HI, a few of our customers using avast has recently complained about getting warnings when checking their webmail.

I installed avast on a vm client and got the same problems accessing the URL: mx2.tba.net.

The resident AV on the server is ESET, and I have also tried the following external AVs:

https://www.urlvoid.com/scan/mx2.tba.net/
http://www.ipvoid.com/ip-blacklist-check/
https://www.virustotal.com/#/url/c87cc44fe1d4354e5e32416def74bd90b50e490488f41efe5114c19bfb4fb50f/detection
https://quttera.com/detailed_report/mx2.tba.net

None of the above gives any indication that something is wrong on the served webpages.

Which leads me to think that this is a false positive, I would very much like to know why the block was implemented.
And of course after you have evaluated it please remove it from the list.

Kind regards
/P

You have to wait for an avast team member to give a final verdict on that website.
We are just volunteers with relevant knowledge, but cannot come and unblock.

In the mean time going over the JavaScript of the website, I come up with some recommendations,
and also issues to look into.

jQuery libraries to be retired: https://retire.insecurity.today/#!/scan/5c74e24189eabf648735d9f79c839a3bc78efda1d781d2f9657cfb4d5238a0d9
Various security issues: https://webhint.io/scanner/2a994c16-b60f-4171-a68a-5b843dd6e281

Code errors

(script) -mx2.tba.net/All/JavaScript/jquery-latest.js?v=18.0.2
status: (referer=-mx2.tba.net/)saved 97701 bytes 4f0aa64d2aadfc6d57a9e41044161e2b1a507e2a
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds

(script) -mx2.tba.net/LookOut/globals.min.js?v=18.0.2 status: (referer=-mx2.tba.net/)saved 26439 bytes 13e249b634760dfdb2ae02900c19d753863608ce info: [decodingLevel=0] found JavaScript error: line:65: TypeError: invalid 'in' operand b.style info: [element] URL=-mx2.tba.net/LookOut/undefined info: [1] no JavaScript file: 13e249b634760dfdb2ae02900c19d753863608ce: 26439 bytes file: fc2fcb47c0e6d007052c0e1b4b4a679b93f5b008: 1230 bytes

(script) -mx2.tba.net/LookOut/JavaScript/logon.js?v=18.0.2 status: (referer=-mx2.tba.net/)saved 6532 bytes cba37a1b0447f4a42a173a3b88ff4797a90c5e67 info: [decodingLevel=0] found JavaScript error: undefined variable $WC error: undefined variable $WC.languages error: line:1: SyntaxError: missing ; before statement: error: line:1: var $WC.languages = 1; error: line:1: ....^ file: cba37a1b0447f4a42a173a3b88ff4797a90c5e67: 6532 bytes

polonus (volunteer website security analyst and website error-hunter)

Hello,
post the screenshot of avast’s alert window with all details (click on “See details”), please.

Thanks,
Milos

This is the msg displayed (in swedish)

https://internet.se/avast_mx2.JPG

Hello,
thank you for the screenshot. Detection will be fixed in few minutes.

Milos

Thank you for your help on this, the issue seems resolved by you removing the block.

May I ask how/why it was blocked in the first place? Is the blocklist automatically generated on heuristics or NN learning?

Kind Regards
/P