Author Topic: How to remove my website from your blacklist?  (Read 193494 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44082
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: How to remove my website from your blacklist?
« Reply #405 on: August 30, 2017, 10:20:32 PM »
You're welcome. :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #406 on: August 30, 2017, 10:31:10 PM »
The IP your site is on delivers/-ed/has launched ransomeware: https://ransomwaretracker.abuse.ch/ip/95.213.196.126/
and the abuse was performed from that domain. Mac Afee also blocks your site, so it is not only avast....

See the anomalities in the response http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://asrcargo.ru&uag=Mozilla/5.0+(Windows+NT+6.3%3B+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/60.0.3112.113+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO
-> https://github.com/xDrivenDevelopment/v8Reader/commit/955c22d5522b37c982d4212fe04da5c153e45eed.patch
- http://toolbar.netcraft.com/site_report?url=http://s12.default-host.net
Quote
Сайт s12.default-host.net не настроен на сервере

Сайт s12.default-host.net не настроен на сервере хостинга.

Адресная запись домена ссылается на наш сервер, но этот сайт не обслуживается.
Если Вы недавно добавили сайт в панель управления - подождите 15 минут и ваш сайт начнет работать.

Server s12
Quote
The site s12.default-host.net is not configured on the server

The site s12.default-host.net is not configured on the hosting server.

The domain address is linked to our server, but this site is not served.
If you recently added a site to the control panel - wait 15 minutes and your site will start working.

Server s12

When youre site/the server it is on, is no longer being misused/abused,
wait for an avst team member to give a final verdict, and eventually unblock or continue to block...

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44082
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: How to remove my website from your blacklist?
« Reply #407 on: August 30, 2017, 10:46:07 PM »
The IP your site is on delivers/-ed/has launched ransomeware: https://ransomwaretracker.abuse.ch/ip/95.213.196.126/
and the abuse was performed from that domain. Mac Afee also blocks your site, so it is not only avast....

See the anomalities in the response http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://asrcargo.ru&uag=Mozilla/5.0+(Windows+NT+6.3%3B+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/60.0.3112.113+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO
-> https://github.com/xDrivenDevelopment/v8Reader/commit/955c22d5522b37c982d4212fe04da5c153e45eed.patch
- http://toolbar.netcraft.com/site_report?url=http://s12.default-host.net
Quote
Сайт s12.default-host.net не настроен на сервере

Сайт s12.default-host.net не настроен на сервере хостинга.

Адресная запись домена ссылается на наш сервер, но этот сайт не обслуживается.
Если Вы недавно добавили сайт в панель управления - подождите 15 минут и ваш сайт начнет работать.

Server s12
Quote
The site s12.default-host.net is not configured on the server

The site s12.default-host.net is not configured on the hosting server.

The domain address is linked to our server, but this site is not served.
If you recently added a site to the control panel - wait 15 minutes and your site will start working.

Server s12

When youre site/the server it is on, is no longer being misused/abused,
wait for an avst team member to give a final verdict, and eventually unblock or continue to block...

polonus (volunteer website security analyst and website error-hunter)
Precisely why I passed along the link so that once the site is reported to Avast, they will make the final decision.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #408 on: August 30, 2017, 11:31:39 PM »
Rightly so, and I hope an avast team member will come here and tell whether the site is fit for unblocking.
Also the site owner has to address McAfee as it has been blocked there as well.
Whenever the locky ransomeware delivering (6 times reported during the previous year) was accidental
and beyond the capability of site-owner and domain hoster alike should also be taken into consideration.

At least these external elements have been found to be benign:
External Elements

URL   RISK
-http://asrholdings.com.hk/freight-forwarding-   Benign
-http://tutmee.ru   Benign
-http://www.carlsberg.com   Benign
-http://asrholdings.com.hk/general-sales-agent   Benign
-http://www.hkex.com.hk/eng/market/partcir/seh   Benign

But the site is still being blacklisted on mnemonic secure dnshere verified 2017-08-30:
https://urlquery.net/report/40141bdc-3ba7-4af1-9da1-c2d06c7945d2

See issues here: https://threatintelligenceplatform.com/report/asrcargo.ru/uGmw6qL5wm
Also blacklisted by Virus Total suspicious URLs analyser   Failed   Status: dangerous
BitDefender - malware site
Trustwave - malicious site
ESET - malware site
AutoShun - malicious site

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to remove my website from your blacklist?
« Reply #409 on: August 31, 2017, 01:00:27 PM »
Quote
Since that time the site was blocked by Avast several times without any reasons
Stareclipse, get the clue.
avast doesn't block sites/servers/IP's without  a reason.
And if you look at the reports from Polonus, you will see it is a legitimate block and it will stay (or get blocked again) if the owner doesn't improve the security and keep spreading Locky.

Get dedicated hosting at a trusted hoster that does take security seriously.

Offline cdnsupport

  • Newbie
  • *
  • Posts: 2
Re: How to remove my website from your blacklist?
« Reply #410 on: August 31, 2017, 01:31:21 PM »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66715
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: How to remove my website from your blacklist?
« Reply #411 on: August 31, 2017, 01:34:40 PM »
Website:    cdn.worldnewsfeed.org/uiadfix.js
Status:    Unable to properly scan your site. Content not found.
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to remove my website from your blacklist?
« Reply #412 on: August 31, 2017, 01:38:28 PM »
Why giving a link to a javascript and not just the domain ?
Site is having issues, avast is not blocking it.
Contact the admin and set him/her to work.

Edit:
according to the domain registration, it looks like worldnewsfeed isn't even owned by holaspark.
« Last Edit: August 31, 2017, 02:03:37 PM by Eddy »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32687
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #413 on: August 31, 2017, 02:02:32 PM »
Even with an external scan at https://aw-snap.info/file-viewer/
avast webshield flags an alert for JS?Agent-DEZ detection, probably a heritage from AVG's:
http://www.avgthreatlabs.com/en-ww/virus-and-malware-information/info/js-agent/

Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcdn.worldnewsfeed.org%2Fuiadfix.js

You failed the lame nameserver check  8) -> toolbar.netcraft.com/site_report?url=http://ns-849.awsdns-42.net (10 red out of 10).

With a javascript unpacker check I get suspicious behavior:
Quote
All Malicious or Suspicious Elements of Submission

suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
-cdn.worldnewsfeed.org/uiadfix.js benign
[nothing detected] -cdn.worldnewsfeed.org/uiadfix.js
     status: (referer=hxtp:/www.ask.com/web?q=puppies)saved 1345218 bytes e5e1ed0ed3bd9e64cc865b605693044e77626fc4
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: e5e1ed0ed3bd9e64cc865b605693044e77626fc4: 1345218 bytes
     file: 5adcc5c1c33a385e26478e6a9e3a11b4b0d32267: 1345436 bytes
     file: 2b56904e698433c1650a8e460f0cc7ae654c2a5f: 1345442 bytes
     file: 311f73081506339fa3ef328f7aaa3ccf57fbe3d3: 1345651 bytes
     file: ac752db2251a8125a3c169614d0aa6ffa5536e0d: 1345843 bytes
     file: be701fb6acd08d5943a30eefaab4813cca4d3a46: 1345557 bytes
     file: db7de399e2936a54af4098051f0f97fbbd49a76c: 1345681 bytes

Whatever it may be, final verdict will come from aan avast team member as we here are just volunteers with relevant knowledge, but cannot unblock, remember the IP has been reported to several sources as previously malicious: https://otx.alienvault.com/indicator/ip/205.185.216.10 and for various abuse just as recently as a week ago, see here:
https://www.abuseipdb.com/check/205.185.216.10  (abused, misused server at amazon - IDS alerts for a.o. ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) (release dot xender dot com and others that share that same IP...)

F-Grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=cdn.worldnewsfeed.org

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline rohmanhm

  • Newbie
  • *
  • Posts: 6
Re: How to remove my website from your blacklist?
« Reply #414 on: September 11, 2017, 04:53:26 AM »
I just opened a ticket. https://support.avast.com/support/tickets/948938

Please release my site (news-health.net) from your blacklist. I just owned this domain.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to remove my website from your blacklist?
« Reply #415 on: September 11, 2017, 05:41:21 AM »
https://urlquery.net/report/a02a17ab-c905-42fc-bc9a-eef59212793b
https://sitecheck.sucuri.net/results/news-health.net

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User            Login
1   rmasy   rmasy
2              None

Warning Directory Indexing Enabled

http://retire.insecurity.today/#!/scan/df99ab820036f40d8ebf8792ac302c85cc93b03dbd17c080dd1d32ea759e1a75

Offline rohmanhm

  • Newbie
  • *
  • Posts: 6
Re: How to remove my website from your blacklist?
« Reply #416 on: September 11, 2017, 08:50:59 AM »
https://urlquery.net/report/a02a17ab-c905-42fc-bc9a-eef59212793b
https://sitecheck.sucuri.net/results/news-health.net

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User            Login
1   rmasy   rmasy
2              None

Warning Directory Indexing Enabled

http://retire.insecurity.today/#!/scan/df99ab820036f40d8ebf8792ac302c85cc93b03dbd17c080dd1d32ea759e1a75

I just installed wordpress cms. Should I remove wordpress to get my site safe?
Any advice?

I still don't have any idea why my site is blocklisted by Avast.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: How to remove my website from your blacklist?
« Reply #417 on: September 11, 2017, 08:53:27 AM »
If you have to ask if you should remove Wordpress to make the site safer, you shouldn't be running a website at all or hire a real admin who know what he/she is doing.

Offline LukasJ

  • Avast team
  • Jr. Member
  • *
  • Posts: 79
Re: How to remove my website from your blacklist?
« Reply #418 on: September 11, 2017, 09:07:06 AM »
Hi guys,
URL news-health.net has been removed from blacklist.

Lukáš

Offline rohmanhm

  • Newbie
  • *
  • Posts: 6
Re: How to remove my website from your blacklist?
« Reply #419 on: September 11, 2017, 09:28:40 AM »
Hi guys,
URL news-health.net has been removed from blacklist.

Lukáš

Thank's Lucas. Now I can focus to my content