Author Topic: URL:Blacklist Notification  (Read 5362 times)

0 Members and 1 Guest are viewing this topic.

Offline anthony_tonz

  • Newbie
  • *
  • Posts: 4
URL:Blacklist Notification
« on: October 09, 2019, 05:37:16 PM »
Hello,

Just wondering what's wrong with the URL Blacklist for ksbshipyard.co.id every time when I enable Avast?

I've been checking all along and it's still can't open. It's there anyway for me to solve this?

As you can see there are no virus here, the following details:
https://www.urlvoid.com/scan/ksbshipyard.co.id/
https://www.virustotal.com/gui/url/35bd23c34694cd0c0af9394270780f1ffeab84e75ef63dd3fa98ca9e91b566b0/detection

Looking forward to hear from you all!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: URL:Blacklist Notification
« Reply #1 on: October 09, 2019, 11:02:01 PM »
Eventual detection could be IP related: https://www.virustotal.com/gui/ip-address/104.18.40.6/relations
Consider: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=a3Nic2hbcHl8fSMuXl0uWyNg~enc

Nothing out of the ordinairy here: https://sitecheck.sucuri.net/results/https/ksbshipyard.co.id

Improvement recommendations through linting:, 145 in all:
https://webhint.io/scanner/3836d93d-3f5f-4726-8e57-cfb106e36739

Consider DOM-XSS flaws: Results from scanning URL: -https://ksbshipyard.co.id/js/all.js
Number of sources found: 41
Number of sinks found: 17
&
Number of sources found: 48
Number of sinks found: 16
This is exactly where avast blacklist URL detection reacts according to my websniffer extension - 3731   main_frame   23:27:54(285ms)   net::ERR_CONNECTION_RESET   GET   -ksbshipyard.co.id   That's it, folks, this is all there is  :)

Vulnerable jQuery libtrary detected: https://retire.insecurity.today/#!/scan/eefe5f6cfd2df88af4f109a51cf03af6a45a983f10f579a15307f1d5e60b51f8

Wait for an avast team member to give a final verdict,
as we here are just volunteers witrh relative knowledge,
but only avast team members can come and unblock.

Found OK: http://isithacked.com/check/https%3A%2F%2Fksbshipyard.co.id

This could not be found: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=a3Nic2hbcHl8fSMuXl0uWyNgW218Z3tzYDE0OTY5ODgyMTQxNDkzNzgyNzIxa3NiX3xUeF9bXl1uLlteXQ%3D%3D~enc


polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: October 09, 2019, 11:30:04 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline anthony_tonz

  • Newbie
  • *
  • Posts: 4
Re: URL:Blacklist Notification
« Reply #2 on: October 10, 2019, 09:42:56 AM »
Hello Polonus,

Thank you very much for the feedback. Appreciate it lots.

I have tried to delete all these virus files inside the hosting based on the feedback you gave. But still couldn't accessed the ksbshipyard.co.id. I guess the domain is already getting blocked by Avast Team. I am really looking forward for their replies so much!

Thanks

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: URL:Blacklist Notification
« Reply #3 on: October 10, 2019, 07:29:07 PM »
Hi anthony_tonz,

And that is all you can do, just wait for the final verdict of an avast team member,
as they are the only ones to come and unblock,
while we here are voluntuurs with releative knowledge,
just to advise you on glitches, flaws and give advice towards improved website security
and maintanance,

polonus
« Last Edit: October 10, 2019, 08:53:05 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: URL:Blacklist Notification
« Reply #4 on: October 10, 2019, 08:52:05 PM »
Some interesting cloud IP scan results for: -https://www.ip-adress.com/website/ksbshipyard.co.id
Service running at the server:
SF-Port53-TCP:V=7.70%I=7%D=10/11%Time=5D9F70E0%P=x86_64-unknown-linux-gnu%
SF:r(DNSVersionBindReqTCP). at -melinda.ns.cloudflare.com running on resolver SAN 53/tcp open  domain 
(unknown banner: 20171212); see: https://www.ip-adress.com/ip-address/ipv4/173.245.58.198
See: https://toolbar.netcraft.com/site_report?url=melinda.ns.cloudflare.com
-> https://mxtoolbox.com/SuperTool.aspx?action=a%3amelinda.ns.cloudflare.com&run=toolpage
Generated by cloudfront (CloudFront)
Request ID: i7NnYAjCZZrKzvh-nM21-W2JRbKLJ1IO6PzBNTZk8vI2b5JQKlVDyA==
Combined with Amazon Organization, see Amazon CloudFront: server-70-132-49-82.lhr62.r.cloudfront.net
Netcraft risk score 7 red out of 10: https://toolbar.netcraft.com/site_report?url=server-70-132-49-82.lhr62.r.cloudfront.net
registrar markmonitor dot com.  No matches on IP 70.132.49.82  see the spam report here:
https://cleantalk.org/blacklists/70.132.49.82 spam rate is a full 19.04%
and there we are arrived at the crux of the problem.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline anthony_tonz

  • Newbie
  • *
  • Posts: 4
Re: URL:Blacklist Notification
« Reply #5 on: October 14, 2019, 04:31:39 AM »
Hi Polonus,

Thank you for the feedback, till now we still couldn't open the domain yet. Wondering how long Avast team will get back on us?

Looking forward to hear from you.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: URL:Blacklist Notification
« Reply #6 on: October 14, 2019, 12:09:34 PM »
We have the weekend behind us now, so avast team members may act. Up to them.
Still see this retirable code:
jquery   1.10.2.min   Found in -https://ksbshipyard.co.id/js/fancybox/jquery-1.10.2.min.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

Quite some implementations missing found through the Page, Header & Cookie Security Analyser - RECX.

Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell -ksbshipyard.co.id to fix it.

Identifiers | All Trackers
 Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

d29307b38c30XXXXXXXXXXXXX6f7df6301571047301 -ksbshipyard.co.id__cfduid


polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: URL:Blacklist Notification
« Reply #7 on: October 15, 2019, 04:07:45 AM »
Detection was removed in 14.10.2019 at 07:53 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

Offline anthony_tonz

  • Newbie
  • *
  • Posts: 4
Re: URL:Blacklist Notification
« Reply #8 on: October 15, 2019, 05:11:48 AM »
Hi Polonus, thank you for the feedback.

Thanks to Avast team, they have removed the detection.

Thank you very much everybody!

Cheers!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: URL:Blacklist Notification
« Reply #9 on: October 15, 2019, 05:23:56 AM »
Hi Polonus, thank you for the feedback.

Thanks to Avast team, they have removed the detection.

Thank you very much everybody!

Cheers!

I am a user and not an employee (Avast team).Although any URL can be passed and corrected by someone there.
« Last Edit: October 15, 2019, 05:26:13 AM by jefferson sant »