Author Topic: blocking by url: blacklist by malware  (Read 1535 times)

0 Members and 1 Guest are viewing this topic.

Offline Libros

  • Newbie
  • *
  • Posts: 4
blocking by url: blacklist by malware
« on: August 16, 2020, 07:45:22 AM »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: blocking by url: blacklist by malware
« Reply #1 on: August 16, 2020, 07:56:46 AM »
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Libros

  • Newbie
  • *
  • Posts: 4
Re: blocking by url: blacklist by malware
« Reply #2 on: August 16, 2020, 10:03:52 AM »
they have not helped me

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: blocking by url: blacklist by malware
« Reply #3 on: August 16, 2020, 10:46:34 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: blocking by url: blacklist by malware
« Reply #4 on: August 16, 2020, 11:12:26 AM »
Hi Libros,

Blacklists and Threat Intel:
DShield    CLEAN
AlienVault OTX      CLEAN
Cisco Talos    CLEAN
abuse.ch (Feodo)    CLEAN
URLhaus    CLEAN
Spamhaus (Drop / eDrop)    CLEAN

Reputation checks have been performed on the IP address for each of the linked sites.
Hosts found on blacklists with poor reputation may be a threat to users of the site.
Hosting and locations are also included in the results.

Externally Linked Host   Hosting / Company Netblock   Country   
     -www.facebook.com   FACEBOOK         
     -t.me   TELEGRAM, RU   

      JS Link   Hosting / Company Netblock   Country
  -https://zonadelibrosxyz0.com/wp-content/plugins/w3-total-cache/pub/js/lazyload.min.js   CLOUDFLARENET   
  -https://zonadelibrosxyz0.com/wp-content/plugins/contact-form-7/includes/js/scripts.js   CLOUDFLARENET   
  -https://zonadelibrosxyz0.com/wp-includes/js/jquery/jquery.js   CLOUDFLARENET   
  -https://www.googletagmanager.com/gtag/js?id=UA-112160639-2   GOOGLE   
  -https://zonadelibrosxyz0.com/wp-content/themes/neve/assets/js/build/modern/frontend.js   CLOUDFLARENET   
  -https://zonadelibrosxyz0.com/wp-includes/js/wp-embed.min.js   CLOUDFLARENET   

Consider 121 improvement recommendations here: https://webhint.io/scanner/5f5e6e43-599b-4f52-bd06-393e1a6b0abd
Compare to not bad C-grade results, here: https://observatory.mozilla.org/analyze/zonadelibrosxyz0.com

The only thing I could come up with is flagged X-VPN.exe malcode, detected on Cloudflare at VT's (two occasions)
and this particular report: https://www.abuseipdb.com/check/104.24.114.18 (request a take-down there)
Take that up with Cloudflare's: flagged is a HTTP 503 XSS Attempt from IP 104.24.114.18
Read: https://doc.emergingthreats.net/2010527

Wait for a reaction from avast team after the weekend and their final verdict.

polonus (volunteer 3rd party cold reconnaissance website security-analyst and website error-hunter)


« Last Edit: August 16, 2020, 11:15:59 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!