Avast antivirus blacklists our own domains

Viruses and worms
1

Hi all,
we have an OTRS installation and we used a self signed certificate because we used this tool for internal activities. At that point Avast blacklisted the URL and people cannot add an exception.

Specifically we are using https://otrs.wikimedia.ch/otrs/index.pl?

After that we have installed a certificate released by a third part to fix the problem but the URL is still blocked. So now everything is Ok but the URL is still blocked.

At that point I invited most urgent users to change antivirus while other users are still blocked.

Looking around it seems that there is to do a request here, is not it? But how strange is this procedure?

2

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

3

Consider…

https://sitecheck.sucuri.net/results/https/otrs.wikimedia.ch/otrs/index.pl

4

Recommendations: https://observatory.mozilla.org/analyze/otrs.wikimedia.ch
Loading the site failed with various scanners…

DOM-XSS results: Results from scanning URL: -https://otrs.wikimedia.ch/otrs/index.pl?
Number of sources found: 6
Number of sinks found: 25
&
Results from scanning URL: -https://otrs.wikimedia.ch/otrs-web/js/js-cache/ModuleJS_956e2e915db9ec2267bab9297e5cf9cf.js
Number of sources found: 3
Number of sinks found: 1
&
Results from scanning URL: -https://otrs.wikimedia.ch/otrs-web/js/js-cache/ModuleJS_956e2e915db9ec2267bab9297e5cf9cf.js
Number of sources found: 1038
Number of sinks found: 164

111 recommendations towards site improvement:
https://webhint.io/scanner/3e1dc023-bdd6-4455-b8b1-e62c4eb1291a

Also consider: https://urlscan.io/result/27cfecca-1e0b-4f77-ae1f-66124c5f7683/

See all the vulnerabilities at the hoster, Moresi.com: https://www.shodan.io/host/89.207.237.51
Indicators: https://urlscan.io/result/27cfecca-1e0b-4f77-ae1f-66124c5f7683/#indicators

Nothing here: https://www.urlvoid.com/scan/otrs.wikimedia.ch/

Wait for a final verdict from avast team, as they are the only ones to come and unblock from URLBlaclist…

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)