Remove our website from your blacklist

Hello,

Our website is reported as being in the Avast blacklist. Here is the domain name: www.gobizmo.in
All it subdomains are also being blacklisted. e.g., blog.gobizmo.in, apps.gobizmo.in, etc.
We are sure that our website is clean, therefore we would like you to take a look at it and remove it from your blacklist.

Sincerely,

Joyjeet Chakraborty

Update Windows Server (2016 will be out later this year with IIS 10 and HTTP/2 Support.

Cryptolocker found at location hxxp://blog.gobizmo.in/76g8h8y7 by Symantec!!!

Outdated JQuery: http://retire.insecurity.today/#!/scan/85771afea582ae9d4f987cf91dbb30439c271dac225c18f0631afb503fa9ccac
ASP .NET is dated as well, latest version is 4.6.

Blocked by Bitdefender: https://www.virustotal.com/en/url/2f5bce31712c7d0bb507dc6f17fe85ea2f2556af9a30cebf8c6708c589a13ec1/analysis/1461950805/

Check your headers: https://securityheaders.io/?q=http%3A%2F%2Fwww.gobizmo.in%2F
How to fix: https://scotthelme.co.uk/hardening-your-http-response-headers/#server

One missing SRI Hash: https://sritest.io/#report/065395d7-a962-4d81-b16a-6572a35c72bb

Site has spammy looking links: Registration
Notification
Contact Sales

polonus

Indeed, the domain was blocked because of this URL: gobizmo.in/76g8h8y7
What have you done to remove the threat and what will prevent a security breach from happening again?

Double fail and errors here: https://asafaweb.com/Scan?Url=www.gobizmo.in
Server vulnerable. he address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:

Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.

Looking at hxtp://www.gobizmo.in; 1 form(s) found.

HRMM; no injection found on: hxtp://www.gobizmo.in; form 1
URL WAS =>-htxp://www.gobizmo.in?__VIEWSTATE=%2FwEPDwUKLTc1MjU0ODk0Ng9kFgJmD2QWCAIDD2QWBAICDw8WBB4EVGV4dAUFTG9naW4eB1Zpc2libGVoZGQCAw8WAh4Fc3R5bGUFXHBhZGRpbmc6NXB4IDhweDtmb250Om5vcm1hbCAxMnB4IEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7bWFyZ2luLWxlZnQ6NXB4O2Rpc3BsYXk6YmxvY2s7ZAIFDxYCHwIFDmRpc3BsYXk6YmxvY2s7ZAIHDxYCHwIFDmRpc3BsYXk6YmxvY2s7ZAIJD2QWAgIBDxYCHwIFNWZsb2F0OmxlZnQ7d2lkdGg6MTAwJTtoZWlnaHQ6NTJweDtiYWNrZ3JvdW5kOiM5MGI2ZDI7FgICAQ9kFgICAQ8WAh8CBQ1kaXNwbGF5Om5vbmU7ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUlY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRjaGtSZW1lbWJlcvq8LhHWonUZrgS5PkXbk5qDWSd3ya%2B6uPlamEicTYvS&__VIEWSTATEGENERATOR=90059987&__EVENTVALIDATION=%2FwEdAAwHBWhr4O%2BQXSGJ0iyyQ038Ves4AfNrEwZQ25wFmngHn2kn4xl43Vl%2BXyw1G2m3RbU6xKhjucFeGG1n0D9XGSPi14Q42QClq%2FHLiph1S5KMNlKk8lTLo6aGfYR7kXQsxKQl7MgaUXd8jqW9XjOL9ggCzKotDXFjuZRBFsG3Q6cayfg8cjzpPmmA5Bz%2F6O5SkHc52dEQZm266BCrtt5ujb6fZNFffwYWNUcZ5YKywAkeWl4z5a1rmXFMQpsyaGa2zv259PhlvnusHH1L9zs30Hn67VpjOwWTFKtkrowubYdQ0g%3D%3D&ctl00%24ContentPlaceHolder1%24txtName=%3Ch1%3Esentinel%3C%2Fh1%3E&ctl00%24ContentPlaceHolder1%24txtEmailID=&ctl00%24ContentPlaceHolder1%24txtMobileNo=&ctl00%24ContentPlaceHolder1%24txtLoginEmailID=&ctl00%24hid_priviledgeId=&ctl00%24user_hidden=&ctl00%24HiddenFieldClientTime=
Scan tool is intended to scan site for potential HTML-injection.

pol

Hi,

The site you have mentioned has an old WordPress flavor. We have already upgraded it to the latest version and we have also implemented security plug-ins.

Regards,
Joyjeet Chakraborty

Hello,

I have a website http://thaksha.in which was infected and we have removed the phishing files. Kindly remove the website from blacklist.

Still some jQuery library to mitigate: -http://thaksha.in
Detected libraries:
jquery - 1.10.2 : (active1)- http://www.thaksha.in/js/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery-migrate - 1.0.0 : -http://www.thaksha.in/js/jquery.migrate.js
Info: Severity: medium
http://blog.jquery.com/2013/05/01/jquery-migrate-1-2-0-released/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

Check on this code: https://www.virustotal.com/en/domain/bam.nr-data.net/information/
See this scan: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fbam.nr-data.net%2F1%2Fa53393d12f%3Fa%3D22734748%26v%3D943.9bd99bf%26to%3DZlNSMUNXWBcFW0FRCV8ZcQZFX1kKS2tbWRZmX1QCVEJqLBBMRWQlXlhEF15aWgEWS2l9C1NTVCZeWEIWC1RZXRRxRVgKRmAHJgVLXFsjXFRVAQ%253D%253D%26rst%3D2075%26ref%3Dhttps%3A%2F%2Fsnapwidget.com%2Fin%2F%26ap%3D735%26be%3D1168%26fe%3D806%26dc%3D127%26perf%3D%257B%2522timing%2522%3A%257B%2522of%2522%3A1465925571085%2C%2522n%2522%3A0%2C%2522dl%2522%3A1165%2C%2522di%2522%3A1294%2C%2522ds%2522%3A1294%2C%2522de%2522%3A1295%2C%2522dc%2522%3A1973%2C%2522l%2522%3A1973%2C%2522le%2522%3A1976%2C%2522f%2522%3A101%2C%2522dn%2522%3A101%2C%2522dne%2522%3A101%2C%2522c%2522%3A101%2C%2522ce%2522%3A101%2C%2522rq%2522%3A101%2C%2522rp%2522%3A101%2C%2522rpe%2522%3A1174%257D%2C%2522navigation%2522%3A%257B%257D%257D%26at%3DShRRRwtNSxk%253D%26jsonp%3DNREUM.setToken - jquery.js vulnerability, kicking up Trojan Vobus variant, re: https://www.hybrid-analysis.com/sample/738da171fc3ea0f5ecb95bc1d1b81f52225f2968ae760ed05a6258db12f07259?environmentId=100&lang=th

polonus (volunteer website security analyst and website error-hunter)

thaksha.in is not on our blacklist :slight_smile: