Author Topic: Avast Started Blocking my Website  (Read 438 times)

0 Members and 1 Guest are viewing this topic.

Offline alekmega

  • Newbie
  • *
  • Posts: 3
Avast Started Blocking my Website
« on: November 12, 2019, 05:32:46 AM »
So, Avast suddenly started blocking one of my websites. In fact, it was a URL shortener, which made this whole story even funnier.

It's very strange how Avast decides to block a website. Your competitor goes and reports your website; and suddenly you're on the blacklist?

How can I unblock the URL? Thanks for the help.
« Last Edit: November 12, 2019, 05:36:08 AM by alekmega »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61612
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast Started Blocking my Website
« Reply #1 on: November 12, 2019, 06:06:32 AM »
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 68.2 [NS/AOS/uBO] - Thunderbird 68.2.2 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2690
  • Volunteer
Re: Avast Started Blocking my Website
« Reply #2 on: November 12, 2019, 01:36:10 PM »
What is being blacklisted for?

To my knowledge there is no category for "URL:YourCompetitorReportedYou".

Can you DM me a link, and/or post it here so we can have a look?

Volunteer.
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.

Offline alekmega

  • Newbie
  • *
  • Posts: 3
Re: Avast Started Blocking my Website
« Reply #3 on: November 12, 2019, 09:21:23 PM »
What is being blacklisted for?

To my knowledge there is no category for "URL:YourCompetitorReportedYou".

Can you DM me a link, and/or post it here so we can have a look?

Volunteer.

But there is a category URL:Blacklisted and it is pretty much the same!

I am not allowed to send DM since I am a new member I guess :)
« Last Edit: November 12, 2019, 09:23:34 PM by alekmega »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82210
  • No support PMs thanks
Re: Avast Started Blocking my Website
« Reply #4 on: November 12, 2019, 09:26:47 PM »
But there is a category URL:Blacklisted and it is pretty much the same!

Pretty much the same doesn't help others to help you, a screenshot of the avast alert may help.  Or the URL as Michael requested.

A competitor reporting your site simply doesn't cut it, Avast does its own analysis based on its own criteria. 
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.541) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2690
  • Volunteer
Re: Avast Started Blocking my Website
« Reply #5 on: November 12, 2019, 09:42:33 PM »
But there is a category URL:Blacklisted and it is pretty much the same!

Pretty much the same doesn't help others to help you, a screenshot of the avast alert may help.  Or the URL as Michael requested.

A competitor reporting your site simply doesn't cut it, Avast does its own analysis based on its own criteria.

Indeed:

VirusTotal reports Clean >> https://www.virustotal.com/gui/url/02886be3eb40c42f2472af8f7fa7ef61d43d3b89a666738f60b72f2006b33111/detection

Outdated PHP Versions Detected however >>    PHP/5.6.40. Stable release is version 7.3.11, with Preview in 7.4.0RC4
JQuery is old as well - stable version 3.4.1
HTML5Shiv is also outdated, current stable version 3.7.3 (Not quite as severe though)

URLScan (Clean) >> https://urlscan.io/result/c6b7f202-a08e-422d-9d26-4547569fb93c
URLVoid (Clean) >> https://www.urlvoid.com/scan/fileto.host/
CheckPhish (Clean) >> https://checkphish.ai/insights/url/1573590673605/02886be3eb40c42f2472af8f7fa7ef61d43d3b89a666738f60b72f2006b33111
Zulu (Clean) >> https://zulu.zscaler.com/submission/9a9e30fb-e240-4d5c-8fa1-42842c4e78b4
Nothing much on Aw-Snap! >> https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Zltse3RdLmhdc3Q%3D~enc
No TLS/SSL >> https://sitecheck.sucuri.net/results/fileto.host

Avast! has been reached out to to investigate.



*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36253
Re: Avast Started Blocking my Website
« Reply #6 on: November 12, 2019, 09:58:04 PM »
On same IP you find these detections …. see Attached screenshot

https://www.virustotal.com/gui/ip-address/184.95.51.100/relations


« Last Edit: November 12, 2019, 10:08:13 PM by Pondus »
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31879
  • malware fighter
Re: Avast Started Blocking my Website
« Reply #7 on: November 12, 2019, 11:03:18 PM »
L.S.

Next to the thorough scan report by Michael (alan1998) and the IP relation VT results, Pondus provided,
just some remarks below.

But this particular domain is not flagged at https://www.virustotal.com/gui/ip-address/184.95.51.100/relations
Here are 69 hints for improvement of mentioned website:
https://webhint.io/scanner/5dec1d74-c692-42fe-8df8-fe049b6ce5de

Especially I hint at the 30 security recommendations there:
https://webhint.io/scanner/5dec1d74-c692-42fe-8df8-fe049b6ce5de#category-security

So we wait for a final verdict from an avast team member, as they are the only ones to come and unblock.
We here are just volunteers with relative knowledge of 3rd party cold recon website security analysis
and website security error-hunting.

P.S. also consider the vulnerabilities at the webserver host: https://www.shodan.io/host/184.95.51.100
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
But it has SSH-2.0-OpenSSH_7.4. For this version: https://www.cvedetails.com/vulnerability-list.php?vendor_id=97&product_id=585&version_id=228285&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=2&sha=1879224e96a541c7743ee7c89bb9adf4f047ac22

polonus
« Last Edit: November 12, 2019, 11:13:33 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline alekmega

  • Newbie
  • *
  • Posts: 3
Re: Avast Started Blocking my Website
« Reply #8 on: November 13, 2019, 02:15:55 AM »
On same IP you find these detections …. see Attached screenshot

https://www.virustotal.com/gui/ip-address/184.95.51.100/relations

None of these domains is mine except the one that has 0 red flag detections.
Also, the domain no longer appears in the blacklist section. Maybe it's not blacklisted anymore?
Thanks for the help guys, I really appreciate it!  ;D

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2690
  • Volunteer
Re: Avast Started Blocking my Website
« Reply #9 on: November 13, 2019, 05:54:44 PM »
On same IP you find these detections …. see Attached screenshot

https://www.virustotal.com/gui/ip-address/184.95.51.100/relations

None of these domains is mine except the one that has 0 red flag detections.
Also, the domain no longer appears in the blacklist section. Maybe it's not blacklisted anymore?
Thanks for the help guys, I really appreciate it!  ;D

The concern with leaving your domain on an IP Address that is hosting other malicious domains os that sometimes AV's chose to block the IP Address as a whole, even if that means someone gets caught in the crossfire.
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.