URL BlackList

Starting Yesterday My browser (Chrome) which uses the extension keeps popping up with

We safely Aborted connection on ytbblockad.com because it was infected with URL blacklist…

I have blockAd extension and now disabling to see if that is the problem.
Anyone else see this?

I looked up via Whois and it is part of

Name: YTBBLOCKAD.COM
Registry Domain ID: 2772346130_DOMAIN_COM-VRSN
Domain Status:
clientTransferProhibited
Nameservers:
KIA.NS.CLOUDFLARE.COM

NEWT.NS.CLOUDFLARE.COM

Dates
Registry Expiration: 2024-04-12 09:35:00 UTC
Updated: 2023-04-12 09:35:02 UTC
Created: 2023-04-12 09:35:00 UTC
Contact Information
Registrant:
Handle: P-DPA188367
Name: Domain Admin
Organization: Whois Privacy Corp.
Email: OWNER@ytbblockad.com.customers.whoisprivacycorp.com
Phone: +1.5163872248
Mailing Address: Ocean Centre, Montagu Foreshore, East Bay Street, Nassau, New Providence, BS

Try clearing your browser cache/history and cookies, restart the browser and see if that resolves it.

Even if you have an ad blocker I use uBlock Origin and uMatrix (not strictly an ad-blocker), avast would still be checking.

If you aren’t directly trying to connect to that domain then the Avast Online Security (browser extension), isn’t the problem unless it is a false positive.

However even then it should be the Web Shield doing the blocking (not sure if that is what it is), it should throw up an Avast Alert window.
See attached Web Shield alert with details selected - I don’t use the Avast browser extension.

Turns out that AD-Block extension is the reason avast is reporting it. Seems someone doesn’t like ad block tools.

As I mentioned “I use uBlock Origin and uMatrix (not strictly an ad-blocker), avast would still be checking” and I don’t get this issue with those.

The site is a parked site, https://sitecheck.sucuri.net/results/YTBBLOCKAD.COM
See 7 times being flagged as malicious at VT:
https://www.virustotal.com/gui/url/dcd4c9d6942ef00011b70bf41c82fd08414c3acdf5b73d7ec0e130c745a964b6?nocache=1
Avast blocks the site as being unsafe,
9 detected communicating files flagged: https://www.virustotal.com/gui/ip-address/104.21.37.155/relations
(older results, while domains were previously SEDO-parked),
Read why this could lead to abuse: https://unit42.paloaltonetworks.com/domain-parking/
still reported frrom 2 days ago: https://www.virustotal.com/gui/domain/searaydubai.com (one of those links found as malicious)
See also: https://sitereport.netcraft.com/?url=https%3A%2F%2FYTBBLOCKAD.COM
So being on Cloudflare is not always a guarantee a website is free of abuse… (some were NAMECHEAP addresses)

polonus

I keep getting this warning. It started yesterday.

I’m using Chrome and no adblock.

Has anyone seen something similar?


https://i.ibb.co/bF4Zhjt/avast.png

Try following the instructions in Reply #1 above.
https://forum.avast.com/index.php?topic=324372.msg1707169#msg1707169

For the last 2 days my webmail has been blocked by Avast (paid) with URL:phishing.

This has happened on 3 computers so far, with 2 different accounts (though with the same extension). No problem if Avast is deactivated.

Is this a false positive, or does Easily genuinely have a problem? I have reported to Avast as a false positive.

https://webmail.easily.uk/#/mail/list/msg

Found to be OK here: https://sitecheck.sucuri.net/results/https/webmail.easily.uk/#/mail/list/msg
Neither found to be flagged here: https://www.virustotal.com/gui/url/ca68b64cf0e9c63a0f52ae3c23cc137e18058a18488fc4fd50d2fd2c82151dfe?nocache=1
For me- cdn.appdynamics.com has been blocked (tracking)
See: https://urlscan.io/result/ebaafb60-857e-4361-8a3f-5fee7f4169e0/loading
Retirable code found:

angularjs 1.3.15 Found in -https://webmail.easily.uk/b177b3c/infrastructure.js _____Vulnerability info:
Medium XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element. CVE-2020-7676
Low angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. CVE-2020-7676
Medium Prototype pollution 47 12
Medium XSS through xlink:href attributes CVE-2019-14863
Medium The attribute usemap can be used as a security exploit 49
Medium Universal CSP bypass via add-on in Firefox 51
Medium DOS in $sanitize 52
Low XSS in $sanitize in Safari/Firefox 53
Low End-of-Life: Long term support for AngularJS has been discontinued 54
bootstrap 3.3.4 Found in -https://webmail.easily.uk/b177b3c/infrastructure.js _____Vulnerability info:
Medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 1
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
Medium XSS is possible in the data-target attribute. CVE-2016-10735
jquery-ui 1.12.1 Found in -https://webmail.easily.uk/b177b3c/infrastructure.js _____Vulnerability info:
Low XSS when refreshing checkboxes if usercontrolled data in labels 2101 CVE-2022-31160
Medium CVE-2021-41184 XSS in the of option of the .position() util 12
Medium CVE-2021-41183 15284 XSS Vulnerability on text options of jQuery UI datepicker
Medium CVE-2021-41182 XSS in the altField option of the Datepicker widget
Medium CVE-2022-31160 XSS when refreshing a checkboxradio with an HTML-like initial text label
moment.js 2.9.0 Found in -https://webmail.easily.uk/b177b3c/infrastructure.js _____Vulnerability info:
Low reDOS - regular expression denial of service 2936
Medium Regular Expression Denial of Service (ReDoS) 22
Low Regular Expression Denial of Service (ReDoS) CVE-2017-18214
High This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale. CVE-2022-24785 1
jquery-ui-autocomplete 1.12.1 Found in -https://webmail.easily.uk/b177b3c/infrastructure.js
jquery-ui-dialog 1.12.1 Found in -https://webmail.easily.uk/b177b3c/infrastructure.js
jquery-ui-tooltip 1.12.1 Found in -https://webmail.easily.uk/b177b3c/infrastructure.js
jquery 3.5.1 Found in -https://webmail.easily.uk/b177b3c/infrastructure.js

Injected - VM995 content.js:8 injected: env: missing script “f14895c8-24ac-4fbe-82b2-760ec8b25d4c”!
Mt @ VM995 content.js:8 etc.
(anonymous) @ VM995 content.js:65

54 warnings on HTTP headers, subresource integrity errors 2, X-content-type-options, 3 errors,

Avast Online Security & Privacy now gives it the all green.

polonus (volunteer 3rd party cold recon website security-analyst and website-error-hunter)