Author Topic: How to remove: URL: Blacklist ?  (Read 75330 times)

0 Members and 1 Guest are viewing this topic.

Offline WebHMI

  • Newbie
  • *
  • Posts: 1
Re: How to remove: URL: Blacklist ?
« Reply #30 on: April 04, 2022, 07:58:14 PM »
Hello.
The domain of our company (hxtps://level2.webhmi.com.ua/) was added to the blacklist for no known reason. Other site aliases are fine.
Checked by:
https://sitecheck.sucuri.net/results/level2.webhmi.com.ua
https://zulu.zscaler.com/report/69b966a9-c506-447c-a49e-926fd2d081b7
Please remove it from the blacklist.
« Last Edit: April 06, 2022, 02:43:51 PM by Milos »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89212
  • No support PMs thanks
Re: How to remove: URL: Blacklist ?
« Reply #31 on: April 04, 2022, 08:09:37 PM »
Use the link given in an earlier post.

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: How to remove: URL: Blacklist ?
« Reply #32 on: April 04, 2022, 10:22:24 PM »
Witam WebHMI,

Good to report this issue and then get a final verdict from avast team, whether this is indeed an FP.
Also consider there are at least two more vendors that flag that website as malicious:
https://www.virustotal.com/gui/url/58d860b4ea97461b9ac8489264fd0b7c7fa33e0319049667167dd73f982082cb

However the following retire.js library issues should be looked into:

Quote
bootstrap   3.3.7   Found in -https://level2.webhmi.com.ua/public/js/libs/bootstrap.js?85a31cf4 _____Vulnerability info:
Medium   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   1
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   
Medium   XSS is possible in the data-target attribute. CVE-2016-10735   
handlebars   4.0.11   Found in -https://level2.webhmi.com.ua/public/js/main.js?0952e4e0 _____Vulnerability info:
High   A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template   
High   A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template   
Low   Disallow calling helperMissing and blockHelperMissing directly   
Medium   Prototype pollution   
jquery   1.10.2.min   Found in -https://level2.webhmi.com.ua/assets/js/vendor/jquery-1.10.2.min.js _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
moment.js   2.15.1   Found in -https://level2.webhmi.com.ua/public/js/libs/moment.js?6a270a2f _____Vulnerability info:
Medium   Regular Expression Denial of Service (ReDoS)   
Low   Regular Expression Denial of Service (ReDoS) CVE-2017-18214   

pozdrawiam,

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
« Last Edit: April 04, 2022, 10:52:51 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline алексей38

  • Newbie
  • *
  • Posts: 1
Re: How to remove: URL: Blacklist ?
« Reply #33 on: May 07, 2022, 07:40:29 AM »
Good afternoon, my site http://xn--90aogst.xn--p1ai / was blacklisted, at the moment the site is completely cleaned, I ask you to assist in excluding it from the blacklist.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48610
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: How to remove: URL: Blacklist ?
« Reply #35 on: May 07, 2022, 03:35:55 PM »
Apparently Avast isn't the only one that tags the site.

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Leontiuc Marius

  • Newbie
  • *
  • Posts: 3
Re: How to remove: URL: Blacklist ?
« Reply #36 on: September 17, 2022, 07:47:45 PM »
please help. My website newsnet.ro os in blacklist, avast blocked

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89212
  • No support PMs thanks
Re: How to remove: URL: Blacklist ?
« Reply #37 on: September 17, 2022, 09:42:50 PM »
please help. My website newsnet.ro os in blacklist, avast blocked

Use the link already given above your post to report it - However some issues you need to address, see below.

Nothing found here, but this is a basic check - https://www.virustotal.com/gui/url/ff93432f213226bf006bf8b7ce08cafc5554ea158f2f4d9c2edbfebd0b8c1e07?nocache=1

Aside from this, there are lots of things you need to address to improve security.  Outdated software and security issues could put your site at risk:
Security issues reported here - https://en.internet.nl/site/newsnet.ro/1709938/

No malware but hardening improvements -  https://sitecheck.sucuri.net/results/newsnet.ro

More outdated software reported here - https://awesometechstack.com/analysis/website/newsnet.ro/

Webpage Security Score F JavaScript Libraries with vulnerabilities - https://snyk.io/test/website-scanner/?test=220917_BiDcD2_9EH&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Clementd

  • Newbie
  • *
  • Posts: 1
Re: How to remove: URL: Blacklist ?
« Reply #38 on: October 13, 2022, 12:42:00 PM »
Hello.
The domain of our company (https://www.twilead.com) was added to the blacklist for no known reason except a breach in our security last June where someone could create a fake account on our platform and sent some phishy-looking emails. We have right away identified the issue, banned the user and hardened our security which makes it totally impossible to do so again ever since. Btw Other sites are fine.
Could you please remove us from blacklist and recategorize us as "marketing software" or "business cloud apps" ?
Thank you!!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48610
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: How to remove: URL: Blacklist ?
« Reply #39 on: October 13, 2022, 01:04:51 PM »
Hello.
The domain of our company (hxxps://www.twilead.com) was added to the blacklist for no known reason except a breach in our security last June where someone could create a fake account on our platform and sent some phishy-looking emails. We have right away identified the issue, banned the user and hardened our security which makes it totally impossible to do so again ever since. Btw Other sites are fine.
Could you please remove us from blacklist and recategorize us as "marketing software" or "business cloud apps" ?
Thank you!!
Report Suspicious File or URL:  https://www.avast.com/false-positive-file-form.php
« Last Edit: October 13, 2022, 01:06:51 PM by bob3160 »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89212
  • No support PMs thanks
Re: How to remove: URL: Blacklist ?
« Reply #40 on: October 13, 2022, 01:25:59 PM »
Hello.
The domain of our company (hxxps://www.twilead.com) was added to the blacklist for no known reason except a breach in our security last June where someone could create a fake account on our platform and sent some phishy-looking emails. We have right away identified the issue, banned the user and hardened our security which makes it totally impossible to do so again ever since. Btw Other sites are fine.
Could you please remove us from blacklist and recategorize us as "marketing software" or "business cloud apps" ?
Thank you!!

First please modify your url so it isn't active (avoiding accidental exposure) as we have done in the quoted urls.

There are some other things you might consider from checks on the domain:
Some hardening - https://en.internet.nl/site/twilead.com/1739533/
Also blacklisted here - https://sitecheck.sucuri.net/results/twilead.com
Webpage Security Score E - https://snyk.io/test/website-scanner/?test=221013_BiDcWE_97M&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner
Outdated software also reported here - https://awesometechstack.com/analysis/website/twilead.com/

Whilst these may or may not have been the reason being blacklisted by Avast - addressing these could make it harder to exploit.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Leontiuc Marius

  • Newbie
  • *
  • Posts: 3
Re: How to remove: URL: Blacklist ?
« Reply #41 on: October 13, 2022, 08:25:23 PM »
if you don't remove my website ,,newsnet.ro" from this list I will notify the police, the European Commission and all possible investigative bodies.  We have no viruses or malware.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89212
  • No support PMs thanks
Re: How to remove: URL: Blacklist ?
« Reply #42 on: October 13, 2022, 10:09:06 PM »
if you don't remove my website ,,newsnet.ro" from this list I will notify the police, the European Commission and all possible investigative bodies.  We have no viruses or malware.

There are other issues with your site that you could also address:
Some security improvements - https://en.internet.nl/site/newsnet.ro/1740341/
Medium security risk - https://sitecheck.sucuri.net/results/newsnet.ro
Webpage Security Score F - https://snyk.io/test/website-scanner/?test=221013_AiDc34_FYJ&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner
Outdated software risks - https://awesometechstack.com/analysis/website/newsnet.ro/

This however may not be why Avast detects it.

Note I don't work for Avast, but an Avast user.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48610
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: How to remove: URL: Blacklist ?
« Reply #43 on: October 13, 2022, 10:33:15 PM »
if you don't remove my website ,,newsnet.ro" from this list I will notify the police, the European Commission and all possible investigative bodies.  We have no viruses or malware.
Just report it as requested. If it's a false positive, it will be quickly removed.
Threats are never the best way to handle this type of situation.
I also don't work for Avast.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: How to remove: URL: Blacklist ?
« Reply #44 on: October 13, 2022, 11:00:18 PM »
Hi Leontius Marius,

Additionally to what DavidR and bob3160 have been reporting, just take notice of the following issues.

Avast is not alone here, see: https://urlscan.io/result/be44819e-389c-45cd-b284-ae7840f19458/
Verdict Potential Malicious & Malicious Activity detected.

Mentioned as being phishing against facebook.
And website is still being flagged by Avast as I come to write this.
Wait for an avast member's final verdict, as they are the only ones to come and unblock.

Also look here for so-called (suspicious) indicators -> https://urlscan.io/result/be44819e-389c-45cd-b284-ae7840f19458/#indicators

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!