Please remove block from my site

hi. Please remove my site “xttp://oblzem.com” from your black list
Avast version 160426-3
Antivirus base 26.04.2016 23:19:27
Check on this resources:
https://www.virustotal.com/ru/url/c27a44fe5f010d40f2e070cd642092201ff47b90bace8b080e9928d381cd8741/analysis/
http://app.webinspector.com/public/reports/52848684?cache=true
http://www.urlvoid.com/scan/oblzem.com/
https://sitecheck.sucuri.net/results/oblzem.com
http://zulu.zscaler.com/submission/show/d6f76322057133ddc1e863fe9733e714-1461700754

IP history is bad, multiple domains on that IP and many are blacklisted
https://www.virustotal.com/en/ip-address/37.140.192.84/information/

This could have come to be detected: 8d10/666846aab3d39c61a2ea24a47d41aea46e33 from oblzem.com/ (12263 bytes, 7337 hidden) download
jQuery code to be mitigated, retire and zipfile for later reference: http://retire.insecurity.today/#!/scan/50b80e31e541f4f1d5f9c4e23c44847a3b2acf106c0a1585c9fa6c2f8d0c7bdb
Also consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Foblzem.com%2Fmedia%2Fjui%2Fjs%2Fjquery-migrate.min.js

polonus

There are so many blacklisted domains on that IP that I wonder why we don’t blacklist the whole IP.
I have removed oblzem.com from the blacklist, but I strongly suggest moving to a different IP.

Perhaps even better, block all IP’s from that host.
This one is not the only one that has a lot of malicious sites.

we are changed ip adress, but avast can open page, show this error again.
may be I need to waiting for update?

run manual avast update and reboot computer … any change?

There is no need to update or reboot.
Disable the shields and enable them again.
This will reset the shield cache and that is all that is needed.

There’s more than one way to skin a cat, and this is the way i like

hi. we are changed ip adress, check viruses, but avast show error again and again. URL: MAL

I just checked and was able to visit the site without any problem with all shields enabled.
It could be the AOS is giving a alert.

Hi Eddy, it’s still blocked for me.

Perhaps there was a glitch, now it is blocked for me as well.
Strange… ???

Anyway, there still seem to be problems there :
http://www.urlvoid.com/scan/oblzem.com/
http://urlquery.net/report.php?id=1463053975805

Best thing to do is step away from that host and get dedicated hosting.

Eddy is right, hoster runs insecure code: -http://5.63.156.171/
Detected libraries:
jquery - 1.8.3 : (active1) -http://5.63.156.171/hosting_static_404/script.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

See risk: http://toolbar.netcraft.com/site_report?url=http://5.63.156.171

polonus

hi again. thanks for answers, but the problem is here
we are change hoster, check our site.
There are new hoster, new ip, but the URL:MAL is here yet:(

Suspicious 404 page/code :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=oblzem.com

Bitdefender is still flagging :
http://trafficlight.bitdefender.com/info?url=http://oblzem.com

Blacklistings on that ASN :
http://urlquery.net/report.php?id=1463471217327

JQuery problems still not solved >:(:
http://retire.insecurity.today/#!/scan/263294926d8c21a2e706279460df896ba78eddf91312bc27060c35c54facb5d5

TLS/SSL problems there :
https://www.ssllabs.com/ssltest/analyze.html?d=oblzem.com

Netcraft risk rating went from 9 to 10 ! :
http://toolbar.netcraft.com/site_report?url=http://oblzeem.com

Just changing the hoster or IP is not doing it. You also have to cleanse your part of the bargain, just study this report here: https://seomon.com/domain/oblzem.com/ and look here: https://sritest.io/#report/ac261d70-b4c0-4383-abd0-df7759049166
If you do not know how to generate those SRI hashes or retire the outdated to be retired script or cure the hick-ups hire someone with relevant knowledge to do that for you. Not every webmaster knows sufficiently about website security.
For the SRI hashes for instance use this: https://www.srihash.org/
The Apache Http Server is too loud, spreading info Apache 2.2.15 Cloud Linux.
Your present IP was reported for forum spam: https://www.google.nl/search?q=78.140.185.191&oq=78.140.185.191&aqs=chrome..69i58j69i57.3133j0j7&sourceid=chrome&ie=UTF-8
and here: https://www.abuseipdb.com/check/78.140.185.191
Server has cgi vulnerability: http://toolbar.netcraft.com/site_report?url=http://ns5.fozzy.com
The security header situation is also shameful: https://securityheaders.io/?q=oblzem.com

Consider the following in relation to the missing SRI hashes. It is not immedeate threat you encounter, but there is better coding available for jQuery and the retirables should be zipfiled and kept for later reference: -http://oblzem.com
Detected libraries:
jquery - 1.11.3 : (active1) http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery-migrate - 1.2.1 : -http://oblzem.com/media/jui/js/jquery-migrate.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
swfobject - 2.2 : -http://oblzem.com/templates/oblzem/js/swfobject.js?925
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

See where this lands for instance: http://www.domxssscanner.com/scan?url=http%3A%2F%2Foblzem.com%2Fmedia%2Fjui%2Fjs%2Fjquery-migrate.min.js

For which we detect this in that script:


[nothing detected] script
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined function e 

Well here

you still have to let JavaScript know how exactly this parameter will be referred to in your function

quote info credits go to Stackoverflow’s Adam Rackis, and so you need to add the e parameter yourself.
So we saw the script unpacker found that error up for us and it was a reason to retire that jQuery code amongst other issues.

We are glad here to point out these issues to you, but the issues have to be addressed as well.

polonus (volunteer website security analyst and website error-hunter)

hi.
we are send request to bitdefender support, they are check our site and remove it from blacklist.

https://www.virustotal.com/en/url/c27a44fe5f010d40f2e070cd642092201ff47b90bace8b080e9928d381cd8741/analysis/1463856516/
http://trafficlight.bitdefender.com/info?url=http://oblzem.com

I saw that a lot of sites use this version Jquery 1.1.13, we are need to support old version of browsers.
If we do not have any problems with our site, please remove it from your blacklists.
Thank you for help and your advices :slight_smile:

There really is no reason to use a old JQuery version.
https://jquery.com/browser-support/

We experience a page redirecting to other URLs: URLs that redirect found in: -http://oblzem.com

1: -http://mc.yandex.ru/watch/13810636 → -https://mc.yandex.ru/watch/13810636

Retirable code: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fajax.googleapis.com%2Fajax%2Flibs%2Fjquery%2F1.11.3%2Fjquery.min.js

Script is inadequate and dangerous because it will execute responses from 3rd party origins by default and make it an option.

For this URL -https://seomon.com/domain/oblzem.com/performance/ I get JS:ScriptPE-inf[Trj] in the browser executable.

polonus