Richiesta di rimozione della URL www.telemutuo.it dalla blacklist

Buongiorno,
da circa tre settimane la url di www.telemutuo.it viene bloccata dall’antivirus classificandolo come infetto con la dicitura "URL:Blackilst.
Questo problema sta causando notevoli disagi, poiché il sito offre consulenze gratuite sui mutui e opera esclusivamente online.
Vi chiedo gentilmente di esaminare questa segnalazione e di prendere i provvedimenti necessari per rimuovere il sito dalla blacklist. È fondamentale per la piattaforma poter continuare a offrire un servizio senza interruzioni agli utenti.

Grazie mille.

First edit your post to break the URL link you posted, by removing the “www.” part.
Then submit a suspected False Positive form to Avast here: https://www.avast.com/submit-a-sample#pc

Ciao, RoyDano, ho capito che tutti sono andati bene.

No, wait for a final verdict from Avast’s.
It is their and CDFR’s detection, so they have to re-consider.

polonus

thank you very much Polonus for the analysis.
I will arrange to have the HTML structure changed as per the guidelines.
Should I then report the changes to you or will the system automatically catch them by removing the URL from the blaklist?

Additionally,

Below is an analysis of the provided HTML snippet, which includes indicators for potential anomalies and points to improve:

  1. Document Structure:
section: This section appears to be well structured and follows the guidelines for document metadata. including character set, title, viewport, and canonical links. section: The overall structure is hierarchical and seems logical, breaking the content into appropriately defined sections and using the HTML5 semantic elements.
  1. Meta Tags and Descriptions:

The use of Open Graph (og) and Twitter meta tags is a good practice for search engines
and social media to display information nicely when shared.
The descriptions, titles, and canonical tags are appropriately used and follow SEO best practices.

  1. Styles:

Inline styles are present, which can be less desirable as they can cause maintainability issues.
For example:
CopyReplit

img { aspect-ratio: attr(width) / attr(height); } 4. Loading External Resources: There are several script and link tags for loading external resources. including stylesheets and JavaScript files from a CDN (jQuery, Google Tag Manager, HubSpot, etc.). This is typically good practice for optimising load times. Ensure that deferred and asynchronous loading of scripts does not disrupt the functionality of important scripts. 5. Scripts with Inline Event Handlers: Several buttons and links use inline JavaScript event handlers (e.g., onclick). This may be fine in some contexts. but it's generally recommended to separate JavaScript from HTML for maintainability. 6. Potential HTML Anomalies: Duplicated IDs: IDs should be unique in a document. For example, there seem to be multiple occurrences of elements with the same ID (importo, importoMutuo). This can lead to issues with JavaScript targeting or form submissions. Use of Deprecated Attributes: Verify if anyone is using deprecated HTML attributes (e.g., some values in attributes like style may be avoidable with proper CSS). Scripts in : Content present in could affect SEO if JavaScript is used for dynamic loading. HTML Validity: Use a validator (like the W3C Markup Validation Service) to check the entire document for compliance with HTML standards. 7. Accessibility: Add aria-attributes to improve accessibility, helping users with assistive technologies (like screen readers). Ensure that all images have alt attributes, which they do based on the provided structure. 8. Frameworks and Libraries: There appears to be reliance on multiple libraries (e.g., Bootstrap-like classes, jQuery). Make sure all are updated to the latest stable versions to avoid security vulnerabilities. 9. Code Optimisation: CSS: Merging or optimising stylesheets would help reduce the number of requests and improve performance. JavaScript: Use concise, modular code practices to condense and improve the readability of functions. 10. Overall Recommendations: Consider using CSS preprocessors (like SASS or LESS) to manage styles better if the project is sizeable. Implementing a build process with tools like Webpack or Gulp can help manage asset optimisation and minification. Conclusion: The provided HTML has structural integrity and adheres largely to best practices. Still, fixing potential anomalies like duplicate IDs and unnecessary inline styles and ensuring accessibility features would greatly improve the document's maintainability and overall performance. Running through a rigorous HTML validation process will identify specific issues to address further. polonus

Not only avast flags, as confirmed by CDRF Threat Centre:
The domain name ‘telemutuo.it’ is well known to violate our detection criteria.

Internal ID: 63197888
Detection category: Malicious:URL
Date and hour: about 19 days ago
Advert domain: No
Threats found on the website

https://quttera.com/detailed_report/telemutuo.It gives it all green.
Not much here either. https://radar.cloudflare.com/scan/ac2b4852-77de-42cf-8c1a-ebf66b5994d4/network

Sucuri detects this: warning.html_anomaly

Description: We detected anomaly in HTML code placement.

Description:

We detected anomaly in HTML code placement. Typical anomalies include the placement of scripts
and iframes outside of the … block,
which means that it was not done by someone who is not familiar with
with the web page generation process of this particular site (massive automated infection)
or simply doesn’t have access to the code that generates webpages
(for example, server-level infections that append malware to every server response).

This is a strong signal that a stranger tried to modify web pages.

If you find that HTML code placement or manipulation is being detected on a webpage,
it usually relates to security measures designed to prevent unauthorised changes or exploits.

Here are some steps you can take to address this issue:

  1. Check permissions:

Ensure you have the necessary permissions to edit the HTML of the webpage.
If it’s a blog or CMS, verify your user role.
2. Review Console Errors:

Open the browser’s developer tools (usually by pressing F12)
and check the console for any errors or messages
that may indicate why the HTML code is being detected or blocked.
3. Use the correct HTML editor:

Make sure you are using the appropriate editor or interface designated for HTML edits.
Some content management systems have built-in editors
that may require specific methods for inserting code, such as blocks or custom HTML modules.
4. Avoid inline scripts:

If you are adding scripts or styles via inline code or to certain elements, they may be restricted.
Instead, consider linking to external files or using the proper tag structures allowed by the website.
5. Sanitise input:

If you are attempting to submit HTML through forms, ensure the input is properly sanitised.
This can help it avoid detection by security filters.
6. Review Content Security Policies (CSP):

Content security policies can prevent certain inline scripts or styles from being executed.
Review the CSP in place and see if your code violates any rules.
7. Contact Support:

If you are a user of a service or platform (like WordPress or Shopify),
reach out to their support for assistance.
They may provide insight into the specific detection mechanisms in place.
8. Use Developer Mode (if applicable):

For local development or testing,
consider using a developer mode where such restrictions are minimised.
9. Check for security plugins:

If you are working within systems like WordPress, check for security plugins
that may be blocking your changes. Adjust their settings if necessary.
10. Analyse server-side restrictions:

If you have access to the server, review the server-side code
(like PHP scripts) that may be imposing restrictions on HTML code execution.
11. Inspect for Framework/Library Issues:

Certain JavaScript frameworks (like React, Angular, etc.) handle HTML rendering differently.
Make sure your code aligns with how those frameworks manage the DOM.
12. Consider Alternative Approaches:

If HTML placement is not working, consider rewriting your approach.
For instance, use JavaScript to dynamically insert HTML after the page loads.

By following these steps, you should be able to troubleshoot
and resolve issues related to HTML code placement on a webpage.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Thank you for the reply.
I deleted the www as requested and filled out the form attaching the screen with the error.
I await yours.
Best regards