looks like it is just this one article and have not heard from any other users either. 

I heard back from this user and he had some good information. On his phone, McAfee site advisor from Verizon gives him an error message when he goes to the article. On his tablet, he went to Richmond.com and searched for the article, found it, clicked on the story and then received a message from Avast. Verizon is his cable provider and he was using Verizon wi-fi on his tablet, but on his phone it was 3G and not wi-fi. He went to his phone again with me on the phone and received the error message. He’s sending a screenshot over and I’ll share.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32773
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #226 on: September 06, 2016, 09:48:17 PM »
Could have been the tracker.js code hat played into this, but let us wait and see.

Furthermore there is code to be retired: http://retire.insecurity.today/#!/scan/248c7657882b00ec1c64112971ec604db852b9a535ba8e5bcfbaac935fc60341

Re on that uri avast webshield flags: -http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.richmond.com%2Fopinion%2Four-opinion%2Farticle_b79cc2b6-8ed5-532c-92eb-4a37e779c433.html

The scan has detected some POTENTIAL problems in these external files. First scroll down through the code listed out after the list of links, this is the code returned by the request for the URL you entered and check for any problems. Next, these link(s) will open the individual URL(s) in this tool, check through the code that is returned, compare the code being returned to a know clean copy, etc.

1 -> stats-newyork1.bloxcms dot com/shared-content/stats/common/tracker.js

Redirect OK: -htxps://launch.newsinc.com/143/js/embed.js  benign.

Suspicious: 4711:   < if​rame src="htXps://www.eventbrite.com/countdown-widget?eid=27221648684" frameborder="0" height="400" width="195" marginheight="0" marginwidth="0" scrolling="no" allowtransparency="true"> < / if​rame >

Note: The if​rame above look suspicious! What is being loaded from that src=URL might be OK.

Best candidate for this Webshield detection however is some encrypted content, see: -http://ddecode.com/hexdecoder/?results=b440e9af1b0b1bcdfef40d9b8d650c33
from line 3261 up to 3446 see -> -https://aw-snap.info/file-viewer/?tgt=https%3A%2F%2Fwww.richmond.com%2Fopinion%2Four-opinion%2Farticle_b79cc2b6-8ed5-532c-92eb-4a37e779c433.html&ref_sel=GSP2&ua_sel=ff&fs=1#ln_4711
N.B. unblock above link only when you know what to look for and are sufficiently website security apt.

We should hear from an Avast Team Member the code was just flagged because of the persistent obfuscation or because of the de-obfuscated code being also non-benign aka suspicious/malicious.

I am just a volunteer with quite some experience & relevant knowledge, but unblocking is just for Avast Team Members,
so wait for a reaction by one of them.

polonus (volunteer website analyst and website error-hunter)
« Last Edit: September 06, 2016, 09:50:03 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #227 on: September 07, 2016, 09:22:20 AM »
I noticed we have indeed blocked richmond[.]com/opinion/our-opinion/article_b79cc2b6-8ed5-532c-92eb-4a37e779c433.html as phishing. This is most likely a False Positive, so I am unblocking it right now ;)

Offline Tomi12

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #228 on: September 20, 2016, 09:33:32 PM »
Hi. I'm getting false malware alert from Avast mobile for my site www.reissussa .fi. Could you remove my site from blacklist?

Tomi Helin

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31344
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to remove my website from your blacklist?
« Reply #229 on: September 20, 2016, 09:48:55 PM »
1 vulnerable library detected :
http://retire.insecurity.today/#!/scan/740e77c37c2cb26dd18190b5d6feb63cd05cb53cdba67df9c5de171b964e37b6

Insecurities on Wordpress (althoug it looks like the second one seems a error in the detection) :
The following plugins were detected by reading the HTML source of the WordPress sites front page.
kirki 2.3.2   latest release (2.3.6) Update required
http://kirki.org

siteorigin-panels 2.4.9   latest release (2.4.15) Update required
https://siteorigin.com/page-builder/

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User            Login
1   Tomi             tomi
2   QuidusDemos   quidusdemos

Some problems on that IP :
https://www.virustotal.com/en/ip-address/178.213.233.224/information/

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32773
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #230 on: September 20, 2016, 09:58:20 PM »
An addition for the reversed DNS, server DROWn vulnerable: https://test.drownattack.com/?site=n44.netsor.fi

The following domain names are vulnerable to man-in-the-middle attacks. Attackers may be able to impersonate the server and steal or change data.

Anyway, I do not see avast flag the site or blacklist it at the moment.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #231 on: September 21, 2016, 08:01:24 AM »
Hi Tomi,
I am unblocking reissussa[.]fi now, but please do take care of the vulnerabilities and insecurities others pointed out, or it might be blocked automatically again.

Offline nelsonvogel

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #232 on: September 23, 2016, 03:53:56 AM »
Hi, my web site www.sollove.com.br was blocked by avast. All malware was already removed. Can you please remove it from your black list? Thank you

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: How to remove my website from your blacklist?
« Reply #233 on: September 23, 2016, 04:14:35 AM »
Hi, my web site hxxp:www.sollove.com.br was blocked by avast. All malware was already removed. Can you please remove it from your black list? Thank you




Hello.

Site was blocked Locky Ransomware

http://urlquery.net/report.php?id=1474596383580

http://zulu.zscaler.com/submission/show/e752da019c6e39f501232179dff5ff06-1474597251

http://zulu.zscaler.com/submission/show/a9bd32356aac84b89e7ffdaa1c34b438-1474597384

« Last Edit: September 23, 2016, 04:34:24 AM by jefferson sant »

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #234 on: September 23, 2016, 09:02:43 AM »
I hope the Locky was already removed, and I am removing sollove[.]com.br from our blacklist. Be sure to secure your server better ;)!

Offline jwwdaterd

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #235 on: October 14, 2016, 05:37:32 PM »
Tried three times through the false positive report when notified by avast in the past. This has never been resolved. Can you help? I show no reason why it should be reported as blacklisted anywhere. Attachments show urlvoid and virustotal reports. Site is www.mountainskies.com
« Last Edit: October 14, 2016, 05:46:14 PM by jwwdaterd »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31344
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to remove my website from your blacklist?
« Reply #236 on: October 14, 2016, 06:32:00 PM »
Blacklistings and other problems there :
http://urlquery.net/report.php?id=1476462160807

Phishing detected on that IP :
http://urlquery.net/report.php?id=1476121518113

Really bad IP history :
https://www.virustotal.com/en/ip-address/69.195.124.109/information/

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User            Login
1                      None
2   John Wright   jwwdaterd

Vulnerable libraries :
http://retire.insecurity.today/#!/scan/77dc477b346e64d1b75b79001524cab0f491dc54cdcb22d0d9009edc46f750a6

Advise :
- Solve the mentioned problems
- Get dedicated hosting

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32773
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #237 on: October 14, 2016, 06:54:27 PM »
Eddy is right, and there is more ....

When we do a DNS report: WARNING: Name servers software versions are exposed:
162.88.60.37: "PowerDNS Authoritative Server 3.4.7 (jenkins@autotest.powerdns.com built 20151103151207 root@autotest.powerdns.com)"
162.88.61.37: "PowerDNS Authoritative Server 3.4.7 (jenkins@autotest.powerdns.com built 20151103151207 root@autotest.powerdns.com)"

Certificate name mismatch and 6 other issues/problems found: https://mxtoolbox.com/domain/www.mountainskies.com/

URLs that redirect found in: -http://www.mountainskies.com/

1: -http://www.teamviewer.com/link/?url=963497&id=1119595237 -> -https://www.teamviewer.com/link/?url=963497&id=1119595237
are these legit: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.mountainskies.com%2F&ref_sel=GSP2&ua_sel=ff&fs=1

IP history probably is at the base of this blocking, see: https://cymon.io/69.195.124.109

And it is not only avast to alert on this IP, there are other sources as well:
Reporting sources: quttera.com, c-sirt.org, blocklist.de, labs.snort.org, tor.ahbl.org, dnsbl.ahbl.org, openphish.com, virustotal.com, urlquery.net,
google safebrowsing, phishtank, cleanmx-malware, cleanmx-phishing

Conclusion: "da baddie neigbors on that same IP address!"

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: How to remove my website from your blacklist?
« Reply #238 on: October 17, 2016, 09:10:21 AM »
Yup, we blocked mountainskies[.]com a year ago because of distribution of Angler EK. Since I do not see any evidence of anything malicious going on on that domain, I am unblocking it now ;) Please do pay attention to what others pointed out, though!

Offline John871

  • Newbie
  • *
  • Posts: 1
Re: How to remove my website from your blacklist?
« Reply #239 on: October 28, 2016, 09:31:31 PM »
hi our web site is http://www.dyslexia-athens.gr/ can you please remove it from blacllist as the web site is clean