URL Blacklist Removal Request

My website was hacked a few days ago by a pishing hackers group.

https://bemohr.com.mx/

The server is now clean, and all infected files have been deleted.

Looks good from here:
https://sitecheck.sucuri.net/results/https/bemohr.com.mx

I also reported the url here: https://www.avast.com/false-positive-file-form.php

Please help me removing my website o my server IP 5.9.88.114 from your blacklist.

Thanks!!

Please use the - Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php. This goes directly to the virus labs team and they can investigate.

Hi Pumpfreak,

Detection could weel be IP related as a Spam Harvester is being reported from that same IP.

Check all plug-in for latest versions, and that there is not left code being used (vulnerable):
The following plugins were detected by reading the HTML source of the WordPress sites front page.

revslider essential-grid mega_main_menu woocommerce 3.7.1 latest release (3.8.0) https://woocommerce.com/ advanced-dynamic-pricing-for-woocommerce 2.2.4 latest release (2.2.4) contact-form-7 5.1.4 latest release (5.1.4) -https://contactform7.com/ js_composer duracelltomi-google-tag-manager latest release (1.10.1) -https://gtm4wp.com/

Consider https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=YnttXWh9Ll5dbS5teA%3D%3D~enc
4 engines still flag this site: https://www.virustotal.com/gui/url/ed966a6feda7b2b14975dbff4f8fc88c36767ed072b64d387515262f9084f849/detection
See IP related detections: https://www.virustotal.com/gui/ip-address/5.9.88.114/relations

Wait for a final verdict from an avast team member, as we here are volunteers that can just give advice,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Exploring the webserver that domain is being hosted on, we have found quite some flaws:
Your website has a C-grade scan here: https://www.immuniweb.com/websec/?id=1Vn8VSij

Where your IP is hosted: https://toolbar.netcraft.com/site_report?url=lima.guacamoleserver.com
On that Guacamoleserver in Kassel we find:

SyntaxError: Unexpected token ‘&’
eval ()()
:2:494()
Object.b [as F_c] (:1:414)()
Object.E_u (:3:158)()
x (eval at exec_fn (:1:107), :64:292)()
ja (eval at exec_fn (:1:107), :63:73)()
Object.create (eval at exec_fn (:1:107), :74:419)()
c (eval at exec_fn (:1:107), :15:354)()

For further webserver vulnerabilities on IP, see: https://www.shodan.io/host/5.9.88.114
Vulnerabilities depending on webserver version, not all vurlnerabilities could apply.

For some specific exploits on Apache guacamole server:
https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-43051/Apache-Guacamole.html

One should be fine, if the website is not exploitable as well, rootshell exploits possible if it is not very well coded and hardened,
see comments here on webserver: https://old.reddit.com/r/homelab/comments/6ce7k8/help_need_advice_on_how_to_secure_guacamole/?st=k2rtitje&sh=3a2b613e

Remember that info = from 2 years ago, which in the digital timeframe could mean a full century.

polonus

Detection has been removed in 11.11.2019

Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.