Author Topic: How to remove my website from your blacklist?  (Read 196689 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44273
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: How to remove my website from your blacklist?
« Reply #675 on: July 07, 2020, 06:23:04 PM »
Hi, our website is in avast blacklist:
hxxp://westroad.bg/
No malware in site. Pls remove from black list.
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32754
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #676 on: July 07, 2020, 10:54:02 PM »
Hi tehnomobi,

Do as what bob3160 tells you to do. Wait for a final verdict from an avast team member,
as they are the only ones to come and unblock. But the site is not being blocked by avast's as far as I can tell.

VirusTotal does not flag this site: https://www.virustotal.com/gui/url/c0fc4fca99a12b32d1c00db5d0538b5fb733112effff7360cef54ebca145aaa3/details

But here that Bulgarian IP is flagged: https://www.virustotal.com/gui/ip-address/91.196.125.100/detection
More detections here: https://www.virustotal.com/gui/ip-address/91.196.125.100/relations

Consider this code
Quote
var img = new Image(1, 1);
img.src = 'htxp://westroad.bg/index.php?action=track_visitor&'+new Date().getTime();
img.onload = function() { return true; }; 
returning a GIF82 image tag-code...

See threat risk qua TLS recommendations here: https://sitecheck.sucuri.net/results/westroad.bg

Retirable jQuery library found here: Retire.js
jquery   1.3.2   Found in -http://westroad.bg/javascript/jquery.js?1<br>Vulnerability info:
Medium   CVE-2011-4969 XSS with location.hash   
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   

Remarkable that this website is not being blocked by avast's,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: July 07, 2020, 10:56:23 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32754
  • malware fighter
Re: How to remove my website from your blacklist?
« Reply #678 on: September 17, 2020, 10:59:34 PM »
Hi lorenacdamasceno,

Do not post "live" links here, as we do not want our visitors to eventually get infested.

This is not flagged by VT: https://www.virustotal.com/gui/url/53c2a3c83f791939df61bf8be00084f17f51a93fc11a8ade66753e998feecc1a/detection
Also IP is given as clean: 168.228.240.157 -> https://www.virustotal.com/gui/ip-address/168.228.240.157/detection
See: https://www.shodan.io/host/168.228.240.157

It is not a matter of blacklisting but a 404 not found site error (probably no longer there/outdated): https://sitecheck.sucuri.net/results/https/pje2g.tjba.jus.br/pje-web/Processo/ConsultaProcesso/Detalhe/listProcessoCompletoAdvogado.seam?q=id%3D271542%26ca%3Db2cd48bfa247442287ed749f8b5a972bb6b764ec53524220fdde1122fa775c6cc46c55da77eb70476dfad37c8246fe32

Vvarious site errors detected in...and is redirecting to: -https://pje2g.tjba.jus.br/pje-web/login.seam;jsessionid=SEei9vzErD82UR_aLg1jO6ja2Kne9vYKSrTBZl5t.londres?loginComCertificado=false&cid=9561
DOM-XSS issues at: Results from scanning URL: -https://pje2g.tjba.jus.br/pje-web/js/signerApplet.js;jsessionid=ucJoYdbPhai0CdzRXseQYyDmnnZeh7g7pTsbpGFs.pje2gapp004
Number of sources found: 8
Number of sinks found: 78
&
Results from scanning URL: -https://pje2g.tjba.jus.br/pje-web/js/signerApplet.js;jsessionid=ucJoYdbPhai0CdzRXseQYyDmnnZeh7g7pTsbpGFs.pje2gapp004
Number of sources found: 180
Number of sinks found: 56  with -a.gootranslink:link inline code...


JavaScript error as I do not see a 404 for ReferenceError: at -https://pje2g.tjba.jus.br/pje-web/js/signerApplet.js;jsessionid=ucJoYdbPhai0CdzRXseQYyDmnnZeh7g7pTsbpGFs.pje2gapp004
to be SRC source view results:
Quote
jQuery is not defined
 /pje-web/.conteudo-pre-requisitos:59

ReferenceError: _clearJSFFormParameters is not defined
 /pje-web/.conteudo-pre-requisitos:99 clear_j_id22()
 /pje-web/.conteudo-pre-requisitos:103

ReferenceError: ModalPanel is not defined
 /pje-web/.conteudo-pre-requisitos:130

ReferenceError: A4J is not defined
 /pje-web/.conteudo-pre-requisitos:225

ReferenceError: A4J is not defined
 /pje-web/.conteudo-pre-requisitos:227

ReferenceError: _clearJSFFormParameters is not defined
 /pje-web/.conteudo-pre-requisitos:229 clear_j_id115()
 /pje-web/.conteudo-pre-requisitos:233

TypeError: Invalid property descriptor. Cannot both specify accessors and a value or writable attribute, #<Object>
  Function.defineProperty ()()
  doUpdateProp (:19:12)()
  :29:5()
  Array.forEach ()()
  :24:44()
  self.tp_vkONHklZLVw_func (:40:5)()
  :49:31()

SyntaxError: Invalid regular expression flags
  eval ()()
  :3:98()
  Object.c [as F_c] (:2:146)()
  Object.E_u (:3:267)()
  la (eval at exec_fn (:1:147), :60:53)()
  Object.create (eval at exec_fn (:1:147), :71:325)()
  d (eval at exec_fn (:1:147), :13:89)()

Wait for an explanation from avast team, they are to give the final verdict, as I do not see it blocked.
There is only 100% content and no ads or trackers to be blocked there according to ZenMate firewall.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: September 17, 2020, 11:02:03 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!