URL:Blacklist Notification

Hello,

Just wondering what’s wrong with the URL Blacklist for ksbshipyard.co.id every time when I enable Avast?

I’ve been checking all along and it’s still can’t open. It’s there anyway for me to solve this?

As you can see there are no virus here, the following details:
https://www.urlvoid.com/scan/ksbshipyard.co.id/
https://www.virustotal.com/gui/url/35bd23c34694cd0c0af9394270780f1ffeab84e75ef63dd3fa98ca9e91b566b0/detection

Looking forward to hear from you all!

Eventual detection could be IP related: https://www.virustotal.com/gui/ip-address/104.18.40.6/relations
Consider: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=a3Nic2hbcHl8fSMuXl0uWyNg~enc

Nothing out of the ordinairy here: https://sitecheck.sucuri.net/results/https/ksbshipyard.co.id

Improvement recommendations through linting:, 145 in all:
https://webhint.io/scanner/3836d93d-3f5f-4726-8e57-cfb106e36739

Consider DOM-XSS flaws: Results from scanning URL: -https://ksbshipyard.co.id/js/all.js
Number of sources found: 41
Number of sinks found: 17
&
Number of sources found: 48
Number of sinks found: 16
This is exactly where avast blacklist URL detection reacts according to my websniffer extension - 3731 main_frame 23:27:54(285ms) net::ERR_CONNECTION_RESET GET -ksbshipyard.co.id That’s it, folks, this is all there is :slight_smile:

Vulnerable jQuery libtrary detected: https://retire.insecurity.today/#!/scan/eefe5f6cfd2df88af4f109a51cf03af6a45a983f10f579a15307f1d5e60b51f8

Wait for an avast team member to give a final verdict,
as we here are just volunteers witrh relative knowledge,
but only avast team members can come and unblock.

Found OK: http://isithacked.com/check/https%3A%2F%2Fksbshipyard.co.id

This could not be found: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=a3Nic2hbcHl8fSMuXl0uWyNgW218Z3tzYDE0OTY5ODgyMTQxNDkzNzgyNzIxa3NiX3xUeF9bXl1uLlteXQ%3D%3D~enc

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Hello Polonus,

Thank you very much for the feedback. Appreciate it lots.

I have tried to delete all these virus files inside the hosting based on the feedback you gave. But still couldn’t accessed the ksbshipyard.co.id. I guess the domain is already getting blocked by Avast Team. I am really looking forward for their replies so much!

Thanks

Hi anthony_tonz,

And that is all you can do, just wait for the final verdict of an avast team member,
as they are the only ones to come and unblock,
while we here are voluntuurs with releative knowledge,
just to advise you on glitches, flaws and give advice towards improved website security
and maintanance,

polonus

Some interesting cloud IP scan results for: -https://www.ip-adress.com/website/ksbshipyard.co.id
Service running at the server:
SF-Port53-TCP:V=7.70%I=7%D=10/11%Time=5D9F70E0%P=x86_64-unknown-linux-gnu%
SF:r(DNSVersionBindReqTCP). at -melinda.ns.cloudflare.com running on resolver SAN 53/tcp open domain
(unknown banner: 20171212); see: https://www.ip-adress.com/ip-address/ipv4/173.245.58.198
See: https://toolbar.netcraft.com/site_report?url=melinda.ns.cloudflare.com
https://mxtoolbox.com/SuperTool.aspx?action=a%3Amelinda.ns.cloudflare.com&run=toolpage
Generated by cloudfront (CloudFront)
Request ID: i7NnYAjCZZrKzvh-nM21-W2JRbKLJ1IO6PzBNTZk8vI2b5JQKlVDyA==
Combined with Amazon Organization, see Amazon CloudFront: server-70-132-49-82.lhr62.r.cloudfront.net
Netcraft risk score 7 red out of 10: https://toolbar.netcraft.com/site_report?url=server-70-132-49-82.lhr62.r.cloudfront.net
registrar markmonitor dot com. No matches on IP 70.132.49.82 see the spam report here:
https://cleantalk.org/blacklists/70.132.49.82 spam rate is a full 19.04%
and there we are arrived at the crux of the problem.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Hi Polonus,

Thank you for the feedback, till now we still couldn’t open the domain yet. Wondering how long Avast team will get back on us?

Looking forward to hear from you.

We have the weekend behind us now, so avast team members may act. Up to them.
Still see this retirable code:
jquery 1.10.2.min Found in -https://ksbshipyard.co.id/js/fancybox/jquery-1.10.2.min.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution

Quite some implementations missing found through the Page, Header & Cookie Security Analyser - RECX.

Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell -ksbshipyard.co.id to fix it.

Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

d29307b38c30XXXXXXXXXXXXX6f7df6301571047301 -ksbshipyard.co.id__cfduid

polonus

Detection was removed in 14.10.2019 at 07:53 AM.

Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

Hi Polonus, thank you for the feedback.

Thanks to Avast team, they have removed the detection.

Thank you very much everybody!

Cheers!

I am a user and not an employee (Avast team).Although any URL can be passed and corrected by someone there.