Author Topic: Website reported as blocked for URL:Mal, report false infection?  (Read 37050 times)

0 Members and 1 Guest are viewing this topic.


Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #16 on: August 22, 2016, 01:41:54 PM »
Hello,

It seems my website has the same problem: hxxp://pouyas.com/
Could you please remove it from the blacklist?

Thanks



Hello.

IP compromised

http://www.ipvoid.com/scan/67.23.226.139/
http://www.urlvoid.com/ip/67.23.226.139/


I will Report to virus analyst
« Last Edit: August 23, 2016, 04:24:12 AM by jefferson sant »

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #17 on: August 22, 2016, 01:58:54 PM »
The IP was infected with Locky ransomware 20 days ago. I have unblocked it for now, but I strongly advise using a different hosting.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #18 on: August 22, 2016, 02:08:58 PM »
HonzaZ is right and the more so,
because the IP there functions as a Locky distribution site,
re: https://ransomwaretracker.abuse.ch/host/67.23.226.139/

Confirmed here for that  sample MS5 dc9db417c58c2c1e9615b6c0e0aed913
See: https://tracker.h3x.eu/corpus/400

Latest 100 files (malware samples) dropped by this distribution site.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline fernandes.tt

  • Newbie
  • *
  • Posts: 1
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #19 on: September 24, 2016, 02:55:48 AM »
Hi Avast Team.

I have the same issue (false infection). I need your help to take my site out of your black list.

espanholparaviagem[.]com

Thanks a lot.
Regards,
Tarcisio.
« Last Edit: June 22, 2017, 07:58:17 AM by HonzaZ »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #20 on: September 24, 2016, 09:33:09 AM »
Wat message is avast giving you ? (screenshot)

Suspicious (possibly malicious) :
https://quttera.com/detailed_report/www.espanholparaviagem.com

Issues on that ASN :
http://urlquery.net/report.php?id=1474702349281

Vulnerable library used :
http://retire.insecurity.today/#!/scan/c44362f50116f6ee223f0c0fb4fc4f79977b64ca5ae5acacacfeec6c06237db1

Wordpress issues :
WordPress Version 4.5.4
Version does not appear to be latest 4.6 - update now.

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User    Login
1   None   admin
2   None   dx2brasil
« Last Edit: September 24, 2016, 09:39:55 AM by Eddy »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #22 on: September 26, 2016, 01:19:54 PM »
IP 198.199.66[.]75 (which espanholparaviagem[.]com points to) was blocked in March due to CSRF attack coming from it.
I have now unblocked it.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #23 on: September 26, 2016, 04:36:53 PM »
Being on SSL via CloudFlare with a Let's Encrypt Authority 3 Certificate is no reason for not implementing security headers,
see the meagre F-Status found here: https://securityheaders.io/?q=www.espanholparaviagem.com&followRedirects=on

Relying simply on a cdn solely for keeping your website secure, is not enough.

Also tackle the following issues. see: https://mxtoolbox.com/domain/www.espanholparaviagem.com/

polonus (volunteer website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #24 on: June 21, 2017, 03:22:12 PM »
need help ASAP .

One year , our company purchased the domain yyw[.]com as our company page .

but too many custermers  repokrted as blocked for  URL : Mal .

pls check and process for us .

my email :  admin@yyw.com  or  1398630@qq.com
« Last Edit: June 22, 2017, 07:57:45 AM by HonzaZ »


REDACTED

  • Guest
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #26 on: June 21, 2017, 03:33:04 PM »
thanks !

i will check now

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #27 on: June 21, 2017, 04:03:48 PM »
Hello,
detection of yyw.com was disabled.

Milos

REDACTED

  • Guest
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #28 on: June 22, 2017, 04:56:40 PM »
We are having this issue also.  Our company purchased allegiantcare.com a few years ago and avast users report our domain gets blocked for blacklisting.  Can you please remove allegiantcare.com from your blacklist?

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Website reported as blocked for URL:Mal, report false infection?
« Reply #29 on: June 22, 2017, 05:02:25 PM »
Site is not even loading and avast doesn't give a alert when trying to load the site.

Blacklisted :
https://www.virustotal.com/en/url/fedaa175143a03d4493bf8721b4515610f51141453ce3ed2e96ca35977839b11/analysis/1498143939/
http://www.urlvoid.com/scan/allegiantcare.com/
https://sitecheck.sucuri.net/results/allegiantcare.com
https://www.virustotal.com/en/ip-address/71.245.183.172/information/

Wordpress issues :
Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User    Login
1   sjunker   sjunker
2            None

Warning Directory Indexing Enabled

Certificate issue :
https://www.ssllabs.com/ssltest/analyze.html?d=allegiantcare.com

Very likely also vulnerable libraries are used.
« Last Edit: June 22, 2017, 05:14:37 PM by Eddy »