URL:Blacklist is a name of detection that several antivirus programs use to flag a dangerous site being blocked. It typically happens after a click on a link or an advertisement, but may as well pop up immediately after opening the browser. There’s also a high chance of this detection being a false positive. Let’s have a more detailed look at why this detection appears and what you should do next.
What is URL:Blacklist Detection?
URL:Blacklist is a detection of a network security engine used in Avast and AVG antivirus programs. It is enabled by default and will control all the outgoing connections, filtering ones that appear dangerous. The mentioned detection appears when the user tries to open a potentially dangerous website, though the program does not specify other details.
Because of this, its appearance may confuse users, who cannot understand what kind of hazard it is about. Addressing the most often question – no, it is not always about malware activity, though this may be the case, too. I will explain how to understand that later in the article.
Actual categories of dangerous sites that can cause the URL:Blacklist to appear, range from various scams and phishing sites to websites known for spreading malware. Once again, the program doesn’t report what exactly is wrong with the site. And to clear things out, I recommend using a free online website checker.
Why Some URLs Can Be Blacklisted?
| Blacklist Type | Description | Example |
|---|---|---|
| Phishing site | Probably, the most widely known type of online scam is phishing. Such websites usually mimic a login page of a well-known site, such as Microsoft, Amazon, eBay, or online banking web pages. They contain a script that allows hackers to extract the input (i.e. login credentials) | kuex bet |
| Fake online shopping site | Another widely known case is the shopping website that takes an order but never delivers one. It may offer astonishing discounts, selling items worth several hundred dollars for just a nickel. A user trying to get the desired thing almost for free will happily pay, but only to discover that the order is never about to be delivered | Soolinen |
| Cryptocurrency scam | Rising popularity of cryptocurrencies made a lot of inexperienced people try getting into this topic. Scammers take advantage of this, offering the sites they established yesterday to trade crypto, participate in airdrops, or create a hot wallet. Further, they steal any info and money that gets into these sites. One particular specimen of cryptocurrency scams is so-called crypto drainers, which empty the hot wallet once the user connects one to the scam site | exnori |
| Fake raffle prizes | A rather old kind of scam site that encourages people to share their personal information by offering sweet rewards. The latest iPhone, new Samsung smartphone, or $1000 gift card just for sharing personal information sounds great. However, all this will never get to the “winner”, as it did not even exist. The only thing such scams aim for is users’ personal information | 1xbetwinprizes |
| Fake job offerings | This type of scam is particularly new but works with the same intent as the previous one. Frauds lure people with a job offer, typically going for ones who seek a remote job. After contacting the victim, they say the victim should send them the entirety of their documents, including SSN and ITIN. On top of that, there is a need to pay a small (~$100) fee to cover the paper job expenses. Then, scammers simply cut the conversation | clickjob work |
Below, you can see the table of dangerous website examples that I’ve analyzed with this service, one for each type. The scanner checks these sites not only through the database but also by its contents, so it can detect the threat even before it becomes widely known.
Dangerous Websites that can cause the detection
| URL | Threat Type | Full Report |
|---|---|---|
| D1b2hzwettncwz.cloudfront.net | Malware distribution | Scan Result |
| A2zapk.com | Phishing | Scan Result |
| Bloomsbody.com | Fake Online Shop | Scan Result |
With these results on hand, you can already have some conclusions. URL is sometimes enough to understand that something is wrong with the website, as dangerous pages are often placed on burn-out domains with unreadable names. This, however, is not always true: shopping and other scams, targeted at deeper interaction with the user, tend to have quite clear addresses.
False Positive Detections
There are also quite a few cases of URL:Blacklist flagging legit and safe websites 1 2. This may happen for different reasons, most of which are related to imperfections in the detection mechanisms of the antivirus software.
User reports from various forums name several particular occasions when the detection blocks the safe website. Those are file-sharing services, crypto mining pools, and (expectedly) newly created websites. While I can see the reason why such sites may be considered dangerous, they are barely threatening when you open a site by yourself.
Complaining on Avast forum
If you encounter a safe website blocked with this detection, there are several things to do.
For ones who want to keep using the web protection functionality of Avast/AVG, the best option is to add the detected website to the allow-list. It is pretty easy to do: open the program, go to Settings → General, and find the Exceptions tab. Here, click the Add Exception button and paste the URL of the website into the window. This will prevent the program from further blockage of the site.
But if you do not want the Internet watchdog to run in the background, there is the option to stop it completely. To do this, go to Settings → Protection → Core Shield, and click the Web Shield tab in the top line. In this menu, disable every single checkbox to stop the Internet protection from running. You may need to reboot the system to apply the changes.
Why URL:Blacklist Keeps Appearing?
When you see URL:Blacklist appearing constantly, no matter what you are doing and what sites are trying to open, chances are, there is something malicious trying to open this website. There are several types of malware that can cause this, which are quite different in terms of danger: from adware and browser hijackers to backdoors and loaders. The last two make ignoring the trouble a rather bad option. To check the system for malicious programs, I recommend using GridinSoft Anti-Malware: it will surely find and delete the threats that other antivirus ignored.
How to remove URL Blacklist?
Download and install GridinSoft Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.
After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click “Advanced mode” and see the options in the drop-down menus. You can also see extended information about each detection – malware type, effects and potential source of infection.
Click “Clean Now” to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.
- AVG keeps warning URL:Blacklist – Reddit Thread
- False Alert URL:Blacklist on the Windows Tailscale app – Reddit Thread
