Avast WEBforum
Other => Viruses and worms => Topic started by: Christophe2 on September 23, 2017, 08:29:46 AM
-
hi,
please add urgently these phishing websites to your database.
These websites are fishing and very dangerous!
Please block them urgently!!!
thanks
I love Avast!
-
You can report a URL here: https://www.avast.com/report-a-url.php
-
i did since 2 months, no one replied to me that's why I am posting these url here
-
How did you report them..?
-
the link you gave me and email
-
Well the first one certainly goes under the radar as it PHISHES through this iFrame:
<iframe src="htxps://vid.me/e/PV7w" frameborder="0" allowfullscreen webkitallowfullscreen mozallowfullscreen scrolling="no" height="280" width="482"></iframe>
111.90.157.45 -fbpasshacking.com kicks up a 301 now - GoogleBot returned code 301 to -https://fbpasshacking.com/
Google Chrome returned code 301 to -https://fbpasshacking.com/ -> http://toolbar.netcraft.com/site_report?url=https://fbpasshacking.com (clicky PHISHING).
Certainly a list to consider,
polonus (volunteer website security analyst and website error-hunter)
-
the link you gave me and email
OK, I forwarded it for you.
-
Hi Guys, URLs have been added to our blacklist.
Thanks,
Lukáš
-
thanks LukasJ, when will the update be made?
also, here is the full list of phishing websites to update to Avast database urgently:
thanks
I love Avast
-
You can report a URL here: https://www.avast.com/report-a-url.php
That form is only to report false positives, please don’t use it for something else.
To report new samples please follow this article https://www.avast.com/faq.php?article=AVKB258#idt_350
-
i told you already, by email it doesnt work, here on this forul it is the only way to have a real contact and to have these url updated faster!
-
You can report a URL here: https://www.avast.com/report-a-url.php
That form is only to report false positives, please don’t use it for something else.
Hi Moroni, if so, you should also mark it like that. ;)
ATM, the heading says "Report a URL" not "Report a FP-URL".
-
Over at F-Secure they do it very simple.
Two options, file or URL and in the subject you select false positive or undetected
If you have multiple URLs you put them in a notepad.txt named URLs and upload as file
-
Over at F-Secure they do it very simple.
Two options, file or URL and in the subject you select false positive or undetected
If you have multiple URLs you put them in a notepad.txt named URLs and upload as file
If we get something similar, I'd be an improvement...
-
See most of these sites are cloudflare abuse sites, haven't yet experienced blocking of this one for example:
http://toolbar.netcraft.com/site_report?url=https://www.wi-fihacker.com
The phishing was by -rtb.openx.net which is blocked by Dr Web's, but now gives a 302 Found there...
server Unknown Cowboy on OPENX TECHNOLOGIES, INC. there, replies with: {"errors":{"detail":"Page not found"}}
That's all we have now. Was the PHISH taken down by doubleclick dot net?
There is also an IP abuse report: https://www.abuseipdb.com/check/173.241.244.209
Confirmation of phishing: https://cymon.io/104.28.0.125
polonus
-
Hi,
I updated the Avast database but the websites are still not detected, please update it urhently!
thanks
-
Adding to block list.
-
thanks, keep me please informed so that I can update my antivirus soon!
-
Hi savcin,
Thank you very much, indeed. All neatly blocked as with url:mal ;D
Avast here blocks where a lot of others fail to detect.
That is how we like to see it. ;)
polonus
-
i still cant see the update :(
-
Hi savcin,
Thank you very much, indeed. All neatly blocked as with url:mal ;D
Avast here blocks where a lot of others fail to detect.
That is how we like to see it. ;)
polonus
We also should thank Christophe2, he's the one who reported it. :)
-
i still cant see the update :(
Reboot the system.
-
thanks it works, but the Avast extension I have on my browser doesn't block it.
thanks
-
You're welcome. The web-shield should block it.
-
look:
(http://www.hostingpics.net/thumbs/76/47/94/mini_764794facepira.png)
Avast doesn't detect it!
-
Got a bigger screenshot..!?
-
(https://img11.hostingpics.net/pics/853606facepira.png)
-
Works for me, see screenshot.
-
normally it shoudl show this:
(https://img11.hostingpics.net/pics/953525facepira.png)
-
normally it shoudl show this:
Not anymore, anti-phishing is now included in web-shield.
See: https://forum.avast.com/index.php?topic=208020.msg1417667#msg1417667
-
ok thanks, but if i disable avast, then it doesn't work.
with the extension, even if avast is disabled, it shows all the time
thanks
-
1. ok thanks, but if i disable avast, then it doesn't work.
2. thanks
1. Well, an expected result. ;)
2. De rien.
-
Hi Avast team,
You forgot to add these links.
Please update your database urgently!
Thanks
Christophe
-
Cristophe2,
Merci bien,
Easy to establish these new sites are not secure, example:
https://www.scamadviser.com/check-website/grandsecretduweb.com
Also listed at blocklist.de -> https://www.abuseipdb.com/check/91.216.107.158
Operateur: https://registrydb.com/facebookaccounthack.net (www.lws.fr/ abuse).
This website looks like it's hosted on a compromised server - 5 problems: https://mxtoolbox.com/domain/lws-hosting.biz/
Also apparently here non-public CloudFlare abuse is involved: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.lws.info%2F
wXw.lws.info
Please contact the Certificate Authority for further verification.
This server cannot be scanned for these vulnerabilities:
Heartbleed
Server scan unsuccessful.
Poodle (TLS)
Server scan unsuccessful.
Common name:
sni59442.cloudflaressl.com
SAN:
sni59442.cloudflaressl.com, *.a-a-hebergement.com, *.alain-prost.com, *.alain-prost.fr, *.ayrton-senna.fr, *.black-ravens.org, *.comparateur-hebergeur.com, *.domushellas.com, *.easyvaluedomain.com, *.eldrug.gr, *.fabbri-racks.co.uk, *.fabbri-racks.com, *.full-range-print.com, *.giannouris.net, *.hebergementwordpress.fr, *.hebergeur-discount.com, *.hostingrd.biz, *.isolo.biz, *.karampoula.gr, *.karampoulas.com, *.lws-hosting.be, *.lws-hosting.ch, *.lws-hosting.eu, *.lws.info, *.lws.lu, *.lwshosting.name, *.m52.ms, *.meilleurhebergeurweb.net, *.mister-hosting.fr, *.misterhosting.com, *.nietraco.nl, *.palchateo.chat, *.proland-estate.com, *.pure-biltong.co.uk, *.pure-biltong.com, *.purebiltong.co.uk, *.registrar-domain-name.com, *.ruedudomaine.com, *.ruedudomaine.fr, *.selflevelingcompounds.co.uk, *.top10hebergeursweb.com, a-a-hebergement.com, alain-prost.com, alain-prost.fr, ayrton-senna.fr, black-ravens.org, comparateur-hebergeur.com, domushellas.com, easyvaluedomain.com, eldrug.gr, fabbri-racks.co.uk, fabbri-racks.com, full-range-print.com, giannouris.net, hebergementwordpress.fr, hebergeur-discount.com, hostingrd.biz, isolo.biz, karampoula.gr, karampoulas.com, lws-hosting.be, lws-hosting.ch, lws-hosting.eu, lws.info, lws.lu, lwshosting.name, m52.ms, meilleurhebergeurweb.net, mister-hosting.fr, misterhosting.com, nietraco.nl, palchateo.chat, proland-estate.com, pure-biltong.co.uk, pure-biltong.com, purebiltong.co.uk, registrar-domain-name.com, ruedudomaine.com, ruedudomaine.fr, selflevelingcompounds.co.uk, top10hebergeursweb.com
COMODO ECC cert chain PositiveSSL Multi-Domain,Domain Control Validated
polonus
-
Hi,
Thanks!
But did you updated your database to blocks them?
Thanks
Best Regards
-
Hi Christophe,
We here are just volunteers with relevant knowledge, we cannot block or unblock, that is only for Avast Team Members.
Hopefully one of them will add it to their list.
polonus (volunteer website security analyst and website error-hunter)
-
hi, ok thanks
-
Hi Christophe2,
This one is redirecting and probably also not flagged: https://www.virustotal.com/#/url/c63192ddd6f207802f413f79e78f44387cca37e098566de66dea0a10a61ad4f1/detection
re: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=huit.re%2Fept&ref_sel=GSP2&ua_sel=ff&fs=1
Status codes
These should normally all be the same.
GoogleBot returned code 301 to -http://ona.davidgagnon.org/ban/oyv
Google Chrome returned code 301 to -http://ona.davidgagnon.org/ban/oyv
See: http://toolbar.netcraft.com/site_report?url=http://ona.davidgagnon.org
and consider: http://toolbar.netcraft.com/site_report?url=https://id.orange.fr
This link comes blocked by a good ablocker: -https://all.orfr.adgtw.orangeads.fr/js/ora_authen.identification?sKW=%27+encodeURI(oan_siteKeywords)+%27&sCT=%27+encodeURI(oan_siteContentTopic)+%27
polonus
-
Hi Avast team,
Did you updated these dangerous websites to your database?
Thanks
-
up please
-
Will be detected
-
Hi savcin,
Thanks, please see a new list of dangerous scam websites:
Please update them to Avast database urgently.
Thanks
Best Regards
-
please make the update
thanks
-
Hi Christophe2,
What is that phishing in the first example, I cannot get sources: https://urlquery.net/report/95e644e5-849e-46b5-ae1f-34a2e6d2931c
Re: http://www.isithacked.com/check/hack-facebook.com & http://retire.insecurity.today/#!/scan/aa5a8294f81af88f8d10b5e839cb05fed8f017f2f6d9d12fc5fd7f0f3fe5b24c
and https://privacyscore.org/site/35082/
Is it through a tracking cookie? What script is performing it here?
polonus
-
Hi,
It's phishing because it claims to be facebook official website to get password recover.
new list:
please update it urgently!