Author Topic: How to resolve Avast we've safely aborted connection on ... URL:Blacklist  (Read 1267 times)

0 Members and 1 Guest are viewing this topic.

Offline zorg44

  • Newbie
  • *
  • Posts: 7
Hi, quick question.
I am using Avast and recently I keep getting this message:
hxtps://lensvid.com/wp-content/uploads/2020/10/URL-Blacklist.png
I am not sure if it happens on any specific site or just in general when using chrome.
How do I resolve this?

Thanks,
Id.
« Last Edit: October 28, 2020, 11:13:58 AM by Milos »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32812
  • malware fighter
This site has been blacklisted (by McAfee and also avast's) -> https://sitecheck.sucuri.net/results/polobear.shop
IP also blacklisted by Missouri Cyber Security Portal.

Whenever you are the owner/admin of that site you could report an FP and ask for a final verdict.
Looks however the detection is genuine,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline zorg44

  • Newbie
  • *
  • Posts: 7
Hi,
Thanks for the info.
The thing is - I am not trying to access this site (in fact I had not idea what this site is).
So it seems there is a deeper issue here - something is forcing the browser to try and enter this site every few min.
How can I check what is causing this? I ran Avast on the computer - nothing - what else can I do?

P.S. what with the constant verification of each post on this site - it is super difficult.
Id

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 67968
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
P.S. what with the constant verification of each post on this site - it is super difficult.
Captcha is only needed for your first 3 posts. (Spam protection)
Win 8.1 [x64] - Avast PremSec 20.10.2440.Beta#3 [UI.581] - CC 5.74 - EEK - FF ESR 78.5 [NS/AOS/uBO/PB] - TB 78.5 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline zorg44

  • Newbie
  • *
  • Posts: 7
I see - thanks.

And what about my question - ideas?

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84120
  • No support PMs thanks
If you aren't actually trying to connect to the polobear.shop mentioned in Polonus's post as that is what is being blocked by Avast.  That site is blocked by another security application besides Avast, it is also considered a Critical Security Risk in the link Polonus gave.

So it is possible there is something on your system that is trying to connect it possible a new browser add-on or a piece of hidden or undetected malware.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.9.2437 (build 20.9.5758.0) UI-1.0.579/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline zorg44

  • Newbie
  • *
  • Posts: 7
That makes sense - but how will you go about finding what it is and removing it?
Avast can't seem to find it (I ran the software) so what should I do?

Id

Offline zorg44

  • Newbie
  • *
  • Posts: 7
I have investigated a bit more and I am suspicious of this website:
h ttps://lensvid.com/
I checked it using several tools and it seems to be green but I keep getting this message from time to time (not always) when I browse it.
Is it related or is it something else?

Id
« Last Edit: October 27, 2020, 12:59:57 AM by zorg44 »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84120
  • No support PMs thanks
I have investigated a bit more and I am suspicious of this website:
hXXps://lensvid.com/
I checked it using several tools and it seems to be green but I keep getting this message from time to time (not always) when I browse it.
Is it related or is it something else?

Id

Please 'modify' your post change the URL from http to hXXp or www to wXw As I have in the quoted text), to break the link and avoid accidental exposure to suspect sites, thanks.

Though nothing much found on it https://sitecheck.sucuri.net/results/lensvid.com
Though lensvid.com does have a redirect to the polobear.shop triggering the avast alert, see attached image.
It also doesn't get a good review from this site, https://webhint.io/scanner/c2ed8d14-7942-4067-8965-eab6f53a3e9c

That makes sense - but how will you go about finding what it is and removing it?
Avast can't seem to find it (I ran the software) so what should I do?

Id

What makes you suspicious about the lensvid.com site then ?
So are you actually visiting the lensvid.com site or not ?

If not - Then this needs further analysis by a malware removal specialist:
Go to this topic https://forum.avast.com/index.php?topic=194892.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.9.2437 (build 20.9.5758.0) UI-1.0.579/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline zorg44

  • Newbie
  • *
  • Posts: 7
Hi DavidR,
Thanks for the reply.
I fixed the link.

So just to be sure - you also got the same polobear.shop notice when you went into the site?
If you did then this is a problem with the site (I visit it often). I did try browsing it when in incognito and didn't get the notice but it doesn't happen all the time anyway so I am not sure what is going on here.

I added my files (I think this is what you were asking right?).

I am far from an expert but since I am still getting those massages when getting into the lensvid.com site it seems to be originating from the site (at least based on what I see from my computer).

Id

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84120
  • No support PMs thanks
Re: How to resolve Avast we've safely aborted connection on ... URL:Blacklist
« Reply #10 on: October 27, 2020, 02:13:20 AM »
If the lensvid.com site is one that you regularly visit, then I would say that there is less of a likelihood of it being malware on the system or malicious browser extension.

Though this isn't an area that I'm familiar with (I leave that to those trained malware removal specialists.

That said there isn't that many available and regular visitors to the avast forums, so there could be a delay in availability, etc.

For now I would suggest that you stop using the lensvid.com site for a day (or more given its poor report in the second link I posted) or so and see if these alerts continue or not and report back.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.9.2437 (build 20.9.5758.0) UI-1.0.579/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline zorg44

  • Newbie
  • *
  • Posts: 7
Re: How to resolve Avast we've safely aborted connection on ... URL:Blacklist
« Reply #11 on: October 27, 2020, 02:17:56 AM »
Thanks DavidR.
I'll do that and try a few other things and we shall see where we land with this.

I'll post back if this won't be resolved.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84120
  • No support PMs thanks
Re: How to resolve Avast we've safely aborted connection on ... URL:Blacklist
« Reply #12 on: October 27, 2020, 03:27:41 AM »
You're welcome.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.9.2437 (build 20.9.5758.0) UI-1.0.579/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32812
  • malware fighter
Re: How to resolve Avast we've safely aborted connection on ... URL:Blacklist
« Reply #13 on: October 27, 2020, 06:33:33 AM »
@ zorg 44 & DavidR,

Here we can establish it is just -polobear.shop that is a PHISH: https://www.virustotal.com/gui/domain/polobear.shop/detection

The Namecheap, Panama organization has been found out to be a hide-out for many a scammer/spammer.

6 detected files communicating with that address: https://www.virustotal.com/gui/ip-address/162.0.235.12/detection -> https://www.virustotal.com/gui/ip-address/162.0.235.12/relations

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84120
  • No support PMs thanks
Re: How to resolve Avast we've safely aborted connection on ... URL:Blacklist
« Reply #14 on: October 27, 2020, 03:34:17 PM »
@ zorg 44 & DavidR,

Here we can establish it is just -polobear.shop that is a PHISH: https://www.virustotal.com/gui/domain/polobear.shop/detection

The Namecheap, Panama organization has been found out to be a hide-out for many a scammer/spammer.

6 detected files communicating with that address: https://www.virustotal.com/gui/ip-address/162.0.235.12/detection -> https://www.virustotal.com/gui/ip-address/162.0.235.12/relations

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Whilst that may be correct, we still have to wonder WHY there is a redirect from lensvid.com. 

There is a possibility that given the poor review given on lensvid.com by the webhint.io/scanner that its weaknesses are being exploited, on the Security tests 2/10 or just plain sloppy.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.9.2437 (build 20.9.5758.0) UI-1.0.579/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security