Remove From Blacklist

Hello,

Please remove my client’s website http://petersonreporting.com from your blacklist.

A few months ago they were victims of an injection which we resolved within 24 hours and took steps to prevent from happening again.

Since then it has remained clean. But even though all the other blacklists have delisted us, customers using your Avast Antivirus are still getting warning messages which is hurting their business.

Thank you!

Regards,
Michael R Brant
MRB Media, Inc.

You can report a suspected FP here: https://support.avast.com/support/tickets/new?form=3

https://www.virustotal.com/en/url/99af577bc0255ec3189efe7ec37b0d08e99e0e17b2114325274a73c7b4f11cc9/analysis/1454391414/
http://retire.insecurity.today/#!/scan/9e66bcb5c043adf0c2362d96b74471b764162fa5ea4c62a90b581a419ec429e6
http://urlquery.net/report.php?id=1454391628072
http://urlquery.net/report.php?id=1454391674252
http://multirbl.valli.org/lookup/65.50.250.15.html

Looks like the problem is caused by shared hosting.

Retirable code has been retired now - zip file and save dor later reference.

DNS issue: Check MX Records for Duplicates
WARNING: MX records duplicates (same IP address):
2a00:1450:4010:c08::1b: [alt1.aspmx.l.google.com. aspmx2.googlemail.com.]
64.233.165.26: [alt1.aspmx.l.google.com. aspmx2.googlemail.com.]
74.125.200.26: [alt2.aspmx.l.google.com. aspmx3.googlemail.com.]
Although technically valid, duplicate MX records have no benefits and can cause confusion.
Website is flagged here: https://www.virustotal.com/en/ip-address/65.50.250.15/information/
2 errors and 10 warnings here: https://mxtoolbox.com/domain/petersonreporting.com/

Outdated plug-in in CMS: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

jetpack 3.8.2 latest release (3.9.1) Update required
http://jetpack.me
InteractiveMapBuilder
LayerSlider

Warning User Enumeration is possible - Leahna Abelsohn & mrbrant :o

Blocked by script blockers comes: -http://stats.wp.com/e-201605.js

polonus (volunteer website security analyst and website error-hunter)

I do not see anything malicious right now, so I am unblocking the domain now :wink:
Please do pay attention to the security issues others pointed out, though.

Hello,

Please remove my client’s website http://abnt.org.br from your blacklist !!

i have many trouble here !

Pls , help-me

Thnaks

http://i65.tinypic.com/72zuc0.jpg ( printscreen )

We spotted this suspicious subdomain: d-click.abnt.org.br pointing to a blocked IP (169.45.180.204) along with many many other subdomains. The main domain points to 189.113.174.141. Care to explain what’s the purpose of this, if it is intentional?

I will check with my developer team, and try to explain the too many subdomains.

Question, this lock is occurring worldwide or only with our avast domain ?

Thanks HonzaZ , for your help

No, what I mean is that many many suspicious subdomains of other domains point to the very same IP, but not subdomains of your domain.
The URL abnt.org.br is currently blacklisted for all Avast users.

8 problems mentioned in the Domain Health Report: https://mxtoolbox.com/domain/abnt.org.br/
IP badness history: https://www.virustotal.com/en/ip-address/169.45.180.204/information/
Malware and malicious activities reported on IP: https://cymon.io/169.45.180.204
Recent reports on same IP/ASN/Domain → https://urlquery.net/report.php?id=1451915024953

polonus

I have heard of a couple users stating that the subdomains on another IP are indeed intentional, so I am unblocking 169.45.180.204 along with all domains that pointed to it.
Please do let me know here if you still have trouble :wink:

Thanks again go out to HonzaZ here. ;D

That is why I call this example “a lucky escape via a second op”.
See how it pays to analyze and discuss,
and bring up issues here in this section of the Avast support forums.
It is a sure thing that in the end we all prosper from the insights gained.
We cannot thank Avast enough for providing us with this platform.

polonus (volunteer website security analyst and website error-hunter)