Avast WEBforum

Other => Viruses and worms => Topic started by: rfontes on April 18, 2018, 06:52:23 PM

Title: Site Blocked - URL:Phishing
Post by: rfontes on April 18, 2018, 06:52:23 PM
Hello, I'm having problems with my website (www.jetfilm.com.br), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.

Excludes all content from the domain (folders / files) and the site is still blocked. Before that I asked Avast support to put the site on the false positive list and the response was as follows: "Detection is correct and will be maintained." That is, it is still being accused as a phishing site.
Title: Re: Site Blocked - URL:Phishing
Post by: LukasJ on April 18, 2018, 08:00:39 PM
Hi,
URL block was disabled.

Lukas
Title: Re: Site Blocked - URL:Phishing
Post by: rfontes on April 18, 2018, 08:11:21 PM
Hello, the URL is still blocked by Avast. Please, could Avast's analysis lab give me more information about my case, if it is a file or form of the site that is causing the problem of "Phishing"?
Title: Re: Site Blocked - URL:Phishing
Post by: rfontes on April 18, 2018, 08:42:15 PM
Hello LukasJ, the URL is unlocked, thank you! Is there still a possibility that the URL will be blocked or the Avast lab made a mistake?
Title: Re: Site Blocked - URL:Phishing
Post by: LukasJ on April 18, 2018, 10:33:54 PM
This URL block was based on phishing feeds eight months ago.
Of course, if there will be malicious content in the site, then the site will be blocked again.
Title: Re: Site Blocked - URL:Phishing
Post by: sissi fanelli on June 04, 2018, 11:58:51 PM
Hi,
I too have the same problem with my site: genesisconsulting.it
despite the RADICAL renewal effort of the website (deletion of all the old server and database folders), it continues to be blocked on all the computers on which the Avast (Internet Security) antivirus has been installed. . In fact, the loading of the pages of the site is automatically canceled and the following message appears as a pop-up ("URL-infected connection: Phishing") --> see Attachment

I have done other research on the most important blacklist sites, but this domain is NOT absolutely infected!
How can I unlock the website to delete these incorrect reports?
Title: Re: Site Blocked - URL:Phishing
Post by: bauerj on June 05, 2018, 09:01:49 AM
Hi,
Thank You for reporting. I removed genesisconsulting[.]it from our blacklist. We are sorry for any inconvenience You may have experienced.
Jirka
Title: Re: Site Blocked - URL:Phishing
Post by: educateurs on August 27, 2018, 09:44:10 AM
hello i have the same problem with my Website:
http://www.st-antoine-ste-sophie.fr
Can you unlock URL?
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on August 27, 2018, 09:51:16 AM
-> https://sitecheck.sucuri.net/results/www.st-antoine-ste-sophie.fr/
-> http://labs.sucuri.net/db/malware/spam-seo.spammy_keywords?1.158
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on August 27, 2018, 06:19:53 PM
As Asyn stated spammy looking link there:
A link with funky anchor text? Yes there is. affirmed:

<a style="color: #000000" href="htxp://edmedforsale.com">generic viagra</a>  in line 362 of the website code
-> https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LnN0LXxudF1bbnstc3R7LXNdcGhbey5mfQ%3D%3D~enc

3 vulnerable jQuery libraries flagged: https://retire.insecurity.today/#!/scan/a74fec90c9c30e12fad38114dcb4e5c009d4fc1fbe0e90734f7a0498280c9461

Web rep OK - Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
Apache
X-Powered-By:
None
IP Address:
213.186.33.50
Hosting Provider:
OVH SAS 
Shared Hosting:
20511 sites found on 213.186.33.50

Multiple PHP vulnerabilities: https://www.cvedetails.com/version/194835/PHP-PHP-5.4.45.html

Word Press CMS - Site is Outdated
(using WordPress version from source: 4.2.21)

Warning on configuration: Directory Indexing Enabled

In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Not observed: https://urlscan.io/domain/www.st-antoine-ste-sophie.fr  (Is there something hosted on this domain?).

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: savcin on August 28, 2018, 10:26:26 AM
URL detection disabled.
Title: Re: Site Blocked - URL:Phishing
Post by: JoJa15 on September 02, 2018, 07:57:41 AM
My site https://warbrokers[.]io is also blocked. I did a URL scan and nothing is wrong with it:
https://sitecheck.sucuri.net/results/warbrokers.io

Can you please unblock it?

How do these things happen also? Does someone need to report the site or does it get caught up in automated detection?
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on September 02, 2018, 03:08:50 PM
Only hick-up I see there is for
Quote
www.googletagmanager.com/gtm.js?id=GTM-MPHTW35 benign
[nothing detected] (element) -www.googletagmanager.com/gtm.js?id=GTM-MPHTW35
     status: (referer=-www.google-analytics.com/)saved 93124 bytes d535765a4a69fc481830680d0fca6e66da01685f
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: d535765a4a69fc481830680d0fca6e66da01685f: 93124 bytes
     file: e0cdc6fc6cf34166af42a4c766ecc265a08a3cf0: 93370 bytes
     file: ae87146e8240a533ad6f2d7f6dbbbae90abc1e93: 93376 bytes
     file: f30e864604f4ddebdcccaa703029008d6e20332f: 93585 bytes
     file: c122d8be06c7ef5e9af3a08cb6a59ab2e0f0ac34: 93777 bytes
     file: 3f0b9cad1c1856ebf81276a6c3f2c6a96070707f: 93491 bytes
     file: bbd1d90f184e60d65e057de0a26f4eb677f7bf2e: 93615 bytes
&
Quote
-www.google-analytics.com/static/js/index.min.js (not a vulnerable library)...
     info: [decodingLevel=0] found JavaScript
     error: undefined variable f 

That's all -> https://urlquery.net/report/dbb091bd-f423-4ec5-8254-c032c4dfa70a   (no alerts)
Also consider scan results here: https://sitecheck.sucuri.net/results/www.googletagmanager.com#

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: JoJa15 on September 03, 2018, 01:07:12 AM
Hi Polonus,

Thank you for the response. So based on what you showed the site shouldn't be blocked for URL:Phishing right?

Do you know how sites end up getting caught as false positive for something like this? Is it some accidental auto thing or is someone being malicious against my site and reporting it when it is fine?

Thank you for your help and your response.

Best Regards,
JoJa15
Title: Re: Site Blocked - URL:Phishing
Post by: HonzaZ on September 03, 2018, 07:54:56 AM
Hi,
warbrokers[.]io doesn't seem to be blocked now – if you still have trouble accessing it, please let us know.
Title: Re: Site Blocked - URL:Phishing
Post by: mindeeforman on September 04, 2018, 04:11:56 PM
Hi Avast Team,

My sites are doing the same thing. They're using too much CPU bandwidth at the moment, but it's a known issue and I'm fixing it now. There's no phishing going on with either site:

coloradochoir[.]org
coloradochoir[.]com

Could you please fix/unblock that for me?

Thank you!
Title: Re: Site Blocked - URL:Phishing
Post by: HonzaZ on September 04, 2018, 04:47:46 PM
I am not sure what you mean by "using too much CPU"  :o
Anyway, there is this (and similar) URL: coloradochoir[.]org/si0zx/linkedin%20secure/d3e808897dc94238200097dc79b1c597 which doesn't seem ok...?
Title: Re: Site Blocked - URL:Phishing
Post by: mindeeforman on September 06, 2018, 04:26:20 PM
Thanks, HonzaZ. The site wasn't optimized well - it's better now.

I figured it out, actually... We just added SSL to our website and I hadn't updated all the URLs. We also switched from using .com to using .org as our main site. So I used a WordPress plugin to change all the http://coloradochoir.com URLs to https://coloradochoir.org URLs and now it works fine - no phishing alert popping up. Just an FYI for others...
Title: Re: Site Blocked - URL:Phishing
Post by: Iro.345 on September 06, 2018, 09:10:50 PM
I have similar problem with my page.
All links workc correcly except one category :  https://bit.ly/2M4KaQw
Could you  let me know what is wrong on this blocked page ?

Thanks Iro
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on September 06, 2018, 11:39:57 PM
Witam Iro.345,

Probably a redirect from that uri
Quote
URLs that redirect found in: -http://www.rzeszowiak.pl/Praca-Zatrudnie-3040011155

1: -http://hospicjum-podkarpackie.pl/images/pomoc_dla_hospicjum.gif -> -http://www.hospicjum-podkarpackie.pl/images/pomoc_dla_hospicjum.gif 

Probably not this SEO link being flagged: -https://kryogenix.org/code/browser/searchhi/

Likely it is a blocking for some porn sites that share that same IP you have.

Wait for an avast team member to reconsider the blocking, as we here are just volunteers with relevant knowledge.
Only avast team members can come and unblock, so wait for their final verdict on the website.

pozdrawiam,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: savcin on September 07, 2018, 02:30:23 PM
Will be fixed.
Title: Re: Site Blocked - URL:Phishing
Post by: coinstravelfaq on October 17, 2018, 04:03:41 AM
Hi there!
It seems our website is also being blocked at app.coins.ph for URL:Phishing.

Can I ask for this page to be removed from the list as well?
Title: Re: Site Blocked - URL:Phishing
Post by: bauerj on October 18, 2018, 08:31:57 AM
Hi,
detections on Your domain have been disabled, so Your domain should not been blocked anymore.
Jirka
Title: Re: Site Blocked - URL:Phishing
Post by: Rico Liao on October 19, 2018, 06:15:07 AM
Hi there,

We encounter the same issue. We are going to run a company campaign and we just setup a new web site . https://meow.pre-order.marscatgames.com.tw/
However , it was been detected as "url phishing" and block user access.  Please help .

Thanks
Title: Re: Site Blocked - URL:Phishing
Post by: Milos on October 19, 2018, 10:14:04 AM
Hello,
use https://www.avast.com/false-positive-file-form.php, please.

Milos
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on October 19, 2018, 11:16:38 AM
Seems OK: https://www.virustotal.com/#/domain/meow.pre-order.marscatgames.com.tw
and https://meow.pre-order.marscatgames.com.tw/
Quote
Suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
-www.facebook.com/plugins/like.php?action=like&amp;amp;amp;amp;width=202&amp;amp;amp;amp;href=-https:/www.facebook.com/MEOW.MarsCat/&amp;amp;amp;amp;layout=count&amp;amp;amp;amp;locale=TW&amp;amp;amp;amp;sdk=joey&amp;amp;amp;amp;share=false&amp;amp;amp;amp;faces=false&amp;amp;amp;amp;size=large&amp;amp;amp;amp;width=70&amp;amp;amp;_noscript=1&amp;amp;_noscript=1&amp;_noscript=1 benign & -[script]
-static.xx.fbcdn.net/rsrc.php/v3/yl/r/yeLhlKrAIjX.js
     file: 77346df08951068e505377ec2c9f8b719ed5247f: 988639 bytes
and exceeded runtime for -(script) -meow.pre-order.marscatgames.com.tw/./js/jquery-3.3.1.min.js
No vuln. libraries for
Scanner output:
Scanning -https://meow.pre-order.marscatgames.com.tw/ ...
Script loaded: -https://connect.facebook.net/zh_TW/sdk.js#xfbml=1&version=v3.1
Script loaded: -https://meow.pre-order.marscatgames.com.tw/js/index.js?v=17
Script loaded: -https://meow.pre-order.marscatgames.com.tw/js/jquery-3.3.1.min.js
Script loaded: -https://static.xx.fbcdn.net/rsrc.php/v3iUNC4/ym/l/zh_TW/mzW5OhTjqjp.js
Script loaded: -https://static.xx.fbcdn.net/rsrc.php/v3iUNC4/ym/l/zh_TW/mzW5OhTjqjp.js
Status: success

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: bauerj on October 22, 2018, 09:06:00 AM
Hi,
domain meow.pre-order.marscatgames.com[.]tw was removed from our blacklist on 19th October.
Jirka
Title: Re: Site Blocked - URL:Phishing
Post by: Hrytseliak Bohdan on October 23, 2018, 09:47:12 AM
Hello, dear developers and support team!

We are using LMS moodle as online e-learning in our Borys Grinchenko Kyiv University.
And from yesterday many of our students and teachers, who has AVAST antivirus got an error while working or studying at website http://elearning.kubg.edu.ua.
When they login, they get and error URL:Phishing. Can you advice what to do or remove this website http://elearning.kubg.edu.ua from your blacklist?

Thank you!
Title: Re: Site Blocked - URL:Phishing
Post by: caroline.baujard on October 23, 2018, 09:47:25 AM
Since yesterday, our client cannot connect anymore to our web site https://prod3.ubicentrex.net/v173/pages/espaceperso.php.
They got a "URL fishing infection" error.
I am suspecting that the problem come to the client access iframe : https:// ubicentrex.fr/fr/acces-client/
Can you unblock it?
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on October 23, 2018, 10:06:01 AM
How to report to avast lab
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438


Title: Re: Site Blocked - URL:Phishing
Post by: omayab on October 23, 2018, 10:59:35 AM
Hola,

esta url:  https://app.clinic-cloud.com/ me la marca como phising cuando no es así, también he contactado con los administradores y me dicen que todo está bien. Por favor, arreglad este error, ya que es un falso positivo.

Gracias.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on October 23, 2018, 11:04:59 AM
Please post English here, else use the forum section for your language.
-> https://forum.avast.com/index.php?board=21.0
Title: Re: Site Blocked - URL:Phishing
Post by: amir39 on October 31, 2018, 11:54:14 AM
Hi,
Our client portal https://www.opusvirtualoffices.com/portal is being incorrectly identified as phishing, can you check this and advise?

Thanks
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on October 31, 2018, 12:28:58 PM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on October 31, 2018, 02:00:55 PM
Submitting your site to phishcheck.me I get an affirmative response: "{"sid": 134080, "is_success": true}".

Well, your Word Press version does not seem to be the latest, Version does not appear to be latest 4.9.8 - update now.
See the redirect here: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ll1wdXN2W310dXxsXWZmW157cy5eXW1gcF19dHxs~enc

2 vulnerable libraries detected: https://retire.insecurity.today/#!/scan/1e6ca5b7c2c1903f3150cf291d9e7ac73761acf0dbd91cf4a7951569fb2edb4e

security hints: https://webhint.io/scanner/b83394ed-e3f2-4931-9c25-99b81c5cdd38

F-grade security status: https://observatory.mozilla.org/analyze/www.opusvirtualoffices.com

See recent detections for your domain: https://www.virustotal.com/#/domain/www.opusvirtualoffices.com
with generic trojans, like Trojan-Downloader.JS.Iframe
and a PHISHING detection on -https://www.youtube.com/paypal

No longer detected or IDS flagged here: https://urlquery.net/report/31ab48af-d6b6-4f30-837b-a11968c5c988

Wait for an avast team member to give the final verdict, as we are just volunteers with relevant knowledge
as only avast team members can come and unblock detections.

polonus (volunteer website security analyst and website error-hunter)

Title: Re: Site Blocked - URL:Phishing
Post by: Scott353 on November 01, 2018, 10:44:26 AM
OK - I excluded chinesewatchwiki.net to stop the erroneous url:phishing block, only to have Avast Online Security pop up a warning that the site could have already harmed my computer.  Bullpucky! There doesn't seem to be a way to dismiss or exclude the pop-up rendering the site unusable.

I have visited this site before with no problems, but now that I have been granted an editors account and login, Avast blocks me from using the website.

How do we get this problem corrected?

(https://i.imgur.com/glgocP5.jpg)
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on November 01, 2018, 12:02:35 PM
Nothing to do with avast however, site cannot be scanned as it has an issue: https://sitecheck.sucuri.net/results/chinesewatchwiki.net
and serves up a redirect to: -http://chinesewatchwiki.net/Main_Page
and then you get an avast alert like "The site you are about to enter contains malicious content".

Re: traceroute to -chinesewatchwiki.net (-167.88.115.174), 30 hops max, 28 byte packets
Quote
1  hosted-by.2is.nl (62.221.192.2)  0.249 ms  0.233 ms  0.225 ms
 2  ae0-cr01.ams04.astralus.net (185.187.12.64)  5.265 ms ae0-cr02.ams05.astralus.net (185.187.12.66)  0.541 ms  0.543 ms
 3  ae0-cr02.ams05.astralus.net (185.187.12.35)  0.670 ms xe-3-3-0.cr0-ams6.ip4.gtt.net (46.33.81.81)  19.943 ms ae0-cr02.ams05.astralus.net (185.187.12.38)  0.594 ms
 4  ae-8.r25.amstnl02.nl.bb.gin.ntt.net (129.250.3.229)  0.721 ms xe-3-3-0.cr0-ams6.ip4.gtt.net (46.33.81.81)  19.934 ms  19.928 ms
 5  ae-5.r23.asbnva02.us.bb.gin.ntt.net (129.250.6.162)  85.464 ms ae-8.r25.amstnl02.nl.bb.gin.ntt.net (129.250.3.229)  0.699 ms  0.849 ms
 6  * ae-10.r22.snjsca04.us.bb.gin.ntt.net (129.250.6.237)  164.131 ms ae-5.r23.asbnva02.us.bb.gin.ntt.net (129.250.6.162)  93.749 ms
 7  * * *
 8  * * ae-3.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.125)  177.602 ms
 9  * ae-3.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.125)  176.261 ms  176.464 ms
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *

Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Xmhbbntze3d8dF5od1trWy5ue3Q%3D~enc

Wait for a final verdict by an avast team member as they are the only ones to come and eventually unblock,
we here are just volunteers with relevant knowledge.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on November 01, 2018, 12:07:13 PM
-> https://sitecheck.sucuri.net/results/chinesewatchwiki.net
-> https://zulu.zscaler.com/submission/37cf2e8c-3928-4ca0-a53e-7209a3b82d88
-> https://www.virustotal.com/#/url/fceacd58081b227d773f05684f2e619fbcdac95bdaf266c452649183b0490199/detection

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: Sirmer on November 01, 2018, 05:13:13 PM
Hello,

detection will be turned off in next stream update.
Title: Re: Site Blocked - URL:Phishing
Post by: Hennaboy on November 06, 2018, 04:20:54 PM
Just had this reported by a customer.

www.henna-boy.co.uk

URL:Phishing

Where? On my logo apparently, as it points to www.henna-boy.co.uk and the customer is using henna-boy.co.uk

Is this some kind of joke? I expect more from a company such as Avast.

Have they started employing children with no idea what they are doing?

Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on November 06, 2018, 04:23:34 PM
Just had this reported by a customer.

www.henna-boy.co.uk

URL:Phishing

Where? On my logo apparently, as it points to www.henna-boy.co.uk and the customer is using henna-boy.co.uk

Is this some kind of joke? I expect more from a company such as Avast.

Have they started employing children with no idea what they are doing?
Sucuri site check  >>  https://sitecheck.sucuri.net/results/www.henna-boy.co.uk

Norton SafeWeb  >>  https://safeweb.norton.com/report/show?url=henna-boy.co.uk


if you think it is wrong, report it  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Title: Re: Site Blocked - URL:Phishing
Post by: Hennaboy on November 06, 2018, 04:31:36 PM
Yes, I had already looked at those sites. However, I should have had too as its pretty damn clear that this is a mistake. Do they just use badly written bots to determine what should be listed or not?

Absolute joke.

I have reported it and I doubt I will get any kind of reply or apology. Meanwhile, I am having to contact customers to inform them of incompetence.

How long does it take for it to be evaluated?
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on November 06, 2018, 04:47:53 PM
Quote
Do they just use badly written bots to determine what should be listed or not?
If you know how to detect/block this amount of malware/URLs evry day with no False Positives then evry security vendor in the world would like to know how

No security program have 100% detection or zero false positives

https://www.webarxsecurity.com/website-hacking-statistics-2018-february/

https://www.av-test.org/en/statistics/malware/





Title: Re: Site Blocked - URL:Phishing
Post by: polonus on November 06, 2018, 04:55:37 PM
Well this is making some frown at that code, maybe it was responsible for that detection, being a FP or not. ;):
Quote
587:  < /body> < /html> Content after the < /html> tag should be considered suspicious.

589:  < !-- WITHOUT CACHE: 0.10239195823669 -->
590:  < !-- WITH CACHE: 0.00049901008605957 -->
see: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lmh7bm58LWJdeS5eXS51aw%3D%3D~enc

See also 27 security recommendations here: https://webhint.io/scanner/dcc05974-b44e-4994-8c92-7e7780738957#Security

But where the URL=PHISHING is concerned I am at the end of my thether finding that out.
So wait for a final verdict from an avast team member,
as they are the ones to eventually come & unblock,
as we are just volunteers with relative knowledge about general website security.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: bauerj on November 07, 2018, 07:48:25 AM
Hi,
I disabled detection causing your site not being accessible. It should be OK after next streaming update. We are sorry for your inconvenience.
Jirka
Title: Re: Site Blocked - URL:Phishing
Post by: Hennaboy on November 07, 2018, 08:41:27 AM
Thanks. Streaming occurs when? daily or more frequent.
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on November 07, 2018, 08:45:17 AM
Thanks. Streaming occurs when? daily or more frequent.
Evry 5-15 minutes

You may run a manual Update and reboot


Info from 2012.   https://press.avast.com/avast-software-streaming-updates-for-all-with-the-newa-avast-7

Title: Re: Site Blocked - URL:Phishing
Post by: Hennaboy on November 07, 2018, 09:56:49 AM
I dont use avast or norton products so unable to check. Thanks for the information and that cache text has also been removed.

Norton state that it takes up to a week to remove their block which is it looks this whole mess has stemmed from. How it takes a week to update their users I have no idea but I am thankful for the quick response from Avast on this.
Title: Re: Site Blocked - URL:Phishing
Post by: Kame-style on November 08, 2018, 11:44:38 AM
Hello,

My website www.my-footmania.com is often blocked by Avast for no reason. The website is hosted by Shopify, with a secured structure.

https://screenshot.click/07-57-r2fcf-uzqof.jpg

Would you please remove it from your blacklist?

Thank you
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on November 08, 2018, 11:48:43 AM
-> https://sitecheck.sucuri.net/results/www.my-footmania.com
-> https://www.virustotal.com/#/url/c3269c862e4b83818624075654cd4a468dc7fadaaf9ac0be9c9f99c3501610ed/detection

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on November 08, 2018, 03:22:28 PM
Hi Kame-style,

Detection is most likely because of IP driven malware: https://ransomwaretracker.abuse.ch/ip/23.227.38.64/
and maybe through other domains' abuse, which are sharing that same IP, like you:
https://cymon.io/23.227.38.64
See comment and reports here: https://www.abuseipdb.com/check/23.227.38.64

Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lm15LWZdXXRtfG5bfC5eXW1g~enc

No response as shown here: https://urlquery.net/report/e3fddf63-1124-4ef4-b077-543679fd0d8f
resolving to 0.0.0.0
Netcraft risk grade = 1 red out of 10: https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.my-footmania.com+

84 security related recommendations to be found here: https://webhint.io/scanner/902082f2-7142-409a-9327-710d3eea72ed#Security

Wait for an avast team member to give a final verdict on your website as they are the only ones to come and unblock. We here are just volunteers with relevant knowledge on website security.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Fernando427 on November 14, 2018, 08:25:42 PM
Hello,

My site http://orquidea.trensu.com is being reported as Phishing, but I can't find anything that's wrong with it.
Could you please unblock it?

Thanks!
Title: Re: Site Blocked - URL:Phishing
Post by: mchain on November 14, 2018, 08:55:31 PM
Hello,

My site http://orquidea.trensu.com is being reported as Phishing, but I can't find anything that's wrong with it.
Could you please unblock it?

Thanks!
https://www.virustotal.com/#/url/185af2168e2b4e507983e72843d9032fa69fde7b07c7dd4da55873f2ad4fbc97/detection (https://www.virustotal.com/#/url/185af2168e2b4e507983e72843d9032fa69fde7b07c7dd4da55873f2ad4fbc97/detection)
https://zulu.zscaler.com/submission/7ef8096b-d747-4631-9683-0896bb3b1a5c (https://zulu.zscaler.com/submission/7ef8096b-d747-4631-9683-0896bb3b1a5c)
https://checkphish.ai/ (https://checkphish.ai/)
http://urlquery.net/report/8733159a-cc51-4057-b44b-729ddd34635a (http://urlquery.net/report/8733159a-cc51-4057-b44b-729ddd34635a)
https://quttera.com/detailed_report/orquidea.trensu.com (https://quttera.com/detailed_report/orquidea.trensu.com)
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on November 14, 2018, 10:28:23 PM
Location of the PHISHing: -Location: -http://trensu.com/htm/costumer-verifiacation-reviews-logins
See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=dH17bnN1Ll5dbWBodG1gXl1zdHVte30tdnt9W2ZbfF58dFtdbi19e3Zbe3dzLWxdZ1tucw%3D%3D~enc
On IP you share: https://www.threatcrowd.org/ip.php?ip=198.38.82.159
SOPHOS & Spamhaus and fortinet's flag your site: https://www.virustotal.com/#/url/185af2168e2b4e507983e72843d9032fa69fde7b07c7dd4da55873f2ad4fbc97/detection  Domain is being studied.

Wait for an avast team member to give a final verdict on their detection, as we are just volunteers with relevant knowledge, but cannot come and unblock.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Hennaboy on November 24, 2018, 04:01:20 PM
Back again. Customer has reported that my site is still flagged as url phishing by her avast software.

So was cleared just over 2 weeks ago.

Could another user as I do not use this software check please.

https://www.henna-boy.co.uk



Title: Re: Site Blocked - URL:Phishing
Post by: polonus on November 24, 2018, 06:48:29 PM
Hi Hennaboy,

Given green but with open cart recommendations:
https://webscan.foregenix.com/webscan_results.html?scanid=857b64dc_56ba_40d0_85a7_99341cd9f74b

The server sent a Server header, this may leak server technology and version information.
Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lmh7bm58LWJdeS5eXS51aw%3D%3D~enc
C-grade scan results here: https://observatory.mozilla.org/analyze/www.henna-boy.co.uk
E-mails can be fraudulently sent: Lenient SPF filtering
Sender Policy   Framework (SPF) record is too lenient as to which domains are allowed to send email on the domain's behalf. This record should definitely not contain (+all) or (?all) mechanisms, as these allow any domain to send email posing as this domain. This record should preferably not use the (~all) mechanism, as this will still allow emails flagged as being from an invalid domain, but will still allow the message to be delivered. Best practice is to use (-all).
EXPECTED:
contains -all
FOUND:
contains ~all
DMARC not enabled
DMARC record is not present. This may allow spammers to send messages with forged addresses from this domain. The DNS record for the domain should be modified to include a DMARC record.
EXPECTED:
v=DMARC1...
FOUND:
[not set]

Open to MiM attacks DNSSec not set.  Also consider: https://dnsspy.io/scan/henna-boy.co.uk

Coming up as green here: https://www.phishcheck.me/146588/details
No issues here: http://www.isithacked.com/check/https%3A%2F%2Fwww.henna-boy.co.uk%2F

Low risk (one red out of 10 Netcraft risk-grade): https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.henna-boy.co.uk%2F

25 security related recommendations here: https://webhint.io/scanner/ab9875d5-fc48-479d-8185-7f6f6f5d4b79#Security

Wait for an avast team member here to give a final verdict and eventually unblock,
as we here are just volunteers with relative knowledge. One of them might be in after the week-end.

regards,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Hennaboy on November 25, 2018, 12:07:27 AM
Hi Hennaboy,

Given green but with open cart recommendations:
https://webscan.foregenix.com/webscan_results.html?scanid=857b64dc_56ba_40d0_85a7_99341cd9f74b

The server sent a Server header, this may leak server technology and version information.
Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lmh7bm58LWJdeS5eXS51aw%3D%3D~enc
C-grade scan results here: https://observatory.mozilla.org/analyze/www.henna-boy.co.uk
E-mails can be fraudulently sent: Lenient SPF filtering
Sender Policy   Framework (SPF) record is too lenient as to which domains are allowed to send email on the domain's behalf. This record should definitely not contain (+all) or (?all) mechanisms, as these allow any domain to send email posing as this domain. This record should preferably not use the (~all) mechanism, as this will still allow emails flagged as being from an invalid domain, but will still allow the message to be delivered. Best practice is to use (-all).
EXPECTED:
contains -all
FOUND:
contains ~all
DMARC not enabled
DMARC record is not present. This may allow spammers to send messages with forged addresses from this domain. The DNS record for the domain should be modified to include a DMARC record.
EXPECTED:
v=DMARC1...
FOUND:
[not set]

Open to MiM attacks DNSSec not set.  Also consider: https://dnsspy.io/scan/henna-boy.co.uk

Coming up as green here: https://www.phishcheck.me/146588/details
No issues here: http://www.isithacked.com/check/https%3A%2F%2Fwww.henna-boy.co.uk%2F

Low risk (one red out of 10 Netcraft risk-grade): https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.henna-boy.co.uk%2F

25 security related recommendations here: https://webhint.io/scanner/ab9875d5-fc48-479d-8185-7f6f6f5d4b79#Security

Wait for an avast team member here to give a final verdict and eventually unblock,
as we here are just volunteers with relative knowledge. One of them might be in after the week-end.

regards,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Thanks but none of these point to the url phishing flagged which is a link back to the home page on the very same website. Just makes me think that this software is written by a bunch of 5yr olds.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on November 25, 2018, 02:38:33 PM
Hi Henna-boy,

I haven't a clue what 5-years old may be  capable of doing with PHP-based software and jQuery on a website  ;). Either they have build it up from the ground or developed it as a drill-down.

Little old me just reported here for security weaknesses, I stumbled upon, and it is up to you to take this info into account or not or inform your hoster and/or web-admin of such facts. I from my side just thank avast webforums for creating a platform for me to do this.
If it helps just towards a slightly more secure website I am happy to do so.

Then again I am no clairvoyant and cannot say why avast should block the site and where they have based this blockage upon. You should hear that from the "zebra's mouth" as only avast team members could tell you and also inform you that they will unblock your site. Wait for one to appear after the week-end.

polonus (volunteer third party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: arpege92 on November 25, 2018, 03:32:45 PM
Hi,

Since a few days, Avast is bloquing the access to https://ing.ingdirect.es/pfm/#login/

Could you please see what is happening?

Thanks
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on November 25, 2018, 03:36:02 PM
-> https://forum.avast.com/index.php?topic=223475.0
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on November 25, 2018, 03:36:43 PM
Hi,

Since a few days, Avast is bloquing the access to https://ing.ingdirect.es/pfm/#login/

Could you please see what is happening?

Thanks
See >> https://forum.avast.com/index.php?topic=223475.0


Title: Re: Site Blocked - URL:Phishing
Post by: Hennaboy on November 25, 2018, 04:10:05 PM
Funny, however, I was referring to the writers of the avast software being the bunch of 5yr olds. Blocking a site for url phishing based on a logo hosted at the site linking back to the homepage of the same site is hardly grounds for something suspicious.

I never got a reply from a member of staff the first time I reported this so I wont hold my breath for one this time either.

Hi Henna-boy,

I haven't a clue what 5-years old may be  capable of doing with PHP-based software and jQuery on a website  ;). Either they have build it up from the ground or developed it as a drill-down.

Little old me just reported here for security weaknesses, I stumbled upon, and it is up to you to take this info into account or not or inform your hoster and/or web-admin of such facts. I from my side just thank avast webforums for creating a platform for me to do this.
If it helps just towards a slightly more secure website I am happy to do so.

Then again I am no clairvoyant and cannot say why avast should block the site and where they have based this blockage upon. You should hear that from the "zebra's mouth" as only avast team members could tell you and also inform you that they will unblock your site. Wait for one to appear after the week-end.

polonus (volunteer third party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on November 25, 2018, 04:43:28 PM
I never got a reply from a member of staff the first time I reported this so I wont hold my breath for one this time either.
In fact, you did - see Reply #44.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on November 25, 2018, 05:11:39 PM
Hi Asyn,

It could also be that reporting avast user has not updated definitions and that is why OP still get alerts from visitor's of his site.

Fully upgrade, update and patch always and under all circumstances  is a general wise word to literally everyone online.

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: uedmawml on November 25, 2018, 08:20:49 PM
Hi,
I disabled detection causing your site not being accessible. It should be OK after next streaming update. We are sorry for your inconvenience.
Jirka

Hello could You check why https://biolifechain.io AVAST detect as Phishing?
Regards
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on November 25, 2018, 11:29:31 PM
Site has many security related issues, re:
https://webscan.upguard.com/#/https://biolifechain.io/
71 security related issues to be tackled:
https://webhint.io/scanner/bec80d57-e960-4edd-b516-dac1e4398bdc#Security
Given as OK here: https://sitecheck.sucuri.net/results/https/www.biolifechain.io
and here: http://www.isithacked.com/check/https%3A%2F%2Fwww.biolifechain.io
Loaded resources seems OK from Google Safebrowsing's point of view.

Given as malicious here: https://zulu.zscaler.com/submission/8a1fa44d-f583-4401-b57c-05c5f723ad07
A 100% PHISH!

Wait for an avast team member to give a final verdict on the website, as they are the only ones to come and unblock. We here are just volunteers with relative knowledge.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: savcin on November 26, 2018, 11:04:22 AM
Already fixed
Title: Re: Site Blocked - URL:Phishing
Post by: shaon016 on November 28, 2018, 05:36:39 AM
Hi, my site www.avijatrik,org is blocked by Avast. I've resolved all the problems and including the ones showing in Google Webmaster. My website is completely secure. Please unlock the site.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on November 28, 2018, 07:07:43 AM
-> https://sitecheck.sucuri.net/results/www.avijatrik.org
-> https://zulu.zscaler.com/submission/c8e6d320-c94b-417d-9755-83ebd10c7904
-> https://www.virustotal.com/#/url/068ad5956837baaf89e6c75be9a750493051463c2488ada3fee978946f37810c/detection

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: Hennaboy on November 30, 2018, 10:02:41 AM
Hi Asyn,

It could also be that reporting avast user has not updated definitions and that is why OP still get alerts from visitor's of his site.

Fully upgrade, update and patch always and under all circumstances  is a general wise word to literally everyone online.

polonus

The customer reporting it has updated avast. Website still apparently blocked so they had to disable avast to place an order.

Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on November 30, 2018, 10:15:05 AM
See my post about how to report  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438


Title: Re: Site Blocked - URL:Phishing
Post by: Stanislaff on December 06, 2018, 06:39:27 PM
Hello i have the same problems with my domains:

wallet.mandarinbank.com and my.mandarin.life

please unlock them.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on December 09, 2018, 05:23:48 PM
3 vulnerable jQuery libraries detected: https://retire.insecurity.today/#!/scan/bd4693f596b0b415bd52a18b3281d6426e50a389ef323414e46833d1025965b7
Recommendations: https://webhint.io/scanner/c6c7d276-6948-4482-a073-04d49e9faf16
& C- scan grade: https://observatory.mozilla.org/analyze/my.mandarin.life

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Kennef on December 11, 2018, 02:37:00 PM
Hi, I keep getting this message "We've safely aborted connection on thepirate.party because it was infected with URL:Phishing"

I want to BLOCK this message from appearing on my screen. How do I stop it from happening?

Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on December 11, 2018, 02:48:43 PM
Quote
I want to BLOCK this message from appearing on my screen. How do I stop it from happening?
options:
1. dont go  to that site
2: report it to avast lab as possible false positive


Title: Re: Site Blocked - URL:Phishing
Post by: Mick40 on December 12, 2018, 12:27:34 AM
Hi, I can't reach my website - www.moloneyarchitects.com.au. Avast is giving the following message. "We've safely aborted connection on www.moloneyarchitects.com.au because it was infected with URL:Phishing"

Can you please look into this for me?  I've tried reporting it as a false positive, but no response.  Thanks!

Title: Re: Site Blocked - URL:Phishing
Post by: francekj1 on December 12, 2018, 04:25:09 AM
Hello,

I am receiving this same message when trying to access my website https://www.woothosting.com/pulse/heartbeat or https://www.woothosting.com. Please help me in getting this resolved.

Thanks in advance!

Jeff
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on December 12, 2018, 05:53:46 PM
Hi francekj1,

Site is blacklisted for phishing: https://sitecheck.sucuri.net/results/https/www.woothosting.com
See: https://urlscan.io/ip/67.225.188.84 -> https://urlscan.io/domain/www.woothosting.com
102 recommendations: https://webhint.io/scanner/a5e2fc09-624d-4a99-97b4-50c356c10650
Re: https://toolbar.netcraft.com/site_report?url=www.woothosting.com
Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LnddXXRoXXN0W25nLl5dbQ%3D%3D~enc
2 vulnerable libraries detected: https://retire.insecurity.today/#!/scan/3375b64798bd957ceb8440005fd8c91425e56805a6822d6eb569e8da6b1b5d9e
F-grade scan results: https://www.htbridge.com/websec/?id=EbDHyVG2

polonus (volunteer website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on December 12, 2018, 06:59:55 PM
Hi Mick40,

Your domain shares an IP with bad bots and many PHISHes: https://checkphish.ai/ip/173.203.204.123
See: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lm1dbF1ue3l8fV5oW3R7XnRzLl5dbS58dWA%3D~enc
224 recommendations: https://webhint.io/scanner/5f3c69ab-a1b7-48f7-a425-a59c1197a93a

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: Multi4 on December 15, 2018, 03:40:49 AM
Please remove my site www.bagmatiplastics.com from url:phissing mode. The site is clean but blocked by avast
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on December 15, 2018, 05:11:31 AM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on December 15, 2018, 01:22:49 PM
Your site won't resolve: https://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.bagmatiplastics.com%2F
How can you block a yet unregistered domain?   nxdomain cannot be resolved.

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: assessoria on December 17, 2018, 04:54:34 PM
eu site está limpo mas o avast bloqueou.

www.h2oambiental.com.br

como resolver?
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on December 17, 2018, 05:27:13 PM
A scan found some potential problems in the code, the links below should pop you down to the line.

line 487:
Quote
< div style="position: absolute; top: Opx; left: -65OOpx;"> Onlain < a target="_blank" rel="dofollow" href="htxp://gbetting.co.uk/"> free bet offers< /a> here.< /div> 
Site blacklisted: https://sitecheck.sucuri.net/results/www.h2oambiental.com.br

Wait for an avast team member to give the final verdict as we here are just volunteers with relevant knowledge,
as avast team members are the one to come and unblock.

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: assessoria on December 17, 2018, 07:22:56 PM
Será que demora muito para desbloquear?

Em qual arquivo conseguirei ver esse código suspeito da line 487 ?

Obrigado.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on December 17, 2018, 10:46:20 PM
You can find it at line 420 now here: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LmgyXXxtYlt7bnR8bC5eXW0uYn1gc1t0e2A%3D~enc
Quote
< /footer>
< div style="position: absolute; top: Opx; left: -65OOpx;"> Onlain < a target="_blank" rel="dofollow" href="htxp://gbetting.co.uk/"> free bet offers< /a> here.< /div>
Note: The display properties for the link(s) look suspicious, looks like they are positioned off screen?
This looks like a hidden code from your template or one of your extensions. This kind of hidden code is often located in one of your .php-files, but you probably won't find the code pasted above. Try looking for base64_decode in /templates/YOURTEMPLATE/index.php, followed by a series of seemingly random characters. That's a common way to hide code in your .php-files. (info credits for "Note etc." go to stackexchange dot com).

Retirable jQuery library detected: https://retire.insecurity.today/#!/scan/16f3401ca61b3e5e4a194d76ef6000e2cb05d2a51c0adad8233d63d6e4caba04

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: assessoria on December 18, 2018, 10:24:27 AM
Bom dia. No index do meu template eu encontrei e apaguei o seguinte código:

   <?php $xml='PGRpdiBzdHlsZT0icG9zaXRpb246IGFic29sdXRlOyB0b3A6IDBweDsgbGVmdDogLTY1MDBweDsiPk9ubGFpbiA8YSB0YXJnZXQ9Il9ibGFuayIgcmVsPSJkb2ZvbGxvdyIgaHJlZj0iaHR0cDovL2diZXR0aW5nLmNvLnVrLyI+ZnJlZSBiZXQgb2ZmZXJzPC9hPiBoZXJlLjwvZGl2Pg=='; echo base64_decode($xml);?></div>

Existe algo mais que eu possa fazer para que meu site não apareça mais como plishing?

Obrigado
Title: Re: Site Blocked - URL:Phishing
Post by: marcin1sz on December 18, 2018, 11:19:43 AM
I have a problem with the site. Avast blocks her all the time due to phising. can I ask you to check if it is being blocked correctly and can you fix it? Please help.
www.ecosoul.ch
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on December 18, 2018, 11:25:34 AM
-> https://sitecheck.sucuri.net/results/www.ecosoul.ch
-> https://www.virustotal.com/#/url/1c77f444a29e97ba7ff997d1288d80ca8f446bb9cb21c699932fa57ee709f226/detection

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on December 18, 2018, 06:46:41 PM
Hi marcin1sz, Witam,

If the blocking is IP related you should ask for an exclusion from an Avast team member,
they should give a final verdict as they are the only ones to unblock,
we here are just volunteers with relevant knowledge.

Consider your code here: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LnteXXNddWwuXmg%3D~enc

A word press security scan came up with some outdated plug-ins: The following plugins were detected by reading the HTML source of the WordPress sites front page.

cookie-notice 1.2.44   latest release (1.2.45) Update required
http://www.dfactory.eu/plugins/cookie-notice/
woocommerce 3.5.1   latest release (3.5.2) Update required
https://woocommerce.com/
   contact-form-7 5.0.5   latest release (5.1) Update required
https://contactform7.com/

Misconfiguration: Warning  User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   None   szczepanowski
2   None   None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

3 vulnerable retirable libraries detected here: https://retire.insecurity.today/#!/scan/4594f8f50a13fb980c91490774b5d3bc9f264e0133fc83f77b76e63bdd1123ba

1060 recommendations of improvement for that site given here:
https://webhint.io/scanner/e288298c-e2da-4021-bacc-4e150eb67306  with hundreds of them security related.

Cloaking detected:
There is a difference of 82 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page. show.
Quote
<link rel='stylesheet' id='mac_stylesheet-css'  href='hxtps://www.ecosoul.ch/wp-content/themes/bridge/css/mac_stylesheet.css?ver=4.9.9' type='text/css' media='all' />
<link rel='stylesheet' id='webkit-css'  href='htxps://www.ecosoul.ch/wp-content/themes/bridge/css/webkit_stylesheet.css?ver=4.9.9' type='text/css' media='all' />
<script type='text/javascript' src='htxps://www.ecosoul.ch/wp-content/themes/bridge/js/plugins/TweenLite.min.js?ver=4.9.9'></script>
<script type='text/javascript' src='htxps://www.ecosoul.ch/wp-content/themes/bridge/js/plugins/ScrollToPlugin.min.js?ver=4.9.9'></script>
<script type='text/javascript' src='htxps://www.ecosoul.ch/wp-content/themes/bridge/js/plugins/smoothPageScroll.min.js?ver=4.9.9'></script>

pozdrawiam,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Fernando427 on December 18, 2018, 10:16:16 PM
Please remove my site http://orquidea.trensu.com from url:phishing mode. The site is clean but blocked by avast
Title: Re: Site Blocked - URL:Phishing
Post by: =Snake= on December 18, 2018, 10:37:57 PM
Hi, I can't reach my website - www.moloneyarchitects.com.au. Avast is giving the following message. "We've safely aborted connection on www.moloneyarchitects.com.au because it was infected with URL:Phishing".
Maybe my screenshot helps a little bit?

Title: Re: Site Blocked - URL:Phishing
Post by: polonus on December 18, 2018, 11:10:46 PM
Hi Fernando427,

Critical Zoom vulnerability allows series of malicious actions.
Site came under webapp attack via net/intrusion/via controlled grecaptcha/different versions of captcha displayed, see:
https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=XX1xdVsje3wudH17bnN1Ll5dbWA%3D~enc

Mick40,

Confirmed at https://phishcheck.me submitted we get:
Quote
{"sid": 159075, "is_success": true}

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: =Snake= on December 18, 2018, 11:41:34 PM
Hi pol,

Thanks for your help.

Merry Xmas and a happy new 2019!

=Snake=
Title: Re: Site Blocked - URL:Phishing
Post by: brandonfarrell2743 on December 19, 2018, 06:04:34 AM
Hello,

My site acataactivewear.com is blocked for phishing and I believe it is a false positive.
I have reported the issue, but am looking for insight.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on December 19, 2018, 06:17:52 AM
-> https://sitecheck.sucuri.net/results/acataactivewear.com
-> https://www.virustotal.com/#/url/050cbc77c5dec3c1c7e140373210ccac22da5457899f08d2d4dc388c881950e8/detection
Title: Re: Site Blocked - URL:Phishing
Post by: mchain on December 19, 2018, 06:24:43 AM
https://quttera.com/detailed_report/acataactivewear.com (https://quttera.com/detailed_report/acataactivewear.com)
http://urlquery.net/report/432de36c-b6d5-4359-a088-d9f9a09d5bb2 (http://urlquery.net/report/432de36c-b6d5-4359-a088-d9f9a09d5bb2)
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on December 19, 2018, 12:09:51 PM
Hi brandonfarrall2743,

Susceptible to man-in-the-middle attacks
SSL not available
Vulnerabilities can be uncovered more easily
X-Powered-By header exposed
Vulnerable to cross-site attacks
HttpOnly cookies not used
Emails can be fraudulently sent
SPF not enabled

207 recommendations: https://webhint.io/scanner/cb185613-eaea-4da6-90ed-5e840fecea56

You return a 301 error.
shotify spamvertiser eralier detected?...redirecting -
Quote
Server IP(s):
0.0.0.0 -> https://www.abuseipdb.com/check/23.227.38.32  also involved in ransomeware abuse.
Confidence of Abuse is 36%: -> https://cymon.io/23.227.38.32
=========================
HTTP headers:

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 19 Dec 2018 10:58:16 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Sorting-Hat-PodId: 99
X-Sorting-Hat-PodId-Cached: 0
X-Sorting-Hat-ShopId: 10704453732
X-Sorting-Hat-PrivacyLevel: default
X-Sorting-Hat-FeatureSet: default
X-Sorting-Hat-Section: pod
X-Sorting-Hat-ShopId-Cached: 0
X-Frame-Options: DENY
X-ShopId: 10704453732
X-ShardId: 99
Content-Language: en
Location:- https://acataactivewear.com/
X-Request-Id: a3b7f046-591a-410e-8ce7-a41dd10bb672
X-Shopify-Stage: production
Content-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=a3b7f046-591a-410e-8ce7-a41dd10bb672
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=a3b7f046-591a-410e-8ce7-a41dd10bb672
X-Dc: ash,gcp-us-east1
X-Content-Type-Options: nosniff

=========================
Server IP(s):
0.0.0.0

=========================
HTTP headers:

GET / HTTP/1.0
Host: -acataactivewear.com:443
User-Agent: Mozilla/7.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.2) Gecko/20010726 Netscape/7.0
Referer: -http://acataactivewear.com
Accept-Encoding: gzip
Given as benign here: https://zulu.zscaler.com/submission/6ce47014-588d-4631-a589-007197a00e70

Wait for an avast team member to give a final verdict, we are just volunteers here with relative knowledge,
but only avast team members can come and unblock.

polonus (volunteer website security analyst and website error-hunter)

Title: Re: Site Blocked - URL:Phishing
Post by: rubistyle on December 21, 2018, 04:27:52 PM
Hi there, my website www.rubistyle.com has been blocked for phishing but is scanning clean by sucuri so I believe this to be flasely flagged. Can this be unblocked asap please as it is seriously affecting my business. Much appreciated, thank you!
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on December 21, 2018, 04:47:54 PM
Hi there, my website www.rubistyle.com has been blocked for phishing but is scanning clean by sucuri so I believe this to be flasely flagged. Can this be unblocked asap please as it is seriously affecting my business. Much appreciated, thank you!
have you reported it to avast lab ?

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


Something you may fix  >>  https://retire.insecurity.today/#!/scan/0e71eb1533b0dea67791e2117c34849715a2c2166ec520e73071f5350826f631


Title: Re: Site Blocked - URL:Phishing
Post by: polonus on December 21, 2018, 05:35:05 PM
There is more, some 388 recommendations to improve the website: https://webhint.io/scanner/7d891db1-49ef-4da0-97ba-495a34e186d6  and also including 57 security hints: https://webhint.io/scanner/7d891db1-49ef-4da0-97ba-495a34e186d6#Security

Outdated plug-ins: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

wp-super-cache 1.4.9   latest release (1.6.4) Update required
https://wordpress.org/plugins/wp-super-cache/
flo-shortcodes   
contact-form-7-datepicker 2.6.0   latest release (2.6.0)
https://github.com/relu/contact-form-7-datepicker/
recent-facebook-posts 2.0.3   latest release (2.0.13) Update required
https://dannyvankooten.com/donate/
sb-popular-posts-tabbed-widget   latest release (1.1)
http://scottbolinger.com/
contact-form-7 5.0.4   latest release (5.1.1) Update required
https://contactform7.com/
flo-instagram 1.4.6   latest release (1.4.6)
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

Warning  User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   Amy French   amy-french
2   tandrewlynd   tandrewlynd
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ln11YltzdHlsey5eXW0%3D~enc

IP is part of a PHISH: https://checkphish.ai/ip/77.104.133.125

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: LukasJ on December 21, 2018, 06:54:55 PM
Hey guys,
sites acataactivewear and rubistyle.com were unblocked.

Regards
Lukas
Title: Re: Site Blocked - URL:Phishing
Post by: Alex840 on January 03, 2019, 11:55:33 AM
Hello! Avast blocks the connection to the telegra.ph site, as it is infected with the URL ^ Phishing. How to solve this problem? What can be wrong?
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on January 03, 2019, 12:03:56 PM
-> https://sitecheck.sucuri.net/results/telegra.ph
Title: Re: Site Blocked - URL:Phishing
Post by: arni.gx on January 03, 2019, 02:58:42 PM
since yesterday, i have got this .....

(https://i.imgur.com/ZqFwMau.jpg)

...... are those false alarms, or what ?? :(

and how to fix those malware?
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on January 03, 2019, 04:01:36 PM
Hi arni.gx

This is "brandal" injection code, read background info-> https://gist.github.com/donnykurnia/2356dad4119ce85d18d18708914c60e3

ESET now also flags at VT: https://www.virustotal.com/pl/url/1a03f8b8845c617cc09bddb61be8e7ba6c58576aa9435a1cd4ce079ded8d27cb/analysis/

Blacklisted site: https://sitecheck.sucuri.net/results/p01.notifa.info

See the obfuscated code and what it injects here: http://ddecode.com/hexdecoder/?results=8d7ce702e150b7b84926e9b0a929022c
going to and considering: https://urlscan.io/result/283f261b-8f3c-481c-9618-efc9c1d9b207/content/
IP also seen as PHISHING thrice: https://checkphish.ai/ip/118.97.116.2

Seen: 3 times in last 30 days

ASN: AS17974

ISP: TELKOMNET-AS2-AP PT Telekomunikasi Indonesia

Selamat Tahun Baru 2019,

polonus  (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: arni.gx on January 03, 2019, 05:38:38 PM
Hi arni.gx

This is "brandal" injection code, read background info-> https://gist.github.com/donnykurnia/2356dad4119ce85d18d18708914c60e3

ESET now also flags at VT: https://www.virustotal.com/pl/url/1a03f8b8845c617cc09bddb61be8e7ba6c58576aa9435a1cd4ce079ded8d27cb/analysis/

Blacklisted site: https://sitecheck.sucuri.net/results/p01.notifa.info

See the obfuscated code and what it injects here: http://ddecode.com/hexdecoder/?results=8d7ce702e150b7b84926e9b0a929022c
going to and considering: https://urlscan.io/result/283f261b-8f3c-481c-9618-efc9c1d9b207/content/
IP also seen as PHISHING thrice: https://checkphish.ai/ip/118.97.116.2

Seen: 3 times in last 30 days

ASN: AS17974

ISP: TELKOMNET-AS2-AP PT Telekomunikasi Indonesia

Selamat Tahun Baru 2019,

polonus  (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

so, how to block those ip address in avast firewall or avast antivirus free ??

because everytime iam open firefox or chrome, those phising alarm still there....
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on January 04, 2019, 10:26:40 AM
Start a new topic and post your logs there: https://forum.avast.com/index.php?action=post;board=4
Instructions (basic diagnostic logs): https://forum.avast.com/index.php?topic=194892.0
Title: Re: Site Blocked - URL:Phishing
Post by: dzenan2 on January 15, 2019, 09:05:13 AM
Hello,

My site empanda.info is blocked for phishing and I believe it is a false positive.
Do I report issue here or there is another place to do it?
Other malware check tools report no malware:
http://urlquery.net/report/48cf3e86-8984-45d6-bf65-c47c4980446b
https://sitecheck.sucuri.net/results/https/empanda.info
Title: Re: Site Blocked - URL:Phishing
Post by: Milos on January 15, 2019, 09:11:51 AM
Hello,
the best way to report it is https://www.avast.com/false-positive-file-form.php

Milos
Title: Re: Site Blocked - URL:Phishing
Post by: dzenan2 on January 15, 2019, 09:32:52 AM
Thank you Milos. I reported the issue. Any idea how fast I could expect reaction? I have clients depending on the resources from the web application at this location. This situation is most unfortunate.
Best
Title: Re: Site Blocked - URL:Phishing
Post by: Milos on January 15, 2019, 10:22:35 AM
IIRC less in 24 hours.

Milos
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on January 15, 2019, 04:20:58 PM
Witam zdenan2,

Re: https://urlquery.net/report/9eaae1b3-3c05-4895-8795-46570da46c2c
No retirable code detected. That is OK.

The website is still accessible over http is the main threat here.
Interference from -http://jingaster.host/index.php?a=stats&u=christalhargrove
& -http://jacknichlson.mihanblog.com/post/5/
as
Quote
<meta http-equiv="REFRESH" content="0;url=httxs://www.empanda.info/Members/Default.aspx" />
This all via http - on https 0 sinks and 0 sources for DOM-XSS vulnerabilities.

F-grade results here: https://observatory.mozilla.org/analyze/www.empanda.info
A mere 6 hints here: https://webhint.io/scanner/3d2d065a-5769-45dd-9b1a-7b66fa86b28a#Security
12 security issues: https://webscan.upguard.com/#/https://www.empanda.info

pozdravi,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: JewelsR on January 26, 2019, 03:36:12 AM
I am having the same issue on fortwayneppd.org.  I can't get in to work on the website or even see it.  We had a phishing issue, but scorch-earthed the site and put in some heavy software to keep out spammers.  Is there a way to get my website off the blacklist?
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on January 26, 2019, 05:17:44 AM
-> https://sitecheck.sucuri.net/results/fortwayneppd.org
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on January 26, 2019, 01:44:24 PM
Hi  JewelsR,

Start with updating your PHP version (Outdated and therefore vulnerable), then try to get rid of McAfee's blacklisting.
Start to use best policies: 82 hints -> https://webhint.io/scanner/5a1ff50f-c40a-4f40-8d12-c3192dde6ecb
of which 30 security related: https://webhint.io/scanner/5a1ff50f-c40a-4f40-8d12-c3192dde6ecb#Security

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: spgopinath18 on January 29, 2019, 04:59:26 PM
Hello, I'm having problems with my website (http://www.learninfinity.info/), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on January 29, 2019, 05:05:36 PM
Hello, I'm having problems with my website (http://www.learninfinity.info/), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.
What attachment popup ?

This is what TrendMicro say > Sites whose addresses have been found in spam messages


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php



Title: Re: Site Blocked - URL:Phishing
Post by: =Snake= on January 29, 2019, 06:04:54 PM
Hello, I'm having problems with my website (http://www.learninfinity.info/), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.
What attachment popup ?
Maybe my screenshots can help.
 ;)
Title: Re: Site Blocked - URL:Phishing
Post by: AstucesWordpress on January 30, 2019, 03:41:32 PM
I also have a problem with Avast and my website : https://www.astuceswordpress.fr  :'(

URL:pishing with my favicon (https://www.astuceswordpress.fr/favicon.ico) detected by Avast
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on January 30, 2019, 03:56:27 PM
I also have a problem with Avast and my website : https://www.astuceswordpress.fr  :'(

URL:pishing with my favicon (https://www.astuceswordpress.fr/favicon.ico) detected by Avast
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


Title: Re: Site Blocked - URL:Phishing
Post by: AstucesWordpress on January 30, 2019, 04:56:23 PM
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

Of course, i already reported the false positive ;)
Title: Re: Site Blocked - URL:Phishing
Post by: spgopinath18 on January 30, 2019, 05:50:31 PM
Hello, I'm having problems with my website (http://www.learninfinity.info/), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.
What attachment popup ?
Maybe my screenshots can help.
 ;)


when i will get update for my query
 
it will reduce my user visit for my blog

thanks,
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on January 30, 2019, 06:17:32 PM
Quote
when i will get update for my query
Did you report it to avast lab?



Site seems to be offline?  i can not access it and i dont use avast

see screenshot at top right corner here (click to enlarge)  https://urlquery.net/report/bc40ca74-392a-441f-b2ff-c73c788b7220


Title: Re: Site Blocked - URL:Phishing
Post by: spgopinath18 on January 30, 2019, 06:20:39 PM
Quote
when i will get update for my query
Did you report it to avast lab?


No how to report to avast lab
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on January 30, 2019, 06:28:22 PM
Posted several times in this topic including in reply to your first post. see reply Reply #117


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


Title: Re: Site Blocked - URL:Phishing
Post by: spgopinath18 on January 30, 2019, 06:36:01 PM
Posted several times in this topic including in reply to your first post. see reply Reply #117


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

i raised request to avast lab

Thank you :) :)
Title: Re: Site Blocked - URL:Phishing
Post by: Autocrowd on January 31, 2019, 11:55:38 AM
Hi,

My site has been blocked by Avast it has been checked and cleaned how do I get it unblocked by Avast .... http://levismotorcyclecompany.com .

Thanks Dave
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on January 31, 2019, 02:18:21 PM
-> https://sitecheck.sucuri.net/results/levismotorcyclecompany.com
Title: Re: Site Blocked - URL:Phishing
Post by: delphine_tlse on February 05, 2019, 11:13:40 AM
Hello,
I have problem to access to my website admin (URL Pishing)
www.delphinegardin.com
 (http://www.delphinegardin.com)
https://sitecheck.sucuri.net/results/www.delphinegardin.com/wp-admin (https://sitecheck.sucuri.net/results/www.delphinegardin.com/wp-admin)

Thank you
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on February 06, 2019, 06:01:53 AM
-> https://sitecheck.sucuri.net/results/www.delphinegardin.com
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on February 06, 2019, 01:39:42 PM

Security improvement that could be amde to this website:
https://webhint.io/scanner/c73cf45f-fc7e-404b-b7ff-e8a56012a465
&
https://webscan.upguard.com/#/www.delphinegardin.com

Main blocking is for IP, because it is mentioned in a ransomeware tracking report:
https://www.abuseipdb.com/check/87.98.154.146
Recent reports: https://www.abuseipdb.com/check/87.98.154.146

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: Daniel1489 on February 08, 2019, 08:21:58 AM
Hello !

I have problem with my site : https://www.cerames.pl - URL:Phishing

I checked the page through such tools:
- www.virustotal.com --> Clean
- https://sitecheck.sucuri.net/results/https/www.cerames.pl ---> Domain blacklisted by Norton Safe Web: www.cerames.pl

As it turned out, there were some remnants of the virus. I created an account on the Norton website and asked to check. The page has been removed from the blacklist catalog --> https://safeweb.norton.com/report/show?url=cerames.pl

I am asking for help, what else can I do to prevent the site being blocked by Avast.

Thank you and best regards !
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on February 08, 2019, 08:24:51 AM
Quote
I am asking for help, what else can I do to prevent the site being blocked by Avast.
Report it to avast lab


Title: Re: Site Blocked - URL:Phishing
Post by: polonus on February 09, 2019, 05:23:02 PM
Witam Daniel1489,

Website is outdated (PHP) -> https://sitecheck.sucuri.net/results/https/www.cerames.pl
F-grade scan results: https://sitecheck.sucuri.net/results/https/www.cerames.pl
Security checks: https://webscan.upguard.com/#/https://www.cerames.pl

pozdrawiam,

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: Fernando Lopes on March 04, 2019, 10:45:23 AM
hello i have the same problem with my Website:
https://www.nghd.pt/
Can you unlock URL?
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on March 04, 2019, 10:49:59 AM
-> https://sitecheck.sucuri.net/results/https/www.nghd.pt
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 04, 2019, 01:04:15 PM
Hi Fernando Lopes,

This was why it was actually blacklisted originally:
Threat Report
small-caution Viruses Threats found: 3 
Here is a complete list: (for more information about a specific threat, click on the Threat Name below)

Threat Name: Trojan.Gen.NPE
Location: -https://nghd.pt/editor*/create/

Threat Name: Trojan.Gen.NPE
Location: -https://nghd.pt/editor*/create/index_files/adv_m10006_de.htm

Threat Name: Direct Link To Trojan.Gen.NPE
Location: -https://nghd.pt/editor*/create/

small-caution Phishing Attacks Threats found: 1 
Here is a complete list: (for more information about a specific threat, click on the Threat Name below)

Location: -http://nghd.pt/public_    according to Norton Safe Web report info...

191 implementations for improvement: https://webhint.io/scanner/69fe8de4-be9a-406a-8a51-9ac81b716620

Scumware had it 3 months ago. Now urlvoid does not flag any longer.
Wait for an avast team member to give the final verdict, as they are the only ones to come and unblock.
We here are just volunteers with relevant knowledge. Your site still seems infested with malcode.

4 still flag  Trojan.Gen.NPE  here: https://www.virustotal.com/#/url/4075d7ea8a427ee721bf10a90a092aeca828b3f7a85d4b6345dad9c53e3e7876/detection

Seen recent (yesterdays') detections: https://www.virustotal.com/#/domain/nghd.pt
Only fortinet's here to flag: https://urlquery.net/report/b32667c7-31e9-4892-ab5e-744ddc8b2556

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: romano.riondino on March 04, 2019, 01:36:30 PM
Hi, I'm having problems with my website www.rndwss.com.
It seems recognize a phishing situation. Can you check it, please.
I can connect to it without any problem using the dedicated personal url provided by 1&1.

Regards,
Romano.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 04, 2019, 02:32:08 PM
Block more than likely because of the same IP you share with a flagged domain:
https://www.virustotal.com/#/ip-address/74.208.236.102

Ask an avast team member for an exclusion of your domain,
as we here are volunteers with relevant knowledge but cannot come and unblock or exclude.

16 recommendations here: https://webhint.io/scanner/a66c2f7b-ffa3-46e7-88f0-8ee4399b6691
Vulnerabilities: Security Checks for -http://www.rndwss.com
(2) Susceptible to man-in-the-middle attacks
(2) Vulnerabilities can be uncovered more easily
Emails can be fraudulently sent
(3) Unnecessary open ports

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Ser518 on March 05, 2019, 10:16:36 AM
Hello, the site is blocked by the https://bankrot.fedresurs.ru/ antivirus program, please remove it from the database of infected sites.
I can not download the document at https://bankrot.fedresurs.ru/Download/file.fo?id=1950738&type=MessageDocument
from the message https://bankrot.fedresurs.ru/MessageWindow.aspx?ID=2355C7E8F2E418F8C624CE12E4FA884C
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on March 05, 2019, 10:27:42 AM
-> https://sitecheck.sucuri.net/results/https/bankrot.fedresurs.ru
-> https://www.virustotal.com/#/url/cd1ee6bc52e012999760b59546fe3531858dcffaa62962c9f42fe4d762e977e7/detection

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: Youssef27 on March 05, 2019, 11:54:49 AM
Hello i have the same problem with my Website:
https://www.selektimmo.com/

(https://www.selektimmo.com/selektimmo.jpg)

Can you unlock URL?

Genially
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on March 05, 2019, 12:06:26 PM
-> https://sitecheck.sucuri.net/results/https/www.selektimmo.com
Title: Re: Site Blocked - URL:Phishing
Post by: savcin on March 05, 2019, 12:13:44 PM
Fixed
Title: Re: Site Blocked - URL:Phishing
Post by: Youssef27 on March 05, 2019, 12:31:53 PM
thank you
Title: Re: Site Blocked - URL:Phishing
Post by: Ser518 on March 05, 2019, 12:53:33 PM
Fixed

Please tell me the reason for hitting the site in the blacklist.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 05, 2019, 06:27:15 PM
Hi

Here you can make an ascertained guess: https://www.virustotal.com/#/domain/bankrot.fedresurs.ru
Probably the Express.exe folders
Attack analysis: https://www.reverse.it/sample/483be61bcee0b7fef9773ec27cc28fcafa89ecfc8752f4b61762fbdf6101bf33?environmentId=100

Whether this is an old or a persistent question can only be answered by avast team members, as we are just volunteers with relevant knowledge, but cannot come and unblock or explain the avast detection policy/decisions. That is completely and utterly their cup of tea.

Security Checks for -https://bankrot.fedresurs.ru
(2) Susceptible to man-in-the-middle attacks SSL is not available.
(2) Vulnerabilities can be uncovered more easily
The X-Powered-By header reveals information about specific technology used on the server. This information can be used to exploit vunerabilities. The server configuration should be changed to remove this header.
Vulnerable to cross-side attacks
HttpOnly cookies not used
Emails can be fraudulently sent
SPF not enabled

Further website recommendations: https://webhint.io/scanner/84be7d8e-9dc0-4240-baf6-f1d881307ea5
Cannot be scanned properly:
Scan Failed
-http://bankrot.fedresurs.ru/

 
Unable to properly scan your site. Connection closed (your webhosting is probably blocking us)

Site Issue Detected
-http://bankrot.fedresurs.ru/404javascript.js

 
Unable to scan the page. Connection closed (your webhosting is probably blocking us)

Site Issue Detected
[http://bankrot.fedresurs.ru/404testpage4525d2fdc

 
Unable to scan the page. Connection closed (your webhosting is probably blocking us)
Why see: https://toolbar.netcraft.com/site_report?url=https://bankrot.fedresurs.ru

This still there? Re: https://www.virustotal.com/#/file/fecef91acc63413f4656be7c43b38298872fce85aa7530f1564d4cf0153496b3/detection

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: tomahawk6759 on March 06, 2019, 06:01:37 PM
Getting same error intermittently for www.currenrv.com

can this site be removed from list as well please
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on March 06, 2019, 06:50:29 PM
Getting same error intermittently for www.currenrv.com

can this site be removed from list as well please
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

Things to fix
Sucuri  https://sitecheck.sucuri.net/results/www.currenrv.com

https://retire.insecurity.today/#!/scan/12f67b7b947116aa6b6f82380247abfe25c78c913a122f2e534a12c1bef32761

1 suspicious inline script found. https://www.UnmaskParasites.com/security-report/?page=www.currenrv.com


Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 06, 2019, 07:18:02 PM
Site now responds with a 301: https://urlquery.net/report/4f6ed2e1-59e4-4bc8-9587-4f0e1ca2e385
also consider: https://toolbar.netcraft.com/site_report?url=www.currenrv.com+

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: bd1234 on March 07, 2019, 08:17:43 AM
Hello. When i try to download files from site: bankrot.fedresurs.ru - it is blocked with "URL:Blacklist". Can you fix it ?
(for example: http://bankrot.fedresurs.ru/Download/file.fo?id=1604182&type=MessageDocument)

or how can i add this site to my avast exclusions ?
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 07, 2019, 01:30:13 PM
Dr. Web flags the site as a known infection source.
VirusTotal has following detections https://www.virustotal.com/#/domain/bankrot.fedresurs.ru
Most recent detection flag a Win32 EXE Express detection.
But wait for a reaction from an avast team member, to really know why they block it in the first place.
Scan won't finalize for me: https://urlquery.net/queue/04c4a750-ff33-4231-9977-f84f22954bb2
Also consider: https://otx.alienvault.com/indicator/domain/bankrot.fedresurs.ru
Detection: https://www.virustotal.com/en/file/eaa8f35c214908ae74a903a916b325b4d42b9703a1b4a49aad376a164f27f9bc/analysis/

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on March 07, 2019, 10:31:19 PM
hello i have the same problem with my Website:
https://www.nghd.pt/
Can you unlock URL?

I submitted the URL and now the detection was removed today 07.03.19 at 10:33

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on March 07, 2019, 10:33:48 PM
Hi, I'm having problems with my website www.rndwss.com.
It seems recognize a phishing situation. Can you check it, please.
I can connect to it without any problem using the dedicated personal url provided by 1&1.
Regards,
Romano.

Detection was removed today 07.03.19 at 10:54

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on March 08, 2019, 02:25:06 PM
Hello. When i try to download files from site: bankrot.fedresurs.ru - it is blocked with "URL:Blacklist". Can you fix it ?
(for example: http://bankrot.fedresurs.ru/Download/file.fo?id=1604182&type=MessageDocument)

or how can i add this site to my avast exclusions ?

Detection was removed today 08.03.2019 at 07:20

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: Andrew570 on March 08, 2019, 11:32:30 PM
Hi, Avast thinks my website, www.flyfriendservice.com is phishing.

Can you tell me what I can do to either correct the problem, or have it removed from the blacklist?

Thanks!
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on March 09, 2019, 05:12:00 AM
-> https://sitecheck.sucuri.net/results/www.flyfriendservice.com
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 09, 2019, 02:15:13 PM
Could also be through some of the domains you share on that same IP.
https://www.ip-adress.com/ip-address/ipv4/162.241.253.90
See Bluehost hosting vulnerabilities here: https://www.shodan.io/host/162.241.253.90

Here you will find 361 recommendations for improvement for your website:
https://webhint.io/scanner/c4e48809-06ba-403b-8904-81f4fc7271c8
of which various recommendations touch security improvement:
https://webhint.io/scanner/c4e48809-06ba-403b-8904-81f4fc7271c8#Security

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 09, 2019, 03:16:04 PM
Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3c2LnB9XWp7XnRieXB8c3MuXl1tYDx6~enc

Why this site has been blocked. And why Google let me fill out a captcha to prove I am human, tryuing to go there,
e.g. to htxp://ww6.projectbypass.com/?z   trying to use to evade Google's geo-targeting, read: http://search.lores.eu/geotargeting.html

Anyone, why Google chrome browser blocks it or is it an ad-blocker of sorts?

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 09, 2019, 05:19:59 PM
Interesting, it may probably be this http://opay.in.siteindexed.com/
Opay.in on the search engines

Google Yahoo Bing

Example: http://foresttrailacademy.com.siteindexed.com/

Given as OK: https://www.virustotal.com/#/url/38c32e119aeee672c8cc37fc5fd68948f68f12cb60023731eed81f02436f0428/detection

Running - see: https://www.shodan.io/host/199.59.242.151
PORT   STATE SERVICE VERSION
80/tcp open  http    OpenResty web app server
|_http-server-header: openresty
|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
|_http-trane-info: Problem with XML parsing of /evox/about

So we seem to have localised it as an website indexing service  ;D

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: bauerj on March 11, 2019, 07:45:13 AM
Hi,
I removed both flyfriendservice[.]com and currenrv[.]com from our blacklist. Domains should not be blocked anymore.
Jirka
Title: Re: Site Blocked - URL:Phishing
Post by: tammi6 on March 11, 2019, 02:51:47 PM
Hi :-)

We're also having an issue with our site https://travel-information.org/ (https://travel-information.org/)

It was previously hacked in 2018, but the site was recovered over 5 months ago. We've added an SSL certificate to the site to make it more secure, but it's still showing up as a phishing risk on avast.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on March 11, 2019, 02:57:18 PM
-> https://sitecheck.sucuri.net/results/https/travel-information.org
-> https://www.virustotal.com/#/url/76a11484dbf9d6505c52bb827822e18dfa5aca17235e3cd0e6b1dbbdf3915366/detection
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 11, 2019, 04:43:43 PM
Classified as a PHISH: http://trafficlight.bitdefender.com/info?url=http://travel-information.org
Look what it found here: https://fortiguard.com/search?q=http%3A%2F%2Ftravel-information.org&engine=1 (normal)
Just 181 recommendation towards website improvement:
https://webhint.io/scanner/215d7f5c-1591-425a-af09-3604320dc7c9

Wait for an avast team member to give the final verdict on your website
as we here are just volunteers with relevant knowledge
and only avast team members can come and unblock your website.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: bauerj on March 12, 2019, 09:10:30 AM
Hi,
I removed travel-information[.]org from our blacklist. It was infected with phishing site in the past.
Jirka
Title: Re: Site Blocked - URL:Phishing
Post by: info2188 on March 12, 2019, 10:22:05 AM
My site is blocked, but this is not phishing site. Please help me remove blacklist.

My site is: https://charmxinh.com/

Thanks you!
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on March 12, 2019, 10:32:10 AM
-> https://sitecheck.sucuri.net/results/https/charmxinh.com
-> https://www.virustotal.com/#/url/6d61cb131a6a7df4d20929cc766e8c97baddb1b619a49fee0ba55f841a7e0f92/detection

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 12, 2019, 01:00:45 PM
Strange redirect loop detected: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Xmh8fW14W25oLl5dbWA%3D~enc
Some room for improvement with 553 recommendations:
https://webhint.io/scanner/17810bb7-e57d-4e96-b8da-fc2753d0d9ea
When IP related, it was being reported as a PHISH 34 times over the last 30 days:
https://checkphish.ai/ip/123.30.249.16
Re: hxtps://urlquery.net/queue/0189999c-34f8-41e6-b264-1483d5efba64
seems this link will download tmp files that are INFESTED
Re: https://www.virustotal.com/#/url/fc312bb946b53489a717c351d292e86b1b7bc0637ced5967b52661175f09e59c/detection

Wait for an avast team member to give a final verdict as they are the ones to unblock,
we here are just volunteers with relevant knowledge.

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: bauerj on March 13, 2019, 09:32:06 AM
Hi,
domain charmxinh[.]com was removed from our phishing list yesterday. It should not be blocked anymore.
Jirka
Title: Re: Site Blocked - URL:Phishing
Post by: roy117 on March 18, 2019, 04:29:09 AM
Hey there - I work for the company that runs surveys.gobranded.com.

Our users have been complaining their access has been blocked due to this site for phishing attempts. Could you please clarify what the issue is here, or remove the block?

Thanks
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on March 18, 2019, 05:18:07 AM
-> https://sitecheck.sucuri.net/results/surveys.gobranded.com
-> https://www.virustotal.com/#/url/1ccb21ec26216f06b9472704cda149256b2e9dea1355cefe7c9130e673e156e7/detection
Title: Re: Site Blocked - URL:Phishing
Post by: roy117 on March 18, 2019, 08:39:29 AM
Thanks for the response. I swore I checked both of those sites prior to posting - the first link didn't seem to indicate much (we use CentOS, so while the versions look older, they backport fixes).

I'll follow-up with Clean MX directly. If I clear that issue, this will resolve itself for users of Avast?


Thanks
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on March 18, 2019, 08:51:06 AM
I'll follow-up with Clean MX directly. If I clear that issue, this will resolve itself for users of Avast?
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: roy117 on March 18, 2019, 10:20:01 AM
Thank you for your help. I've reported the FP.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on March 18, 2019, 10:30:31 AM
You're welcome.
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on March 18, 2019, 10:41:05 AM
Thanks for the response. I swore I checked both of those sites prior to posting - the first link didn't seem to indicate much (we use CentOS, so while the versions look older, they backport fixes).

I'll follow-up with Clean MX directly. If I clear that issue, this will resolve itself for users of Avast?


Thanks
When looking at VT scan results, always check the scan date at top of the result
If old (a cashed result from previous scan) click the blue button at top right and refresh scan result


Title: Re: Site Blocked - URL:Phishing
Post by: manticoregroup on March 29, 2019, 06:13:07 AM
I am going through the same problem. Our Web site not blocked but our subscriptions page which simply takes our members to PayPal is: https://www.veritasradio.com/subscribe.php

There is absolutely nothing but the PayPal code within this page and we would really appreciate your attention to remove this link from the list as it is affecting our memberships. This is a subscriber based podcast with over 10 years of experience.

Thank you,
Tyler
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on March 29, 2019, 06:24:11 AM
-> https://sitecheck.sucuri.net/results/https/www.veritasradio.com/subscribe.php
-> https://www.virustotal.com/gui/url/de01fdcbd624f57c1903ef8e6c99632ce81a9f0c01f8beefe950b0da19164266/detection
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 29, 2019, 02:18:41 PM
Flagged for PHISHing - IP on hp blocklist, Paypal Phishing: https://forum.avast.com/index.php?action=post;topic=218384.165;last_msg=1499808

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on March 29, 2019, 02:22:49 PM
also blocked by TrendMicro and F-Secure


Title: Re: Site Blocked - URL:Phishing
Post by: mchain on March 29, 2019, 05:00:54 PM
Not just Avast:
Title: Re: Site Blocked - URL:Phishing
Post by: CacitOrg on March 31, 2019, 01:46:45 PM
Hello

My website www.cacit[.]org is flagged as URL:Phishing

Could you please double check and at least provide us the reason of the blacklisting?

Thank you
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on March 31, 2019, 02:11:08 PM
Vulnerable CMS, i.e. outdated vulnerable PHP. 
Website blacklisted: https://sitecheck.sucuri.net/results/www.cacit.org
Site is listed in PHISHING DB's, however not given at PHISH-Tank.
See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ll58Xlt0Ll19Zw%3D%3D~enc

Most likely the hupso share.toolbar script is being flagged...  olark & namescheap abuse.
Once adblocked for me.
Consider: https://urlscan.io/result/7ed75995-4beb-4a6e-bdda-9e28353f3803

To be sure, wait for an avast team member to give a final verdict,
as they are the only ones to come and unblock.
We are just volunteers with relevant knowledge.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: HonzaZ on April 01, 2019, 10:45:01 AM
Paypal login screen at this location, is this intentional?: cacit[.]org/bye/?country.x=us&locale.x=en_us%3e&client=23b2b53e55c5d5c701804613c0731247
Title: Re: Site Blocked - URL:Phishing
Post by: wks.ahmed on April 02, 2019, 08:35:28 AM
My site www.latestlifestyles[.]com also blocked by Avast Antivirus. Whenever I try to access it from any computer that has Avast installed it does not allow access and popup avast phishing error message appears. I have done scanning my hosted files 3 times. Kindly resolve this issue and unblock my site from the blacklist. Thanks.
Title: Re: Site Blocked - URL:Phishing
Post by: HonzaZ on April 02, 2019, 08:55:14 AM
Hi,
Phishing here: latestlifestyles[.]com/folders/login.yahoo.com/zlcdbc0bg8o0ipg6m2s7tutm.php?rand=13inboxlightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13inboxlight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&
What have you done to clean phishing and what have you done to prevent it from happening again?
Title: Re: Site Blocked - URL:Phishing
Post by: wks.ahmed on April 02, 2019, 01:51:49 PM
Hello HonzaZ!

Kindly guide me how to clean my site from phishing and what things I can do to prevent my sites from phishing attacks again. Thnaks
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on April 02, 2019, 02:57:20 PM
Start with the hints here: https://webhint.io/scanner/8d83f03c-beb4-423a-b49a-e00b381a7c20
See directs threats: https://app.upguard.com/webscan#/latestlifestyles.com
F-grade status here: https://observatory.mozilla.org/analyze/latestlifestyles.com
Word Press CMS - Version does not appear to be latest
-> https://sitecheck.sucuri.net/results/www.latestlifestyles.com

XSS-DOM issues: Results from scanning URL: -http://www.latestlifestyles.com/wp-includes/js/wp-embed.min.js?ver=5.1
Number of sources found: 41 ; number of sinks found: 39
&
Results from scanning URL: -http://latestlifestyles.com
Number of sources found: 5 ; number of sinks found: 269

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: lisbar on April 02, 2019, 07:03:41 PM
hi,my site www.bitrue.com is blocked by avast,could you unblock it or maybe tell me why it is blocked
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on April 02, 2019, 07:12:46 PM
hi,my site www.bitrue.com is blocked by avast,could you unblock it or maybe tell me why it is blocked
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php



Title: Re: Site Blocked - URL:Phishing
Post by: polonus on April 02, 2019, 11:15:08 PM
It is probably a link to mfesecure - consider the info here: https://pastebin.com/6PDKw6Vw
Links like: -//s3-us-west-2.amazonaws.com/mfesecure-public/host/"+a+"/client.json
like on : -https://cdn.ywxi.net/js/1.js  while this is on the main page
Quote
</script>

<script src='htxps://cdn.ywxi.net/js/1.js' async></script>
</body>
Also connected to: -https://d3ss0gp3e5d7m3.cloudfront.net/assets/route~e38c9536012f_route.2561e.js
& -https://d3ss0gp3e5d7m3.cloudfront.net/assets/route~e38c9536012f_route.2561e.js
& -https://d3ss0gp3e5d7m3.cloudfront.net/assets/route~men_route~women_route.68c02.js

For on Android, considering classes.dex read: https://www.b4x.com/android/forum/threads/classes-dex-and-virus-scan.18172/
while sometimes this delivers: Andr.Trojan.Locker, sometimes seems compiling code that is a FP.

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: CacitOrg on April 02, 2019, 11:58:07 PM
Paypal login screen at this location, is this intentional?: cacit[.]org/bye/?country.x=us&locale.x=en_us%3e&client=23b2b53e55c5d5c701804613c0731247

Hello,

No, it wasn't because there are some continuous brute force attack on the website.

(may be you can help) : an injected code is altering wordpress php files, allowing attacker to execute  their code.

I'll be working to prevent those and get back to you.

Thank you


Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on April 03, 2019, 12:01:46 AM
Quote
(may be you can help) : an injected code is altering wordpress php files, allowing attacker to execute  their code
Sucuri can help  >>  https://sucuri.net/

Title: Re: Site Blocked - URL:Phishing
Post by: CacitOrg on April 03, 2019, 12:31:50 AM
Quote
(may be you can help) : an injected code is altering wordpress php files, allowing attacker to execute  their code
Sucuri can help  >>  https://sucuri.net/

Even after upgrading my Wordpress version and PHP version,

site is always flagged as outdated by https://sitecheck.sucuri.net/results/www.cacit.org

What am I doing wrong?
Title: Re: Site Blocked - URL:Phishing
Post by: Michael (alan1998) on April 03, 2019, 02:27:52 AM
You have PHP 7.3, not 7.3.3

You can download the latest PHP Patch here (https://www.php.net/downloads.php).
Title: Re: Site Blocked - URL:Phishing
Post by: Jonathan408 on April 05, 2019, 04:17:01 AM
Hello, My web site is marked as URL:Phishing on Avast.
I tried scaning my web https://sitecheck.sucuri.net/results/geoingenieria.org.pe but cant find any error.
If all is OK could be it removed from blacklist?
geoingenieria.org.pe
Thanks.
Title: Re: Site Blocked - URL:Phishing
Post by: mchain on April 05, 2019, 04:31:20 AM
Check https://quttera.com/detailed_report/geoingenieria.org.pe (https://quttera.com/detailed_report/geoingenieria.org.pe)
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on April 05, 2019, 01:37:27 PM
VT flagged website earlier, but now gives domain the all green: https://www.virustotal.com/nl/url/301ee82b7a1aee4bbec0865f49af856953fbc9a45782ae780f463e36c7061d85/analysis/1554463820/

Has been blacklisted , probably because of being a PHISH, reported 312 times during last 30 days:
https://checkphish.ai/ip/69.167.175.216

With so many apples in that same IP basket, some baddies can be expected: https://www.threatcrowd.org/ip.php?ip=69.167.175.216

Ask for an exclusion from an avast team member, as we are just volunteers with relevant knowledge,
but only avast team members can come and unblock,

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: italiangm on April 06, 2019, 12:18:17 AM
Hello. Opening Yahoo emails via webmail interface starting at 3:52p CST today gets threat pop-up (see image for one example).

Default settings for my Yahoo webmail account: Don't display images; Email preview window is off. The threat pop-up occurs only when "Show images" is selected.

Please advise if this is a false positive. Thanks.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on April 06, 2019, 12:24:57 AM
Hello italiangm.

thanks for the screenshot.I do not have yahoo email, this image should help.

I reported this problem to Virus Lab~


I am going through the same problem. Our Web site not blocked but our subscriptions page which simply takes our members to PayPal is: hxxps://www[.]veritasradio[.]com/subscribe.php

There is absolutely nothing but the PayPal code within this page and we would really appreciate your attention to remove this link from the list as it is affecting our memberships. This is a subscriber based podcast with over 10 years of experience.

Thank you,
Tyler

Hi manticoregroup.

Detection was disabled yesterday 10.04.2019 at 06:13 min

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: rhbrand on April 06, 2019, 01:57:42 AM
OMG!  I just started getting these pop ups myself.  I can't see any pictures from Yahoo mail now.
Title: Re: Site Blocked - URL:Phishing
Post by: Sirmer on April 06, 2019, 05:12:43 AM
Hello, this will be fixed in  next stream update, in less then 10 minutes
Title: Re: Site Blocked - URL:Phishing
Post by: italiangm on April 06, 2019, 01:26:34 PM
Fix confirmed. No further threat popups when 'show images' is activated. Thanks to the team.  :)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on April 10, 2019, 01:49:14 AM
Hello, My web site is marked as URL:Phishing on Avast.
I tried scaning my web https://sitecheck.sucuri.net/results/geoingenieria.org.pe but cant find any error.
If all is OK could be it removed from blacklist?
geoingenieria.org.pe
Thanks.

Hello Jonathan408.

Site Blacklisted by Google Safe Browsing

https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fgeoingenieria.org.pe%2F&hl=en

Phishing is "hxxps: //geoingenieria.org.pe/support" found in Phishtank. (https://www.phishtank.com/phish_detail.php?phish_id=5829522)

Phishing detected:
hxxp://geoingenieria.org.pe/support/165493a1358f6ba42407fa50f74df08c/konto
hxxp://geoingenieria.org.pe/support/503897d45372b34a8b1e64994abad8b8/cuenta/info/update.php
hxxp://geoingenieria.org.pe/support/165493a1358f6ba42407fa50f74df08c/konto/info/update.php
hxxp://geoingenieria.org.pe/support/1e608cd072e715b5e69941e1f8921bfc/account/
Title: Re: Site Blocked - URL:Phishing
Post by: cwala on April 11, 2019, 03:17:56 PM
Hi. I believe a site is being blocked in error.

"We've safely aborted connection on accounts.jobmi.com because it was infected with URL:Phishing" Apr 11th 2:09pm

edit: reported to false positive form.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on April 11, 2019, 05:45:33 PM
Jobmi Account error detected: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=fF5eXXVudHMual1ibVsuXl1tYGxdZ1tuPHNbZ25bbj0wIzE1Yl5mezF7XjY2NHwzZnxeXmIjMjgwMCMyI15mIw%3D%3D~enc
Consider: Results from scanning URL: -https://accounts.jobmi.com/Scripts/app-is3.js
Number of sources found: 31 ; number of sinks found: 10

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: wavef0rm on April 11, 2019, 06:24:39 PM
Good morning,

Our production business site for our customers is being listed as phishing by Avast!  https://spa.cryoinnovations.com

I need you to whitelist this site immediately.  Thank you.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on April 11, 2019, 06:42:14 PM
Outdated server software, update a.s.a.p.: https://sitecheck.sucuri.net/results/spa.cryoinnovations.com

Wait for an avast team member to come an unblock, we are just volunteers with relevant knowledge.
VT gives your site the all green: https://www.virustotal.com/en/url/7e9cad268152670edc10ff8cd2f78a55f00b80047ba4d04255f258002b2d14de/analysis/1555000797/

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: Yohanes Adhi Nugraha on April 12, 2019, 08:42:21 AM
Hi Avast,

Kindly check my website: https://dashboard.lakon.id, it's blocked as phishing.  Kindly unblock it, or let me know if any code that triggering the threat. Fyi we're using Cloudflare DNS and Crypto service to this site, and maybe threat triggered because of error 500 and/or 403 when we're testing it, I don't know.

This site supposed limited access to our member.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on April 12, 2019, 08:44:39 AM
-> https://sitecheck.sucuri.net/results/https/dashboard.lakon.id
Title: Re: Site Blocked - URL:Phishing
Post by: Amit37 on April 12, 2019, 01:16:59 PM
Hi,

   I am having same issue. I removed malicious code but still avast gives url phishing issue. Could you please unblock below url.
https://secure-research-payment.com/writer/user/login.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on April 12, 2019, 01:20:21 PM
-> https://sitecheck.sucuri.net/results/https/secure-research-payment.com/writer/user/login
Title: Re: Site Blocked - URL:Phishing
Post by: nels5 on April 13, 2019, 02:31:38 PM
Same issue, please unblock
https://mail.pnmresources.com/owa

So I can get to my corporate email

Thanks
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on April 13, 2019, 04:15:27 PM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on April 13, 2019, 06:02:19 PM
Nothing detected at VT: https://www.virustotal.com/en/url/09755c1a471cc1699206ab56e1c35e6fc9fb872ec97d8908f698246557a56e91/analysis/1555170180/
Scan results all green: https://sitecheck.sucuri.net/results/https/mail.pnmresources.com/owa
DOM-XSS scan results from scanning URL: -https://mail.pnmresources.com/owa
Number of sources found: 18 ; number of sinks found: 31
Is redirecting to: -https://mail.pnmresources.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.pnmresources.com%2fowa&reason=0
Re: https://www.shodan.io/host/192.147.68.85
Re: https://www.shodan.io/host/192.147.68.85  various 302 redirects found.
Connection to site is not secure, website won't resolve...

Wait  for an avast team member to give a final verdict on that detection.

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: R50 on April 13, 2019, 08:20:46 PM
Now I am not one of the admins on the site but I am a long time user but I got on this morning to a blank page on the Marvel Fandom site. Oh yeah the Ad blocker would not allow me to access it. checked out adblocker extension and it wasn't a trusted site anymore...I think some one (or ones) used the Adblocker to lock others out of the site.  I did a site check and it came back clean.

https://sitecheck.sucuri.net/results/https/marvel.fandom.com
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on April 13, 2019, 08:29:08 PM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on April 14, 2019, 01:03:52 AM
This is found there:  -https://slot1-images.wikia.nocookie.net/__am/8410038410012/groups/-/abtesting,oasis_blocking,universal_analytics_js,adengine3_top_js,tracking_opt_in_js,qualaroo_blocking_js
Number of sources found: 21 ; number of sinks found: 13
&
Results from scanning URL: -https://slot1-images.wikia.nocookie.net/__am/8410038410012/groups/-/oasis_shared_core_js,oasis_shared_js,oasis_anon_js,toc_js,recirculation_js,qualaroo_js
Number of sources found: 238 ; number of sinks found: 76

17 known trackers on page, vulnerable to sweet32 attack:  https://privacyscore.org/site/133362/

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: Huy17 on April 19, 2019, 08:17:47 AM
Hi all,

My Avast always shows this (image) popup even though I never access this website. How do I turn it off?

https://imgur.com/fFvgIbN  - Capture

(I can't find upload image funtion on this post)
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on April 19, 2019, 11:31:30 AM
Avast is not alone here: https://www.virustotal.com/#/url/1604f39f06cb9a4dcb934bd395b57d6edff3fbb97c72d7a8a8d3ec5eabe814d1/detection
When Delphi is involved there is always room for a FP, so wait for a final verdict:
https://www.virustotal.com/#/file/3025a401f1e164dd52488ac1497face4291c622473c4890ac8dabcfc9c3a79f3/details

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on April 19, 2019, 11:41:36 PM
We see that the detection is not on the website from 15.04.2019 :

http://accounts.jobmi.com
http://www.cacit.org
https://spa.cryoinnovations.com
https://dashboard.lakon.id
https://mail.pnmresources.com/owa


Detection was removed on 16.04.2019 at 06:42 min

https://secure-research-payment.com/writer/user/login

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on April 20, 2019, 12:41:09 AM
These sort of executables have earlier led to quite an amount of false positives, this isn't a new thing,
as this one here: Basic Properties
Quote
MD5   9f9bd677046f193d2b2bfb10e99886b5
SHA-1   9d85469aded933cd62ee439066dd4d9b21346403
Authentihash   2e7b3fee50a64738bbbd13080f1da5cb2d5b32da9adca3f52fef8402da6cf6bd
Imphash   48aa5c8931746a9655524f67b25a47ef
File Type   Win32 EXE
Magic   PE32 executable for MS Windows (GUI) Intel 80386 32-bit
SSDeep   393216:LUxB09/nu88j4i5aBq2v0t0ddLQNPFjzlJHiG3:LUxB0lu8cDoBuTNPDhii
TRiD   Win32 Executable Delphi generic (52.9%)
Win32 Executable (generic) (16.8%)
Win16/32 Executable Delphi generic (7.7%)
OS/2 Executable (generic) (7.5%)
Generic Win/DOS Executable (7.4%)
File Size   14.58 MB


A search-query like -https://www.google.com/search?q=esc_setup.exe&oq=esc_setup.exe&sourceid=chrome&ie=UTF-8
will give you many an example...see heuristical matches by hybrid-analysis in this case: https://www.virustotal.com/#/file/3025a401f1e164dd52488ac1497face4291c622473c4890ac8dabcfc9c3a79f3/community

Problem here often is a missing digital signature in the case of such executable in Delphi.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Jonathan408 on April 22, 2019, 09:40:28 PM
Hello, my Site is marked as url:phishing.
I scanned it at
Complete zip site
https://www.virustotal.com/en/file/baae97423b1024cdb0a41613f7cbbbd95b05efca2e565dd3fa86ab9445043b39/analysis/1555961542/
Url site
https://www.virustotal.com/en/url/87076758495fddc36ba5e872739182f02d78e995d2cd31f8532fb7e0eff00071/analysis/

And show all clean.
If there arent any problem then can be my site removed from blackSite? thanks.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on April 22, 2019, 11:00:33 PM
Google Safe Browsing alert:
Quote
Note! The scan has detected URL(s) from your site and/or IP in Phishing DBs -
This link Flagged URL(s)? will open a utility that will list out any URL(s) from your domain that are listed in Phishing DBs and tell you if Google is currently flagging the URL.
For some tips on clearing a Phishing hack see: Remove a phishing or web forgery warning
Also consider analysis here: https://any.run/report/8f0262f7c2a5417223869aae4d2137fcb24b664d52bb7430fc891dad6f0cd837/a6fea7e4-53a3-43c8-afef-4193197b5ee1  -> https://app.any.run/tasks/a6fea7e4-53a3-43c8-afef-4193197b5ee1   no threats detected.

Wait for an avast team member to give a final verdict, they are the only ones to unblock,
as we here are just volunteers with relevant knwledge.

Quttera flags your site as malicious: https://www.virustotal.com/en/url/6594612ff2efe3202b00db1ad168ac387ebd385bde029a739b553e4e586f9d14/analysis/
as abuse was now two weeks ago
but now gives it as clean: https://quttera.com/detailed_report/geoingenieria.org.pe

vulnerabilities still on IP: https://www.shodan.io/host/192.185.105.88
Insecure website
Quote
Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell -geoingenieria.org.pe to fix it.

 All trackers
At least 4 third parties know you are on this webpage.

 -Google
 -geoingenieria.org.pe
 -Facebook
-www.google-analytics.com Google

 Tracker could be tracking safely if this site was secure.

 Tracker does not support secure transmission.

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on April 26, 2019, 04:57:29 AM
Hi all,

My Avast always shows this (image) popup even though I never access this website. How do I turn it off?

https://imgur.com/fFvgIbN  - Capture

(I can't find upload image funtion on this post)

Detection was disabled yesterday.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on April 26, 2019, 05:02:18 AM
Hello, my Site is marked as url:phishing.
I scanned it at
Complete zip site
https://www.virustotal.com/en/file/baae97423b1024cdb0a41613f7cbbbd95b05efca2e565dd3fa86ab9445043b39/analysis/1555961542/
Url site
https://www.virustotal.com/en/url/87076758495fddc36ba5e872739182f02d78e995d2cd31f8532fb7e0eff00071/analysis/

And show all clean.
If there arent any problem then can be my site removed from blackSite? thanks.

Detection was removed yesterday 25.04.2019 at 12:00.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: Alpian Noor on April 29, 2019, 05:36:38 AM
hi, ask for our website has been blocked by avast url phishing
website : www.pn-batulicin.go.id
Title: Re: Site Blocked - URL:Phishing
Post by: mchain on April 29, 2019, 06:00:58 AM
https://sitecheck.sucuri.net/results/www.pn-batulicin.go.id (https://sitecheck.sucuri.net/results/www.pn-batulicin.go.id)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on May 01, 2019, 01:47:32 AM
hi, ask for our website has been blocked by avast url phishing
website : www[.]pn-batulicin[.]go.id

Detection was removed on 30.04.2019.

Phishing where

https://www.virustotal.com/gui/url/aa989250c8a546a87fe3557d445bfb94fc7e7087bb58da35e67582e4c27ae89e/detection

http://www.siteadvisor.com/sitereport.html?url=http://pn-batulicin.go.id/cache

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: devilmanozzy on May 05, 2019, 06:03:28 AM
Fandom Community Central has been being labelled a Phishing site the last few days. I'm not a tech. 

https://sitecheck.sucuri.net/results/www.community.fandom.com (https://sitecheck.sucuri.net/results/www.community.fandom.com)

Why is it a threat now? Did I miss something here?

Title: Re: Site Blocked - URL:Phishing
Post by: polonus on May 05, 2019, 03:22:58 PM
Also a former AVG threat detection:
https://www.virustotal.com/pl/url/a7414127e577b0c89ed130c3f7e79af0800110d40ea7fc149b22b818357ef4fd/analysis/

What about a link to -https://slot1-images.wikia.nocookie.net/__load/-/cb%3D1556562431137%26debug%3Dfalse%26lang%3Den%26only%3Dscripts%26skin%3Doasis/amd|wikia.tracker.stub,stub|wikia.abTest,cache,cookies,document,geo,instantGlobals,location,log,querystring,window

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on May 09, 2019, 10:18:27 PM
Fandom Community Central has been being labelled a Phishing site the last few days. I'm not a tech. 

https://sitecheck.sucuri.net/results/www.community.fandom.com (https://sitecheck.sucuri.net/results/www.community.fandom.com)

Why is it a threat now? Did I miss something here?

Check URL and  the detection was fixed same date on 05.05.2019.

Quote from: Avast
Our virus specialists have been working on this problem and it has been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: Rafael390 on May 11, 2019, 01:11:33 AM
Hi there,
Could yo please check why my web site marked as url:phishing.
The address is https://www.accountsplusservices.co.nz/
The web-site build and hosted on Wix.com platform and doesn't contain any third party scripts.


Thanks in advance.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on May 11, 2019, 11:53:37 AM
Once there could have been an intrusion attempt from 130.211.46.196 as a MultiHost/MultiPort Probe, Scan, Hack -

Threats for that address - mails can be fraudulously sent - SPF not enabled - DMARC not enabled;
DNS is susceptible to M-i-M attacks.
No abuse reports for Wix.com, Ashburn  ;)
Could be avast flags this script on your site: results from scanning URL: -https://static.parastorage.com/unpkg/requirejs-bolt@2.3.6/requirejs.min.js
Number of sources found: 7 ; number of sinks found: 2  and the connection DOM-XSS scan link to : //cdn-rtb.sape.ru/teasers/ there.

Hosting: https://toolbar.netcraft.com/site_report?url=https://static.parastorage.com
But wait for a final verdict from an avast team member after this weekend, as they are the only ones to come and unblock..
We are just volunteers with relevant knowledge.

Some improvement recommendations you could implement anyways, just 3, very, very good results for the included scripts:
https://webhint.io/scanner/0afa232f-0551-4104-8b68-a575e8dcd3f2   ;)

Given clean here, no alerts: https://urlquery.net/report/cbea3ecc-9526-4fca-a759-2df231ae7749

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on May 11, 2019, 12:31:55 PM
About the scanning via 130.211.46.196 -196.46.211.130.bc.googleusercontent.com   a.k.a. https://www.shodan.io/search?query=parastorage.com (GoDaddy),
Quote
Full Name:
                  URI:-http://crl.godaddy.com/gdig2s1-848.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114413.1.7.23.1
                  CPS: -http://certificates.godaddy.com/repository/
                Policy: 2.23.140.1.2.1

            Authority Information Access:
                OCSP - URI:-http://ocsp.godaddy.com/
                CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt

            X509v3 Authority Key Identifier:
                keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE

            X509v3 Subject Alternative Name:
                DNS:*-.parastorage.com, DNS:-parastorage.com
            X509v3 Subject Key Identifier:
                7D:9F:A9:69:69:B4:B0:F6:9C:F4:F2:2B:AF:0B:26:3E:39:ED:4C:9F
            1.3.6.1.4.1.11129.2.4.2:
                ...j.h.v.......X......gp

pol
Title: Re: Site Blocked - URL:Phishing
Post by: Dastel on May 11, 2019, 09:03:22 PM
Hello i have the same problem with my Website:
https://www.envases-riviere.com.ar
Can you unlock URL?
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on May 11, 2019, 09:04:50 PM
-> https://sitecheck.sucuri.net/results/https/www.envases-riviere.com.ar
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on May 11, 2019, 11:55:08 PM
Site has been blacklisted by certain parties. You are with 134 other domains on that same Ip address.
165 Website improvement tips: https://webhint.io/scanner/530fbc69-1d2c-46d5-8e95-03c7f9c1f338
Service temporarily unavailable: https://www.shodan.io/host/181.88.192.108
Re: https://toolbar.netcraft.com/site_report?url=http://host108.181-88-192.telecom.net.ar/
DOM-XSS issues: Results from scanning URL: -https://www.envases-riviere.com.ar/js/jquery-ui.min.js
Number of sources found: 286 ; number of sinks found: 14
Consider JQuery vuln. listed here: https://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003
and
Results from scanning URL: -https://www.envases-riviere.com.ar/js/bootstrap.js
Number of sources found: 33 ; number of sinks found: 10

jQuery library retirables: Retire.js
jquery-ui-dialog   1.10.4   Found in -https://www.envases-riviere.com.ar/js/jquery-ui.min.js
Vulnerability info:
High   CVE-2016-7103 281 XSS Vulnerability on closeText option   
jquery   2.2.0.min   Found in -https://www.envases-riviere.com.ar/js/jquery-2.2.0.min.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   

Found with JavaScript error notifier:
Quote
SyntaxError: Invalid or unexpected token
 /js/jquery-2.2.0.min.js:3

Bootstrap's JavaScript requires jQuery
 /js/bootstrap.js:1

ReferenceError: jQuery is not defined
 /js/main.js:1

SyntaxError: Invalid or unexpected token
 /js/jquery-ui.min.js:6

ReferenceError: $ is not defined
 /:275

issues like security headers not set: content-security-policy upgrade-insecure-requests

x-content-type-options Header not returned

x-xss-protection Header not returned

x-frame-options Header not returned

Issue:
Quote
Loaded script with known vulnerabilities: -https://www.envases-riviere.com.ar/js/jquery-ui.min.js
 - jquery-ui-dialog 1.10.4 - Info: -https://github.com/jquery/api.jqueryui.com/issues/281 https://nvd.nist.gov/vuln/detail/CVE-2016-7103 https://snyk.io/vuln/npm:jquery-ui:20160721
 - jquery-ui-autocomplete 1.10.4 - Info:
 - jquery-ui-tooltip 1.10.4 - Info:

Ask for an avast team member to give a final verdict, we here are just volunteers with relevant knowledge,
but only avast team members can come and unblock.

Here Dr.Web gives the site the all green:
Checking: -https://www.envases-riviere.com.ar/js/jquery-ui.min.js
File size: 223.19 KB
File MD5: e13b62d667cbfc5665579e7b57962f61

-https://www.envases-riviere.com.ar/js/jquery-ui.min.js - archive JS-HTML
-https://www.envases-riviere.com.ar/js/jquery-ui.min.js - Ok

Checking: -https://www.google.com/recaptcha/api.js
File size: 762 bytes
File MD5: 1b7fbf87773cb1fd579adc8e30af340c

-https://www.google.com/recaptcha/api.js - archive JS-HTML
>-https://www.google.com/recaptcha/api.js/JSFile_1[0][2fa] - Ok
-https://www.google.com/recaptcha/api.js - Ok

Checking: -https://www.envases-riviere.com.ar/js/bootstrap-slider.js
File size: 33.13 KB
File MD5: 2f03afee2a8e39461e6110eb708f2d09

-https://www.envases-riviere.com.ar/js/bootstrap-slider.js - Ok

Checking: -https://www.envases-riviere.com.ar/js/bootstrap.js
File size: 35.79 KB
File MD5: 64763807038d13f7e33cdac2d2bcbdaa

-https://www.envases-riviere.com.ar/js/bootstrap.js - Ok

Checking: -https://www.envases-riviere.com.ar/js/jquery-2.2.0.min.js
File size: 83.58 KB
File MD5: 4f4791cfd0bda7f2e54452ce76be60b1

-https://www.envases-riviere.com.ar/js/jquery-2.2.0.min.js - archive JS-HTML
>-https://www.envases-riviere.com.ar/js/jquery-2.2.0.min.js/JSTag_1[ab2e][a327] - Ok
>-https://www.envases-riviere.com.ar/js/jquery-2.2.0.min.js/JSTag_2[ba0f][9446] - Ok
>-https://www.envases-riviere.com.ar/js/jquery-2.2.0.min.js/JSTag_3[13a0f][1446] - Ok
-https://www.envases-riviere.com.ar/js/jquery-2.2.0.min.js - Ok

Checking: -https://www.envases-riviere.com.ar/js/main.js
File size: 5022 bytes
File MD5: c44e2777229dc5a6e92d35068e450759

-https://www.envases-riviere.com.ar/js/main.js - Ok

Checking: -https://www.envases-riviere.com.ar/
Engine version: 7.0.34.11020
Total virus-finding records: 7658532
File size: 29.32 KB
File MD5: 054b738f1f38e3311bedbae2b911bad4

-https://www.envases-riviere.com.ar/ - archive JS-HTML
>-https://www.envases-riviere.com.ar//JSTAG_1[e][189] - Ok
>-https://www.envases-riviere.com.ar//JSTAG_2[3c57][11e] - Ok
>-https://www.envases-riviere.com.ar//JSTAG_3[6ace][5ca] - Ok
>-https://www.envases-riviere.com.ar//JSTAG_4[70cf][2f8] - Ok
>-https://www.envases-riviere.com.ar//JSTAG_5[73f9][131] - Ok
-https://www.envases-riviere.com.ar/ - Ok

confirmed here: https://www.virustotal.com/en/url/955885af59c7308e4cd1aca4caa7ec453be1e0c1fe9bd488c0c30f79d93c8efc/analysis/

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Rafael390 on May 12, 2019, 04:40:23 AM
Some improvement recommendations you could implement anyways, just 3, very, very good results for the included scripts:
https://webhint.io/scanner/0afa232f-0551-4104-8b68-a575e8dcd3f2   ;)

Re: https://www.accountsplusservices.co.nz/ blacklist

This web-site was built by my friend for her little company and who knows nothing about software development and cyber security as same as an obvious Wix.com user.
She asked me to check why it doesn't work just 2 days ago.
I found that there were some incorrectness in Name zone records on Wix.com and in the service where she bought domain name at the same time.
Finally I fixed that and her email became working.
Thanks for recommendations, but as I said the web-site built totally on Wix.com platform and we don't have to understand how their scripts work on that site and on thousands others sites where those features are enabled.
Moreover, I don't think we are able to fix them.
I can just re-address your recommendations to the Wix.com developers and ask money back for the time while site was blocked.
Surprisingly the web-site blacklisted only in Avast.
So I would prefer to hear verdict from Avast team as from first instance  and then contact Wix.com if it won't help.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on May 12, 2019, 08:43:54 AM
Hi Rafael390,

Very wise decision on your behalf. Just wait for an avast team member to give a final explanation as to what they flagged there.
"Wysiwyg"-website CMS can be a minefield in the hands of the unaware, but again also the avast detection can be an FP, temporarily correct or just for another domain that shares that IP. Wait for an avast member to appear as this will most likely be after the weekend, I presume,

Stay safe and secure both online and offline, is the wish of,

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: EnRaMy on May 12, 2019, 09:39:22 AM
Hi there,
Could yo please check why my web site marked as url:phishing.
The address is https://www.Qawafil.Org
The web-site Is a charity organization located in Kuwait and I tested the site on the following sites :
https://sitecheck.sucuri.net/
https://rescan.pro
https://www.virustotal.com
Title: Re: Site Blocked - URL:Phishing
Post by: mchain on May 12, 2019, 05:52:24 PM
Hi there,
Could yo please check why my web site marked as url:phishing.
The address is hxxps://www.Qawafil.Org
The web-site Is a charity organization located in Kuwait and I tested the site on the following sites :
https://sitecheck.sucuri.net/
https://rescan.pro
https://www.virustotal.com
Well, if your links were actual test results you would've seen this: 
https://www.virustotal.com/#/url/aa77b132c4edf00f71386c6f12e1d08c52ba238d51a74dc8183b96664fdc4727/detection (https://www.virustotal.com/#/url/aa77b132c4edf00f71386c6f12e1d08c52ba238d51a74dc8183b96664fdc4727/detection)
https://rescan.pro/go.php (https://rescan.pro/go.php)
https://sitecheck.sucuri.net/results/https/www.qawafil.org (https://sitecheck.sucuri.net/results/https/www.qawafil.org)
So, not just Avast blocking.
More:
https://quttera.com/detailed_report/www.qawafil.org (https://quttera.com/detailed_report/www.qawafil.org)
https://zulu.zscaler.com/submission/0dbb7e3a-7629-4f60-a267-e3fa403e5132 (https://zulu.zscaler.com/submission/0dbb7e3a-7629-4f60-a267-e3fa403e5132)
http://urlquery.net/report/55c1897a-48ae-4957-89b8-f43ab8be78d3 (http://urlquery.net/report/55c1897a-48ae-4957-89b8-f43ab8be78d3)
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on May 12, 2019, 05:55:45 PM
Hi there,
Could yo please check why my web site marked as url:phishing.
The address is hxxps://www.Qawafil.Org
The web-site Is a charity organization located in Kuwait and I tested the site on the following sites :
https://sitecheck.sucuri.net/
https://rescan.pro
https://www.virustotal.com

Break link (as I have in the quoted text) to suspect site to prevent accidental exposure.
Title: Re: Site Blocked - URL:Phishing
Post by: Ser518 on May 13, 2019, 03:21:33 PM
Hello. When i try to download files from site: bankrot.fedresurs.ru - it is blocked with "URL:Blacklist". Can you fix it ?
(for example: https://bankrot.fedresurs.ru/Download/file.fo?id=2044491&type=MessageDocument)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on May 14, 2019, 03:23:13 AM
Hello i have the same problem with my Website:
hxxps://www.envases-riviere[.]com.ar
Can you unlock URL?

Hello.
Detection was removed on 13.05.2019.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on May 14, 2019, 11:21:33 AM
Re: -http://bankrot.fedresurs.ru/brasdocument.aspx/index.html?id=4167503
Re: https://www.virustotal.com/#/url/05c63b35cd0e8c58336427e700d409edb7bb1cb57c1c4b8777476175d7c0cd2d/detection

Wait for an avast team member to give a final verdict, Dr. Web does not seem to detect it any longer.

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: seo10 on May 15, 2019, 10:33:10 PM
Why Avast block https://baxov.net
How can fix this ?
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on May 15, 2019, 10:42:26 PM
Why Avast block https://baxov.net
How can fix this ?
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


https://www.virustotal.com/#/url/d763a043e1f287e61adbf085e25af6fa3c8356d9b16f38d3791f2be886d38e8b/detection


Title: Re: Site Blocked - URL:Phishing
Post by: seo10 on May 15, 2019, 11:14:22 PM
Why Avast block https://baxov.net
How can fix this ?
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


https://www.virustotal.com/#/url/d763a043e1f287e61adbf085e25af6fa3c8356d9b16f38d3791f2be886d38e8b/detection

Thank you

We see a lot of fake abuse.
We will try to contact other AV. PhishTank has already deleted from its list.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on May 16, 2019, 01:22:20 PM
Hi there,
Could yo please check why my web site marked as url:phishing.
The address is htxps://www.Qawafil[.]Org
The web-site Is a charity organization located in Kuwait and I tested the site on the following sites :
https://sitecheck.sucuri.net/
https://rescan.pro
https://www.virustotal.com

Detection was removed on 16.05.2019 at 04:29.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on May 17, 2019, 04:49:04 AM
Hi there,
Could yo please check why my web site marked as url:phishing.
The address is htxps://www.accountsplusservices.co[.]nz/
The web-site build and hosted on Wix.com platform and doesn't contain any third party scripts.

Thanks in advance.

Detection was removed 16.05.2019.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: mudoo on May 20, 2019, 05:21:22 AM
Site: https://www.streamcraft.com
VirusTotal: https://www.virustotal.com/#/url/a9293cdb375a068cb58d54e2ddeadd381b65cd0c89d5f62d55f49c0a88808f0a/detection
https://www.virustotal.com/#/url/8844e56eca1b4bf8db6d8b3daf3744d4f80ecb555cf2427bcc6c199ef18c7728/detection

Avast blocked https://webapi.streamcraft.com/,it's juest a API domain. How to fix it?
Title: Re: Site Blocked - URL:Phishing
Post by: mchain on May 20, 2019, 07:11:57 AM
https://sitecheck.sucuri.net/results/www.streamcraft.com (https://sitecheck.sucuri.net/results/www.streamcraft.com)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on May 21, 2019, 02:39:43 AM
Hello. When i try to download files from site: bankrot.fedresurs.ru - it is blocked with "URL:Blacklist". Can you fix it ?
(for example: hxxps://bankrot.fedresurs[.]ru/Download/file.fo?id=2044491&type=MessageDocument)

Detection was removed 20.05.2019 12:28 PM

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided URL is not detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on May 21, 2019, 02:47:51 AM
Site: hxxps://www.streamcraft[.]com
VirusTotal: https://www.virustotal.com/#/url/a9293cdb375a068cb58d54e2ddeadd381b65cd0c89d5f62d55f49c0a88808f0a/detection
https://www.virustotal.com/#/url/8844e56eca1b4bf8db6d8b3daf3744d4f80ecb555cf2427bcc6c199ef18c7728/detection

Avast blocked hxxps://webapi.streamcraft[.]com/,it's juest a API domain. How to fix it?

Detection was removed on 20.05.2019 at 11:52 AM

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided URL is not detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on May 22, 2019, 02:08:41 AM
Why Avast block hxxps://baxov[.]net
How can fix this ?

Detection has been removed 21.05.2019 at 05:19 in the morning.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: EnRaMy on May 22, 2019, 03:06:13 PM
Well, if your links were actual test results you would've seen this: 
https://www.virustotal.com/#/url/aa77b132c4edf00f71386c6f12e1d08c52ba238d51a74dc8183b96664fdc4727/detection (https://www.virustotal.com/#/url/aa77b132c4edf00f71386c6f12e1d08c52ba238d51a74dc8183b96664fdc4727/detection)
https://rescan.pro/go.php (https://rescan.pro/go.php)
https://sitecheck.sucuri.net/results/https/www.qawafil.org (https://sitecheck.sucuri.net/results/https/www.qawafil.org)
So, not just Avast blocking.
More:
https://quttera.com/detailed_report/www.qawafil.org (https://quttera.com/detailed_report/www.qawafil.org)
https://zulu.zscaler.com/submission/0dbb7e3a-7629-4f60-a267-e3fa403e5132 (https://zulu.zscaler.com/submission/0dbb7e3a-7629-4f60-a267-e3fa403e5132)
http://urlquery.net/report/55c1897a-48ae-4957-89b8-f43ab8be78d3 (http://urlquery.net/report/55c1897a-48ae-4957-89b8-f43ab8be78d3)

Thanks for your answer , I've rechecked all the site and Installed Web Application Firewall on server , now all sites give clean results , but Avast still showing phising site
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on May 22, 2019, 03:44:42 PM
Well, if your links were actual test results you would've seen this: 
https://www.virustotal.com/#/url/aa77b132c4edf00f71386c6f12e1d08c52ba238d51a74dc8183b96664fdc4727/detection (https://www.virustotal.com/#/url/aa77b132c4edf00f71386c6f12e1d08c52ba238d51a74dc8183b96664fdc4727/detection)
https://rescan.pro/go.php (https://rescan.pro/go.php)
https://sitecheck.sucuri.net/results/https/www.qawafil.org (https://sitecheck.sucuri.net/results/https/www.qawafil.org)
So, not just Avast blocking.
More:
https://quttera.com/detailed_report/www.qawafil.org (https://quttera.com/detailed_report/www.qawafil.org)
https://zulu.zscaler.com/submission/0dbb7e3a-7629-4f60-a267-e3fa403e5132 (https://zulu.zscaler.com/submission/0dbb7e3a-7629-4f60-a267-e3fa403e5132)
http://urlquery.net/report/55c1897a-48ae-4957-89b8-f43ab8be78d3 (http://urlquery.net/report/55c1897a-48ae-4957-89b8-f43ab8be78d3)

Thanks for your answer , I've rechecked all the site and Installed Web Application Firewall on server , now all sites give clean results , but Avast still showing phising site

Have you actually submitted the URL to avast for analysis ?
If not use the https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on May 26, 2019, 12:26:58 AM
Well, if your links were actual test results you would've seen this: 
https://www.virustotal.com/#/url/aa77b132c4edf00f71386c6f12e1d08c52ba238d51a74dc8183b96664fdc4727/detection (https://www.virustotal.com/#/url/aa77b132c4edf00f71386c6f12e1d08c52ba238d51a74dc8183b96664fdc4727/detection)
https://rescan.pro/go.php (https://rescan.pro/go.php)
https://sitecheck.sucuri.net/results/https/www.qawafil.org (https://sitecheck.sucuri.net/results/https/www.qawafil.org)
So, not just Avast blocking.
More:
https://quttera.com/detailed_report/www.qawafil.org (https://quttera.com/detailed_report/www.qawafil.org)
https://zulu.zscaler.com/submission/0dbb7e3a-7629-4f60-a267-e3fa403e5132 (https://zulu.zscaler.com/submission/0dbb7e3a-7629-4f60-a267-e3fa403e5132)
http://urlquery.net/report/55c1897a-48ae-4957-89b8-f43ab8be78d3 (http://urlquery.net/report/55c1897a-48ae-4957-89b8-f43ab8be78d3)

Thanks for your answer , I've rechecked all the site and Installed Web Application Firewall on server , now all sites give clean results , but Avast still showing phising site

There really was a problem, they corrected, did not do the complete job.

Quote from: Avast
We submitted the data for review again.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on May 26, 2019, 09:22:49 AM
I get a 301 Moved Permanently for 192.124.249.168, see https://urlquery.net/report/bfd037e8-179a-4c4c-a369-9de5cf2a4a0c
The site you are visiting is using Sucuri Website Firewall. And for some reason it is not configured properly. If you are the site owner, please open a ticket here asap for us to look at it for you: https://support.sucuri.net. If you are visiting the site please try again in a few minutes.

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: antoine.db99 on May 26, 2019, 12:46:10 PM
Hello, it looks like avast prevents any access on my website because of Phishing and I don't see any reason it is acting that way.
Could you please unlock the access to http://www.gite-les-tilleuls-saint-romain-en-jarez.com/ ?
Thank you.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on May 26, 2019, 12:55:14 PM
-> https://sitecheck.sucuri.net/results/www.gite-les-tilleuls-saint-romain-en-jarez.com
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on May 26, 2019, 01:10:55 PM
Last alerted 2017: https://urlquery.net/report/ee12d2f8-0d93-467b-93a2-25e5d099e4b5

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on May 29, 2019, 03:07:39 AM
Hello, it looks like avast prevents any access on my website because of Phishing and I don't see any reason it is acting that way.
Could you please unlock the access to hxxp://www.gite-les-tilleuls-saint-romain-en-jarez[.]com/ ?
Thank you.

Detection has been removed 28.05.2019 in 04:38 AM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on May 29, 2019, 11:01:36 PM
Thanks for your answer , I've rechecked all the site and Installed Web Application Firewall on server , now all sites give clean results , but Avast still showing phising site

The plugin was updated in 1 July 2019 and removed the detection.
Title: Re: Site Blocked - URL:Phishing
Post by: okapii on May 31, 2019, 09:51:57 PM
Hi, please remove caballoscriollos.com from the blacklist
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on May 31, 2019, 09:54:12 PM
Hi, please remove caballoscriollos.com from the blacklist
Sucuri  INFECTED   https://sitecheck.sucuri.net/results/caballoscriollos.com

https://www.virustotal.com/gui/url/e1d328e2393e29243847ca33fcf7dd12c03407f752a8c78618675bf794994e2b/detection


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php



Title: Re: Site Blocked - URL:Phishing
Post by: EnRaMy on June 01, 2019, 12:29:22 AM
Well, if your links were actual test results you would've seen this: 
https://www.virustotal.com/#/url/aa77b132c4edf00f71386c6f12e1d08c52ba238d51a74dc8183b96664fdc4727/detection (https://www.virustotal.com/#/url/aa77b132c4edf00f71386c6f12e1d08c52ba238d51a74dc8183b96664fdc4727/detection)
https://rescan.pro/go.php (https://rescan.pro/go.php)
https://sitecheck.sucuri.net/results/https/www.qawafil.org (https://sitecheck.sucuri.net/results/https/www.qawafil.org)
So, not just Avast blocking.
More:
https://quttera.com/detailed_report/www.qawafil.org (https://quttera.com/detailed_report/www.qawafil.org)
https://zulu.zscaler.com/submission/0dbb7e3a-7629-4f60-a267-e3fa403e5132 (https://zulu.zscaler.com/submission/0dbb7e3a-7629-4f60-a267-e3fa403e5132)
http://urlquery.net/report/55c1897a-48ae-4957-89b8-f43ab8be78d3 (http://urlquery.net/report/55c1897a-48ae-4957-89b8-f43ab8be78d3)

Thanks for your answer , I've rechecked all the site and Installed Web Application Firewall on server , now all sites give clean results , but Avast still showing phising site

Have you actually submitted the URL to avast for analysis ?
If not use the https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).

I've submitted the URL and received this answer :
"Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files."

but till now still the same
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on June 01, 2019, 01:36:25 AM
<snip quotes>
Have you actually submitted the URL to avast for analysis ?
If not use the https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).

I've submitted the URL and received this answer :
"Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files."

but till now still the same

I've just visited the site (hxxps://qawafil[.]org/)and no alert.

First ensure that you have the latest virus definitions, it may be worth clearing your browser cache (though that shouldn't really impact the detection if cleared).
Title: Re: Site Blocked - URL:Phishing
Post by: Emilio55 on June 01, 2019, 01:41:16 AM
Estimado Avast,

Tengo un sitio web seraser.pe, este sitio anteriormente estaba infectado con phishing pero hemos trabajo en limpiarlo, ahora escaneamos nuestros archivos y el resultado es favorable, no contamos con mas archivos infectados.
Pero el antivirus avast detecta nuestro sitio malicioso, http://prntscr.com/nw4h5o

Por favor deseamos saber porque, sudece esto.
Pensamos que podria ser que ustede no han actulizado su base de datos despues que nuestro sitio fue limpiado.
Por favor pedimos su ayuda.

Saludos
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on June 01, 2019, 03:20:03 AM
Estimado Avast,

Tengo un sitio web seraser.pe, este sitio anteriormente estaba infectado con phishing pero hemos trabajo en limpiarlo, ahora escaneamos nuestros archivos y el resultado es favorable, no contamos con mas archivos infectados.
Pero el antivirus avast detecta nuestro sitio malicioso, http://prntscr.com/nw4h5o

Por favor deseamos saber porque, sudece esto.
Pensamos que podria ser que ustede no han actulizado su base de datos despues que nuestro sitio fue limpiado.
Por favor pedimos su ayuda.

Saludos

Have you actually submitted the URL to avast for analysis ?
If not use the report form.

¿Has enviado la URL a avast para su análisis?
Si no utiliza el formulario de informe.

https://www.avast.com/false-positive-file-form.php.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on June 01, 2019, 06:32:37 PM
No detection here: https://www.virustotal.com/gui/url/ccec016a3c910bc2aac90f757d2a38fd4073baba197c4265d0f263f541f2da6a/detection
Cloudflare abuse? https://www.shodan.io/host/104.20.14.105
Re: https://www.abuseipdb.com/check/104.20.14.105
No content:
Quote
Content that was returned by your request for the URL: https://prntscr.com/nw4h5o
Note: Content displayed is from the redirect location, the URL https://prnt.sc/nw4h5o
Quote
1:  < html>
2:  < head> < title> 301 Moved Permanently< /title> < /head>
3:  < body bgcolor="white">
4:  < center> < h1> 301 Moved Permanently< /h1> < /center>
5:  < hr> < center> nginx< /center>
6:  < /body>
7:  < /html>
Advertencia Marked as phishing site..flagged https://sitecheck.sucuri.net/results/https/prntscr.com/nw4h5o

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on June 04, 2019, 05:00:42 AM
Estimado Avast,

Tengo un sitio web seraser.pe, este sitio anteriormente estaba infectado con phishing pero hemos trabajo en limpiarlo, ahora escaneamos nuestros archivos y el resultado es favorable, no contamos con mas archivos infectados.
Pero el antivirus avast detecta nuestro sitio malicioso, http://prntscr.com/nw4h5o

Por favor deseamos saber porque, sudece esto.
Pensamos que podria ser que ustede no han actulizado su base de datos despues que nuestro sitio fue limpiado.
Por favor pedimos su ayuda.

Saludos

Detection was removed 03.06.2019 at 08:44 am

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: recordplay on June 04, 2019, 07:54:21 PM
In the past week, every time I go to the web site studio51music.com I get blocked by Avast with the message, infected with URL:Phishing.  I know the site is good, I've talked with the owner and no one else has had any problems with it.  Can you please unblock?
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on June 04, 2019, 08:35:33 PM
In the past week, every time I go to the web site studio51music.com I get blocked by Avast with the message, infected with URL:Phishing.  I know the site is good, I've talked with the owner and no one else has had any problems with it.  Can you please unblock?

It would appear that it isn't only Avast that finds it suspect, McAfee  also.

https://sitecheck.sucuri.net/results/studio51music.com (https://sitecheck.sucuri.net/results/studio51music.com)

I suggest that at the very least you use the https://www.avast.com/false-positive-file-form.php report form.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on June 04, 2019, 09:46:57 PM
According to this scan the site is still PHISHING
https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c3R1I1tdNTFtdXNbXi5eXW0%3D~enc
vuln. jQuery libraries: https://retire.insecurity.today/#!/scan/5e2c3ba337c68a84c699f43e3737aa6ba2a35747d81b3d819f03e6387c58ea16
This seems OK: http://www.isithacked.com/check/studio51music.com
Site is blacklisted. Web authorities are blocking traffic because your website is unsafe for visitors.
DOM-XSS issues: Results from scanning URL: -http://studio51music.com/js/S51Content.js
Number of sources found: 263
Number of sinks found: 17
recommendations to improve website: https://webhint.io/scanner/9e2e97bc-9640-4ca8-af21-115ca2ad1496

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Guillaume B on June 05, 2019, 11:48:08 AM
Hello,
My site www.my-skybar.com is blocked by Avast for a "URL:Phishing" reason. I don't understand since I developed it using embedded features of a big CMS, so I guess it is clean...

Based on what I read on this forum, I have just submitted it to Avast for false positive analysis. I double checked on sucuri as well and my site seems clean (minimal security risk).

Do I have anything more to do ?

Thank you for your help.
Best,
GB
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on June 06, 2019, 01:04:37 PM
In the past week, every time I go to the web site studio51music.com I get blocked by Avast with the message, infected with URL:Phishing.  I know the site is good, I've talked with the owner and no one else has had any problems with it.  Can you please unblock?

Detection was removed 06.06.2019 at 05:38.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on June 06, 2019, 01:07:52 PM
Hello,
My site www[.]my-skybar[.]com is blocked by Avast for a "URL:Phishing" reason. I don't understand since I developed it using embedded features of a big CMS, so I guess it is clean...

Based on what I read on this forum, I have just submitted it to Avast for false positive analysis. I double checked on sucuri as well and my site seems clean (minimal security risk).

Do I have anything more to do ?

Thank you for your help.
Best,
GB

Detection already removed 06.06.2019.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided URL is not detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: whil on June 11, 2019, 06:43:38 AM
Hello,

I'm also having the same problem with a site I'm working on https://celebritypublishers.com. it is being blocked for "URL:Phishing", but it is a relatively new site and a clean install. I also tried to scan it thoroughly, this is clearly a false positive.

Thanks
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on June 11, 2019, 07:37:32 PM
Hi whil,

Checking for cloaking
There is a difference of 1 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot.
This probably means some code is running on your site that's trying to hide from browsers
but make Google think there's something else on the page. show.
Quote
var tve_dash_front = {"ajaxurl":"-https:\/\/celebritypublishers.com\/wp-admin\/admin-ajax.php","force_ajax_send":"","is_crawler":""};
var tve_dash_front = {"ajaxurl":"-https:\/\/celebritypublishers.com\/wp-admin\/admin-ajax.php","force_ajax_send":"","is_crawler":"1"};

27 improvement suggestions, some security related: https://webhint.io/scanner/787f748a-b7e8-414d-9e54-73292270cab6

1 vuln. jQuery library detected: https://retire.insecurity.today/#!/scan/c2ac8916a761d187351573daca1c2b3c32273c7a59bef31962d47f758eafd297

Quite some vuln. on the Houston hoster, where you share your address with 137 others:
https://www.shodan.io/host/192.185.163.130  a.o. Exim smtpdVersion: 4.91 vuln. version, recently in the news,
hopefully they patched that server with F-grade scan results: https://observatory.mozilla.org/analyze/unifiedlayer.com

15 immediate potential threats: https://app.upguard.com/#/https://celebritypublishers.com

probably your detection is IP related (trojan finds): https://www.virustotal.com/gui/ip-address/192.185.163.130/relations

Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Abuse CC: OK
Dshield Blocklist: OK
Cisco Talos Blacklist: OK
Web Server:
nginx/1.15.10
X-Powered-By:
None
IP Address:
-192.185.163.130
Hosting Provider:
Unified Layer 
Shared Hosting:
138 sites found on 192.185.163.130

Protection Recommendations
Directory Listing is enabled on your site. This can lead to information leakage. We recommend disabling Directory Listing.
a.k.a.  Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/      enabled (should be set disabled)
/wp-content/plugins/      disabled

Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Check for latest updates: The following plugins were detected by reading the HTML source of the WordPress sites front page.

thrive-visual-editor   
google-analytics-for-wordpress   latest release (7.6.0)
https://www.monsterinsights.com/
the-grid   
gtranslate   latest release (2.8.47)
https://gtranslate.io/
smart-slider-3   latest release (3.3.20)
https://smartslider3.com/

Wait for an avast team member to give a final verdict, we are just volunteers with relevant expertise.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on June 11, 2019, 11:55:45 PM
Hello,

I'm also having the same problem with a site I'm working on hxxps://celebritypublishers.com. it is being blocked for "URL:Phishing", but it is a relatively new site and a clean install. I also tried to scan it thoroughly, this is clearly a false positive.

Thanks

Detection was removed in the morning on 11.06.2019.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on June 12, 2019, 12:50:29 AM
In the past week, every time I go to the web site studio51music.com I get blocked by Avast with the message, infected with URL:Phishing.  I know the site is good, I've talked with the owner and no one else has had any problems with it.  Can you please unblock?

Site continues to be classified by the plugin Avast Online Security (Phishing) should be cleaned by the owner who is saying that the site is good.

https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fstudio51music.com%2F&hl=en

https://www.phishtank.com/phish_detail.php?phish_id=6051287

When Google Safe Browsing report show up no unsafe content was found then avast can cleanup the reputation
use  https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: Milin Shah on June 17, 2019, 02:13:46 PM
Hello,

I have the same problem with my Website:
https://appraisermatch.com
Can you unlock URL?
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on June 17, 2019, 02:16:56 PM
Hello,

I have the same problem with my Website:
hxxps://appraisermatch.com
Can you unlock URL?
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on June 17, 2019, 04:51:11 PM
There was an error executing your search, please adjust your search-term and try again. Message:

[token_mgr_error] token_mgr_error: Lexical error at line 1, column 32. Encountered: <EOF> after : ""
OK: https://www.virustotal.com/gui/url/2101fabb785aad5893f6b68acc2c9f009b266767bb38d990d4d38646c4d1154e/detection

linting results: https://webhint.io/scanner/6576ead2-659b-4463-b445-0e1ef7529685

dom-xss in modernizr: Results from scanning URL: -https://www.appraisermatch.com/static/63u8YyfqWyKm0q2DD3lRBpOzLnZhQjSmWhPELGnxS68.js
Number of sources found: 55
Number of sinks found: 17

Re: https://urlscan.io/result/2393f7fb-8b30-44e3-b187-a946e668d9f8/loading
& https://observatory.mozilla.org/analyze/appraisermatch.com
Re: https://www.appraisermatch.com/static/5yP0mGjB8MlfyypmQCf4Yk9feM8vLYBJnYjSAaDKikp.json

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on June 19, 2019, 05:33:16 PM
Hello,
I have the same problem with my Website:
hxxps://appraisermatch.com
Can you unlock URL?

Detection was removed in 19.06.2019 08:33

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: pavleta.taseva on June 24, 2019, 02:05:00 PM
Hello, I am having the same issue with my shopify store (password protected for the moment), namely:
https://www.my-little-store.com/password
Since today it says that the website can harm my pc and it is blocled, saying URL: Phishing. I included it in my exceptions lists of trusted sites but what about my future customers? Why my site is listed as scammy? Please, help me and unblock it or you could also give me directions what to remove from it in order to be able to be white listed again.
Thanks in advance!
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on June 24, 2019, 02:30:08 PM
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on June 26, 2019, 03:16:48 AM
Hello, I am having the same issue with my shopify store (password protected for the moment), namely:
hxxps://www.my-little-store.com/password
Since today it says that the website can harm my pc and it is blocled, saying URL: Phishing. I included it in my exceptions lists of trusted sites but what about my future customers? Why my site is listed as scammy? Please, help me and unblock it or you could also give me directions what to remove from it in order to be able to be white listed again.
Thanks in advance!

Detection was removed 25.06.2019

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: ivakhasashahacker on June 26, 2019, 07:16:57 PM
Сайт блокирует антивирус AVSST https://fingid-olimp.com.ua/

Можете поправить этот глюк

С ув, Алексайндр
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on June 26, 2019, 09:43:12 PM
Witam ivakhasashahacker,

I do not see problems for your site, as many other domains on that same IP address are being flagged,
that might be the cause of that FP.

One should ask an avast team member to exclude your particular site.
Only avast team members can do that, so wait for their final verdict.

We here are just volunteers with relevant knowledge in the field of 3rd party cold reconnaissance website security.

Consider the following results.

Re: https://urlquery.net/report/1003ac1a-eae6-4e6d-a839-3d0680bce768
Given OK: https://www.virustotal.com/gui/url/731242651cec57b39ee7dd6521232d405ebb13c0c2f798f9950306081a9832fa/detection
Some improvement tips found through linting: https://webhint.io/scanner/504f3289-2dc5-4c8a-954d-19141d5615dc
Pay special attention to the security section there.

Check plug-ins for latest versions:    wp-rocket   & team-showcase

Reputation Check
Quote
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Abuse CC: OK
Dshield Blocklist: OK

Wszystkiego dobrego,
pozdrawiam,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on June 28, 2019, 02:32:04 PM
Сайт блокирует антивирус AVSST hxxps://fingid-olimp.com.ua/

Можете поправить этот глюк

С ув, Алексайндр

Detection was removed on 28.06.2019

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: Nimesh3 on July 02, 2019, 05:18:46 AM
Hello, I am having a problem with my website www.wikye.com  it is reported as phishing website by avast.

I checked everything including files and found nothing is malicious.

https://sitecheck.sucuri.net/results/https/www.wikye.com

Please unblock my website asap.

I am having problems with it.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on July 02, 2019, 05:22:22 AM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on July 03, 2019, 12:43:02 AM
Hello, I am having a problem with my website wxw.wikye[.]com  it is reported as phishing website by avast.

I checked everything including files and found nothing is malicious.

https://sitecheck.sucuri.net/results/https/www.wikye.com

Please unblock my website asap.

I am having problems with it.

Detection was removed 02.07.2019

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: hembat99 on July 05, 2019, 07:30:07 PM
Pls unblock my website too...It's a false detection

-www.repelmos.in

Pls unblock it.
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on July 05, 2019, 08:12:32 PM
Pls unblock my website too...It's a false detection

repelmos.in

Pls unblock it.

False positive or not (we don't know that as yet) please modify the url so it isn't active to avoid accidental exposure.

As has been mentioned in this topic report it:
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on July 05, 2019, 10:30:57 PM
Hi hembat99,

DavidR is right here. Until an avast team member has given a final verdict, the policy here on the forums is to break links to potentially suspicious or malicious url. So -repelmos.in or -http or -https etc. or hxtp or hxtps etc.

The website is not flagged here: https://www.virustotal.com/gui/url/077dc95d60f28f07bf2f3b390695feb26afa785268ee5afbb15726988aaf24f6/details

But it has outdated WordPress CMS version and outdated PHP software and other issues as described here: https://sitecheck.sucuri.net/results/www.repelmos.in   and has a reputation check warning...

Quote
Note: It looks like your site has returned a 403 Forbidden. In some cases the firewall or a bad bot utility will block the use of this tool as a "fake Googlebot", the primary reason for this is the tool is a "fake Googlebot". With a 403 response you should use the Fetch as Goolgebot utility in Webmaster Tools to verify your site is returning a 403.


Private exploit filetype.php HAXPLORER detected in source.code...https://support.clean-mx.com/clean-mx/md5.php?Antiy_AVL=Backdoor/PHP.WebShell   re: line 199 -> https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ln17cHtsbV1zLltuYA%3D%3D~enc

Avast would detect PHP-Agent-AM or likewise for this backdoor.....

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Joanna49 on July 09, 2019, 11:00:51 AM
We have a password protected wordpress site where we keep some internal documents and it is blacked by AVAST as a phishing site
https://ops.pushmerchandising.com

Please can it be un-blacklisted
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on July 09, 2019, 01:10:23 PM
We have a password protected wordpress site where we keep some internal documents and it is blacked by AVAST as a phishing site
https://ops.pushmerchandising.com

Please can it be un-blacklisted
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438





Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on July 09, 2019, 01:14:19 PM
Please break active link.

htxtps://ops.pushmerchandising.com

You should report this via the - Reporting Possible False Positive File or Website link.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on July 09, 2019, 04:27:59 PM
Low security risk - site not blacklisted.
VT gives it as clean, also relations: https://www.virustotal.com/gui/domain/ops.pushmerchandising.com/relations
Google Chrome returned code 0
GoogleBot returned code 0
Re: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=XXBzLnB1c2hte31eaHxuI1tzW25nLl5dbQ%3D%3D~enc

Any bad neighbours on that same IP?

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on July 09, 2019, 11:22:01 PM
Pls unblock my website too...It's a false detection

-www.repelmos.in

Pls unblock it.

Detection has been removed in 09.07.2019

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: LukasJ on July 12, 2019, 08:41:57 AM
Hi,
URL block (pushmerchandising[.]com) has been disabled.

Lukas
Title: Re: Site Blocked - URL:Phishing
Post by: rluzzi on July 15, 2019, 08:22:56 PM
Hello,

We have the same problem with our Website:
hxxp://congresoaapresid.org.ar
Can you unlock URL?

Thank you so much!

Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on July 15, 2019, 08:36:26 PM
Hello,

We have the same problem with our Website:
hxxp://congresoaapresid.org.ar
Can you unlock URL?

Thank you so much!
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438


Website is blacklisted by many (also Trend Micro not listed here)
https://www.virustotal.com/gui/url/c3dd095d5f13c63afd3c3aa35fb0864459b0b1e334e95854b694043a3888acd9/detection

IP history  https://www.virustotal.com/gui/ip-address/179.43.114.70/relations

Sucuri  https://sitecheck.sucuri.net/results/congresoaapresid.org.ar



Title: Re: Site Blocked - URL:Phishing
Post by: mchain on July 15, 2019, 08:39:29 PM
Hello,

We have the same problem with our Website:
hXXp://congresoaapresid.org.ar
Can you unlock URL?

Thank you so much!
https://sitecheck.sucuri.net/results/congresoaapresid.org.ar (https://sitecheck.sucuri.net/results/congresoaapresid.org.ar)
Please change your url to deactivate it to protect other users here against harm:  hXXp://congresoaapresid.org.ar

[EDIT:]  Thank you DavidR for pointing this out (See reply #310 & #312.)  Link is now broken in quote.
Title: Re: Site Blocked - URL:Phishing
Post by: rluzzi on July 15, 2019, 08:59:50 PM
Hello,

We have the same problem with our Website:
hxxp://congresoaapresid.org.ar
Can you unlock URL?

Thank you so much!

Hello,

We have the same problem with our Website:
hxxp://congresoaapresid.org.ar
Can you unlock URL?

Thank you so much!
https://sitecheck.sucuri.net/results/congresoaapresid.org.ar (https://sitecheck.sucuri.net/results/congresoaapresid.org.ar)
Please change your url to deactivate it to protect other users here against harm:  hXXp://congresoaapresid.org.ar

Thank you. I change the url


-----------------------------------------------------


Hello,

We have the same problem with our Website:
hxxp://congresoaapresid.org.ar
Can you unlock URL?

Thank you so much!


-------------------------------------------------------------------------------------------

-We send a report today https://www.avast.com/false-positive-file-form.php
--------------------------------------------------------------------------------------------

The website was attacked a while ago, since we cleaned all the files, the database and placed the site in a new hosting. We report the problem in the google console and it is solved but the site is on the blacklist. What we can do?

Thank you for the quick anserws!
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on July 15, 2019, 09:05:58 PM
Hello,

We have the same problem with our Website:
hxxp://congresoaapresid.org.ar
Can you unlock URL?

Thank you so much!
https://sitecheck.sucuri.net/results/congresoaapresid.org.ar (https://sitecheck.sucuri.net/results/congresoaapresid.org.ar)
Please change your url to deactivate it to protect other users here against harm:  hXXp://congresoaapresid.org.ar

Nice that you asked for the URL to be deactivated, but don't forget to deactivate your quoted text with the url in it ;)

As I have here.
Title: Re: Site Blocked - URL:Phishing
Post by: rluzzi on July 15, 2019, 09:23:49 PM
Hello,

We have the same problem with our Website:
hxxp://congresoaapresid.org.ar
Can you unlock URL?

Thank you so much!
https://sitecheck.sucuri.net/results/congresoaapresid.org.ar (https://sitecheck.sucuri.net/results/congresoaapresid.org.ar)
Please change your url to deactivate it to protect other users here against harm:  hXXp://congresoaapresid.org.ar

Nice that you asked for the URL to be deactivated, but don't forget to deactivate your quoted text with the url in it ;)

As I have here.

Done :)

Thanks!!
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on July 15, 2019, 10:01:25 PM
@  rluzzi
You did what was asked of you thanks.

My post was directed at mchain, as in his quote of your post (asking for you to modify yours) he forgot to modify the URL in his quoted text  :)
Title: Re: Site Blocked - URL:Phishing
Post by: adebo4all on July 16, 2019, 03:16:56 AM
Hello,

I had this type of problem on this Nigerian news site (https://nnn.com.ng) some long time ago and all I did was to fix the infected file everything becomes fine but on https://morningmail.com.ng, even after moving every file from the server, Avast is still blocking every URL for "URL phishing", please can anyone advise on how to fix this? It is really giving me serious concern.
Title: Re: Site Blocked - URL:Phishing
Post by: mchain on July 16, 2019, 04:02:32 AM
Hello,

I had this type of problem on this Nigerian news site (http://hXXps://nnn.com.ng) some long time ago and all I did was to fix the infected file everything becomes fine but on hXXps://morningmail.com.ng, even after moving every file from the server, Avast is still blocking every URL for "URL phishing", please can anyone advise on how to fix this? It is really giving me serious concern.

Please break both links in quoted text above in your original post as hXXp.  Thank you.

https://quttera.com/detailed_report/nnn.com.ng (https://quttera.com/detailed_report/nnn.com.ng)
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on July 17, 2019, 12:25:08 PM
Wait for a final verdict from an avast team member as they are the only ones that can come and unblock.

Flagged was a detected hidden CSS declaration as suspicious, but the reason for avast detection might be other abuse on that IP,
so you should ask for a domain exclusion as you share that IP with 30 others.

It is not flagged at zulu zscaler nor at Virus Total,
but the IP has been reported for various abuse:
see: https://www.abuseipdb.com/check/74.208.156.171
Quote
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Abuse CC: OK
Dshield Blocklist: OK
Cisco Talos Blacklist: OK
Web Server:
nginx
X-Powered-By:
PleskLin
IP Address:
-74.208.156.171
Hosting Provider:
1&1 Internet SE 
Shared Hosting:
30 sites found on -74.208.156.171

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Milos on July 18, 2019, 01:29:11 PM
Hello,

I had this type of problem on this Nigerian news site (https://nnn.com.ng) some long time ago and all I did was to fix the infected file everything becomes fine but on https://morningmail.com.ng, even after moving every file from the server, Avast is still blocking every URL for "URL phishing", please can anyone advise on how to fix this? It is really giving me serious concern.
Hello,
report it through https://www.avast.com/false-positive-file-form.php

Milos
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on July 19, 2019, 02:49:07 AM
Hello,

We have the same problem with our Website:
hxxp://congresoaapresid.org.ar
Can you unlock URL?

Thank you so much!

Detection was removed on 18.07.2019 at 15:47 PM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: bogdan64 on July 19, 2019, 11:46:15 AM
Hello,

My site (http://www.automate-nova.ro/) still apears as blocked for URL:Phising  although the site was cleaned. Please help me with this situation.

Thank you.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on July 19, 2019, 12:10:58 PM
Site was blacklisted because of PHISHING at
location: -https://automate-nova.ro/app/access

Both McAfee and Norton have it blacklisted. Whether the PHISH is still actual, is for an avast team member to decide,
we here are just volunteers with relative knowledge, but cannot come and unblock.
So wait for a final verdict.
Title: Re: Site Blocked - URL:Phishing
Post by: bogdan64 on July 19, 2019, 12:29:35 PM
Is there a way to request a reevaluation of the website?
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on July 19, 2019, 12:32:17 PM
Is there a way to request a reevaluation of the website?
Posted many times in this topic .....


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438


Blacklist check
https://www.virustotal.com/gui/url/50a726a8ea30262489fc60f2d530adb43733be8ea0cb50a437512b8b0cf33efd/detection






Title: Re: Site Blocked - URL:Phishing
Post by: Nicolas285 on August 02, 2019, 02:53:32 PM

My site www.elembudoweb.com.ar is blocked by Avast. It informs me that it is a url pishing. I did several analyzes and did not detect any anomaly.

I enclose the tests performed.

https://www.virustotal.com/gui/url/ae43eeb8f36e57f02813753c16d34f68ecfb924d0fc80799617e2d240671ad5c/detection

https://sitecheck.sucuri.net/results/elembudoweb.com.ar

Can you  help me?

Thanks
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on August 02, 2019, 03:24:32 PM
Quote
Can you  help me?
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438



Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on August 02, 2019, 03:34:14 PM
Hello,

My site (hxxp://www.automate-nova.ro/) still apears as blocked for URL:Phising  although the site was cleaned. Please help me with this situation.

Thank you.

Detection was cleared on 02.08.2019 at 10:09 AM.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: Nicolas285 on August 02, 2019, 04:15:15 PM

I had already informed him but he was still the same. Mysteriously I just received an email and it was fixed. Thank you!
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on August 02, 2019, 05:27:49 PM
Some recommendations for the site-developer/maintainer
Retire.js
bootstrap   3.3.2   Found in http://www.automate-nova.ro/static/js/bootstrap.min.js
Vulnerability info:
High   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042

Javascript errors: Bootstrap's JavaScript requires jQuery
 /static/js/bootstrap.min.js:11

ReferenceError: jQuery is not defined
 /static/js/responsiveslides.min.js:8

ReferenceError: $ is not defined
 /static/js/main.js:1

linting results: https://webhint.io/scanner/a8d79c0d-2107-49f9-ac99-601801225df3  - 126 recommendations.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: AbhiWebSoft on August 13, 2019, 08:59:06 PM
Sir, i can't find any phishing or malware in my website www.nirmalateacherstrainingcollege.com. Why you have blocked my website in your antivirus, kindly remove from your phishing URL list, Thanks.
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on August 13, 2019, 09:35:19 PM
Sir, i can't find any phishing or malware in my website www.nirmalateacherstrainingcollege.com. Why you have blocked my website in your antivirus, kindly remove from your phishing URL list, Thanks.

As mentioned several times in this topic, your starting point really should be:
Quote
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on August 14, 2019, 08:03:12 AM
Older McAfee blacklisting, 0-iFrame - <iframe style="border: 0;" src="-htxps://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3597.0374821073747!2d81.38312911501839!3d25.63688148369367!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xb83364cc3c64920b!2sNirmala+Teachers+Training+College!5e0!3m2!1sen!2sin!4v1531576938119" width="400" height="300" frameborder="0" allowfullscreen="allowfullscreen"></iframe> when social button OK.
Not only avast detect, also Bitdefender & Fortinet's (spam):
https://www.virustotal.com/gui/url/a1e1cdf4e0b7175bf1a8149ee56fab265120532bc4ec6c94dac2da0a0c8c23f2/detection

Wait for a final verdict from an avast team member as the only ones to come and unblock.
Detection probably because of IP abuse: https://www.virustotal.com/gui/ip-address/173.208.173.98/details

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on August 15, 2019, 03:18:18 PM
Sir, i can't find any phishing or malware in my website wxw.nirmalateacherstrainingcollege.com. Why you have blocked my website in your antivirus, kindly remove from your phishing URL list, Thanks.

Detection was removed in 15.08.2019 at  07:18 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: bellarmine16 on August 17, 2019, 07:55:20 PM
This URL block was based on phishing feeds eight months ago.
Of course, if there will be malicious content in the site, then the site will be blocked again.

My site staqpesa.com is also blocked??? Please assist.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on August 17, 2019, 08:00:49 PM
-> https://sitecheck.sucuri.net/results/staqpesa.com
-> https://www.virustotal.com/gui/url/23b5b9ff2682c913566877c57d7024684b86b67231f56914534c013c51294776/detection

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: big.olomofe on August 19, 2019, 07:31:42 PM
Please unblock https://yudimy.com. it is currently blocked for url:phishing. we do not have malware. Please resolve as soon as possible.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on August 19, 2019, 07:37:31 PM
-> https://www.virustotal.com/gui/url/5f0c8c8e72b8f9a4028febdeff0c5ab2455b3361949f7634c71c51bfaa27fe9a/detection
Title: Re: Site Blocked - URL:Phishing
Post by: snasisi on August 20, 2019, 12:21:26 AM
Hello,

Our site Booksie.com was flagged for phishing. We do not have phishing on the site. Please unblock asap. Thank you.

Thank you.
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on August 20, 2019, 12:26:24 AM
Hello,

Our site Booksie.com was flagged for phishing. We do not have phishing on the site. Please unblock asap. Thank you.

Thank you.

As mentioned several times in this topic, your starting point really should be:
Quote
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on August 20, 2019, 07:00:49 AM
Hello,

Our site Booksie.com was flagged for phishing. We do not have phishing on the site. Please unblock asap. Thank you.

Thank you.
-> https://sitecheck.sucuri.net/results/booksie.com
Title: Re: Site Blocked - URL:Phishing
Post by: jwl2019 on August 20, 2019, 02:39:55 PM
Same problem with the payment page on our website.

https://secure.datingpaymentservices.com/payment/auth

Falsely flagged. On Virustotal.com is comes up clean.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on August 20, 2019, 03:06:43 PM
-> https://sitecheck.sucuri.net/results/https/secure.datingpaymentservices.com/payment/auth
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on August 21, 2019, 12:20:30 AM
My site staqpesa.com is also blocked??? Please assist.

Detection was removed in 20.08.2019  04:44 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on August 21, 2019, 12:31:23 AM
Please unblock hxxps://yudimy.com. it is currently blocked for url:phishing. we do not have malware. Please resolve as soon as possible.

Detection has been removed in 20.08.2019 04:47 AM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

Hello,

Our site Booksie.com was flagged for phishing. We do not have phishing on the site. Please unblock asap. Thank you.

Thank you.

URL not blocked.

Quote from: Avast
Could you please send us a screenshot of the detection message you're getting? https://support.avast.com/en-ww/article/100/
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on August 21, 2019, 12:35:59 AM
Same problem with the payment page on our website.

hxxps://secure.datingpaymentservices.com/payment/auth

Falsely flagged. On Virustotal.com is comes up clean.

Detection removed

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: LarsSwart on August 23, 2019, 11:50:29 AM
Hi there,

Could you please unblock/remove www.mijnsantanderconsumerfinance.nl from the 'phishing' list? This is the portal for our customers to login to their account and avast is blocking it for at least a portion of the users..

Thanks in advance.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on August 23, 2019, 11:52:37 AM
-> https://sitecheck.sucuri.net/results/www.mijnsantanderconsumerfinance.nl

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on August 23, 2019, 11:23:07 PM
Hi there,

Could you please unblock/remove wxw.mijnsantanderconsumerfinance.nl from the 'phishing' list? This is the portal for our customers to login to their account and avast is blocking it for at least a portion of the users..

Thanks in advance.

Detection has been removed in 23.08.2019 10:54 AM

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: alvinmalan69 on August 24, 2019, 09:16:58 PM
Good day,

My website (nixieactive.com) has been classified as phishing and after running malware security tools it still shows the same message. I have access to the website when I use any other computer that does not have avast secure browsing.

Would you please help resolve this issue.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on August 24, 2019, 09:37:15 PM
Hallo alvinmalan69,

Threat risk evaluation: https://app.upguard.com/webscan#/nixieactive.com
Best wait for a review from an avast team member, they are the ones to come and unblock.
we are just volunteers but with years and years of relative knowledge.

Re: https://urlscan.io/result/2683c6d1-ccdb-4416-8da2-39bce392a368#iocs
No actual detections: https://www.virustotal.com/gui/url/a36bb3c3d3996ea3ebfb8955e27a2fb26550a2dd66d47beb088b470cc2c46e38/detection

F-grade results here: https://observatory.mozilla.org/analyze/nixieactive.com
218 website recommendations for improvement: https://webhint.io/scanner/31d10f6e-5f17-49f0-91da-f59199fa2248

met vriendelike groete,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: kurtpatent on August 25, 2019, 05:20:42 AM
I keep getting this message and getting blocked from a doctor's website:

www.docsdermgroup.com

Why?  Can this be fixed??

Thanks.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on August 25, 2019, 07:00:26 AM
-> https://sitecheck.sucuri.net/results/www.docsdermgroup.com
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on August 25, 2019, 01:22:54 PM
Outdated plug-ins form a risk here:
The following plugins were detected by reading the HTML source of the WordPress sites front page.

addthis 6.1.8   latest release (6.2.6)
https://wordpress.org/plugins/addthis/
am_testimonials   
am-sticky-nav   
am-social-buttons   
wp-views   
wordpress-seo 9.5   latest release (11.9)
https://yoa.st/1uj
gravityforms   
layouts 1.0   
types 2.3.5   
duracelltomi-google-tag-manager 1.9.2   latest release (1.10.1)
https://gtm4wp.com/

Directory listing enabled for uploads, a bad security setting.

Many improvement recommendations from linting: https://webhint.io/scanner/07084470-ded6-4498-9de3-da035c97e6c5

Wait for an avast team member to give a final verdict, as
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Abuse CC: OK
Dshield Blocklist: OK
Cisco Talos Blacklist: OK

polonus (volunteer 3rd part cold recon website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on August 26, 2019, 03:41:22 PM
Good day,

My website (nixieactive.com) has been classified as phishing and after running malware security tools it still shows the same message. I have access to the website when I use any other computer that does not have avast secure browsing.

Would you please help resolve this issue.

Detection was removed in 16.08.2019 08:41 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on August 26, 2019, 03:47:17 PM
I keep getting this message and getting blocked from a doctor's website:

wxw.docsdermgroup.com

Why?  Can this be fixed??

Thanks.

Detection has been removed 26.08.2019 07:57 AM.

Blocked due is listed 2 found in phistank

http://www.phishtank.com/phish_detail.php?phish_id=5999471

http://www.phishtank.com/phish_detail.php?phish_id=5999470

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: karen229 on August 28, 2019, 05:39:45 AM
Another website that Avast says has phishing but other security methods says it's fine.

Please can you let me know why it's been marked as phishing.

http://countrywidesecurity.com.au/

If it's clear then please can you fix this.
Thanks,
Karen
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on August 28, 2019, 05:51:38 AM
-> https://sitecheck.sucuri.net/results/countrywidesecurity.com.au
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on August 28, 2019, 11:32:40 AM
Website is not being blocked by avast: http://countrywidesecurity.com.au
Retirable code: Retire.js
jquery-ui-dialog   1.10.2   Found in https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/jquery-ui.min.js
Vulnerability info:
High   CVE-2016-7103 281 XSS Vulnerability on closeText option   
jquery   1.12.4   Found in http://www.countrywidesecurity.com.au/wp-includes/js/jquery/jquery.js?ver=1.12.4
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: christian.dornhoff on August 28, 2019, 06:57:07 PM
Hi there,
can you please remove our CDN from the Phishing List - https://mma-mp-de-production-cdn.prod.de.metro-marketplace.cloud/

Thx
Chris
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on August 28, 2019, 07:00:47 PM
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438


Title: Re: Site Blocked - URL:Phishing
Post by: christian.dornhoff on August 28, 2019, 07:38:20 PM
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Thx
Title: Re: Site Blocked - URL:Phishing
Post by: touficy on August 29, 2019, 02:52:00 PM
my domain https://www.weservio.com is blocked by your database please unblock it since the code is clean


https://sitecheck.sucuri.net/results/www.weservio.com
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on August 29, 2019, 05:29:33 PM
Fortinet;s flags this site: https://www.virustotal.com/gui/url/2be2941a581f127318cf0156979c018c9b1ca733886b82e9482adc1c09a2a28e/detection
IP is listed as a dictionnairy attacker - phish: https://checkphish.ai/ip/5.189.136.124  reported 20 times over recent times.
Error: File not found: -https://weservio.com/social-share-kit-1.0.8/social-share-kit-1.0.8/dist/css/social-share-kit.css
Also see VT relations report: https://www.virustotal.com/gui/ip-address/5.189.136.124/details

Wait for an avast team member to give a final verdict. They are the only ones to come and unblock,
as we here are just volunteers with years of relevant knowledge,

polonus (volunteer 3rd party cold recon website security analyst & website error-hunter)

Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on September 03, 2019, 03:37:53 AM
my domain hxxps://www.weservio.com is blocked by your database please unblock it since the code is clean
https://sitecheck.sucuri.net/results/www.weservio.com

Detection has been removed 30.08.2019

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: caseydehle on September 03, 2019, 05:19:54 PM
My website www.atlastcservices.com won't display. I've added it to an exception on my own devices, but I'm worried customers won't be able to get to it. Avast, can you please tell me how to fix this? It's a squarespace website.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on September 03, 2019, 05:28:11 PM
-> https://sitecheck.sucuri.net/results/www.atlastcservices.com

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on September 04, 2019, 03:29:39 PM
More than likely the IP that has been blocked:
https://ransomwaretracker.abuse.ch/ip/198.49.23.144/
https://www.abuseipdb.com/check/198.49.23.144
https://otx.alienvault.com/indicator/ip/198.49.23.144

You should ask for an exclusion of your domain from the general IP blocking,

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on September 05, 2019, 03:12:09 PM
My website www.atlastcservices.com won't display. I've added it to an exception on my own devices, but I'm worried customers won't be able to get to it. Avast, can you please tell me how to fix this? It's a squarespace website.

Detection was removed 05.09.2019 10:04 AM

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: Leonard50 on September 09, 2019, 04:08:15 AM
My site square1recovery.com is being blocked for URL Phishing. I have scanned it on multiple platforms and it comes back clean. Could you please check and remove it from the blocked list. Thank you.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on September 09, 2019, 06:27:51 AM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on September 09, 2019, 04:14:13 PM
PHISHING detection is for thre IP your site is on: https://checkphish.ai/ip/173.82.115.222

Word Press Issues with this site: Version does not appear to be latest.
Directory listing seems now disabled, that's OK.
F-grade status: https://observatory.mozilla.org/analyze/square1recovery.com
873 recommendations to improve site: https://webhint.io/scanner/7d6f93bb-599b-4706-8f63-1c36543d793f
of which 157 of these are security related: https://webhint.io/scanner/7d6f93bb-599b-4706-8f63-1c36543d793f#category-Security

Also consider: https://urlscan.io/result/0cbd1465-3865-43dc-a1a8-ab0d9ef59271
Indicators of compromise: https://urlscan.io/result/0cbd1465-3865-43dc-a1a8-ab0d9ef59271#iocs
Privacy scan: https://privacyscore.org/site/144608/  (see -http://yt3.ggpht.com/ tracking BHO search engine).
How to get rid of that: https://otx.alienvault.com/indicator/hostname/yt3.ggpht.com
Consider: https://computervirusremovaltips.blogspot.com/2014/03/what-is-yt3ggphtcom-how-to-remove.html

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on September 10, 2019, 01:54:58 AM
My site square1recovery.com is being blocked for URL Phishing. I have scanned it on multiple platforms and it comes back clean. Could you please check and remove it from the blocked list. Thank you.

Detection was removed in 09.09.2019

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website is not detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: helva on September 11, 2019, 07:02:43 PM
Hello there,

My website https://www.sertifier.com/ is being listed as one of phishing sites to Avast users.

Can you please enlighten me on this issuse? I hace checked my website for many times about malware issues but sees none. Can you please fix this issue?
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on September 11, 2019, 07:08:32 PM
-> https://sitecheck.sucuri.net/results/https/www.sertifier.com

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on September 13, 2019, 03:21:25 PM
Hello there,

My website hxxps://www.sertifier.com/ is being listed as one of phishing sites to Avast users.

Can you please enlighten me on this issuse? I hace checked my website for many times about malware issues but sees none. Can you please fix this issue?

Detection will be removed

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: bearing_666 on September 14, 2019, 04:17:01 AM
please unblock 4ce.ca and its subdomains.....

There was never any phishing and as the ite is a url shortener, i would like if you apply the same rules you do for sites like bit.ly to this one.

https://safeweb.norton.com/report/show?url=4ce.ca
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on September 14, 2019, 08:17:25 AM
-> https://sitecheck.sucuri.net/results/4ce.ca

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on September 18, 2019, 03:04:32 AM
Hello there,

My website hxxps://www.sertifier.com/ is being listed as one of phishing sites to Avast users.

Can you please enlighten me on this issuse? I hace checked my website for many times about malware issues but sees none. Can you please fix this issue?

The detection of the removed by AVG today 17.09.2019 at 09:27 in the morning

Quote from: AVG
The detection by AVG was incorrect and was removed in a recent AVG update, please wait at least 24 hours.

Avast has been confirmed that it is no longer being blocked.

please unblock 4ce.ca and its subdomains.....

There was never any phishing and as the ite is a url shortener, i would like if you apply the same rules you do for sites like bit.ly to this one.

https://safeweb.norton.com/report/show?url=4ce.ca

Detection was removed yesterday
Title: Re: Site Blocked - URL:Phishing
Post by: Anon5 on September 24, 2019, 05:32:22 AM
Our site is being listed as one of phishing sites http://zero400photo.com.au/

Could you please remove it from the blocked list.
Title: Re: Site Blocked - URL:Phishing
Post by: Shabbir Ahmad on September 24, 2019, 05:37:04 AM
URL detection disabled.

My site still blocked: as there is not phishing things in it, its cleaned.

http://connect.brooklynmusicfactory.com/

Please unblock it.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on September 24, 2019, 09:20:48 AM
Our site is being listed as one of phishing sites hxxp://zero400photo.com.au/

Could you please remove it from the blocked list.
-> https://sitecheck.sucuri.net/results/zero400photo.com.au
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on September 24, 2019, 03:44:49 PM
@Shabbir Ahmad,

There is code after html that is suspicious anyways: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Xl1ubntedC5ifV1da2x5bm11c1teZnxedF19eS5eXW1g~enc

VT does not flag: https://www.virustotal.com/gui/url/00c35e15a2926244f6b6e0c648c6098cd21f5292fe643415662484f2610ebf8a/detection

Wait for an avast team member to give a final verdict, they are the only ones to come and unblock,

xJavaScript error: File not found: hxtp://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js

ReferenceError: $ is not defined
 /login.php:53

Quote
C+ privacy grade: This website is insecure.
66% of the trackers on this site could be protecting you from NSA snooping. Tell -brooklynmusicfactory.com to fix it.

Identifiers | All Trackers
 Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

 -cdnjs.cloudflare.com__cfduid
-3r8vm6njnjptpou6lkglh50dr7 connect.brooklynmusicfactory.comphpsessid

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

P.S. Seems to me that website is no longer flagged by avast's.
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on September 25, 2019, 01:11:33 AM
You have got your answer, use the process of reporting what you consider an FP in the link that I provided.  That goes directly to avast and the avast virus team.  Only they can deal with it.

Making multiple posts on the same issue how it is done, it just means multiple people end up responding and as mentioned above isn't going to get the direct attention you require. 

Most respondents in the forums are Avast Users, not Avast Team (seen in the info to the left of posts) so can't remove your site without it being investigated by avast.

Sites are only flagged by Avast (not by being reported by anyone) so only they can remove it.
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on September 25, 2019, 02:20:37 AM
Quote
The link provided only gives the option of giving a link with almost no info, so what can be said there? Nothing.
You can when they reply to your mail





Title: Re: Site Blocked - URL:Phishing
Post by: Anon5 on September 25, 2019, 04:13:07 AM
Our site is being listed as one of phishing sites hxxp://zero400photo.com.au/

Could you please remove it from the blocked list.
-> https://sitecheck.sucuri.net/results/zero400photo.com.au

My site still blocked and also our site is cleaned.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on September 25, 2019, 04:14:15 AM
Our site is being listed as one of phishing sites hxxp://zero400photo.com.au/

Could you please remove it from the blocked list.
-> https://sitecheck.sucuri.net/results/zero400photo.com.au

My site still blocked and also our site is cleaned.

Detection will be removed tomorrow
Already submitted to virus lab
Title: Re: Site Blocked - URL:Phishing
Post by: Arsalan6 on September 25, 2019, 10:54:58 AM
I am having similar problem for my domain www.pakarmoring.com/  kindly remove the block
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on September 25, 2019, 01:01:11 PM
I am having similar problem for my domain www.pakarmoring.com/  kindly remove the block

As has been mentioned before, several times in this topic.

You can report it - Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php and it will be investigated.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on September 26, 2019, 04:20:45 AM
Our site is being listed as one of phishing sites hxxp://zero400photo.com.au/

Could you please remove it from the blocked list.
-> https://sitecheck.sucuri.net/results/zero400photo.com.au

My site still blocked and also our site is cleaned.

Detection was removed on 25.09.2019 at 06:49 AM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on September 26, 2019, 04:22:37 AM

My site still blocked: as there is not phishing things in it, its cleaned.

hxxp://connect.brooklynmusicfactory.com/

Please unblock it.

Detection was removed on 25.09.2019 at 07:11 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on September 26, 2019, 11:50:29 AM
Site has been reported for PHISHing at: -http://pakarmoring.com/wp-content/upd/gdoc/yahoo.php

Wrong settings enabled for User Enumeration in CMS:
 User Enumeration
  The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   arsalan   arsalan
2   None   None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Wrong settings for Directory Listing set:
  Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Website had at one moment: Threat Name:Web Attack: Ransomlock Website
Location:-http://pakarmoring.com/wp-includes/jx/newp/ii.php

Threat Name:Web Attack: Ransomlock Website
Location:-http://pakarmoring.com/wp-includes/cx/gdoc/

Retirable jQuery libraries detected: https://retire.insecurity.today/#!/scan/49e7ed2f336379e4b9c4a8e4fc495cb96687dfafea9196345c2bb56f4ac61f8f

147 Linting recommendations: https://webhint.io/scanner/4b692cee-d349-4fc9-9ef1-a07d145c558f

4 engines that detect: https://www.virustotal.com/gui/url/db0596f2296e8135e788862827f9cce9a75cfab997e862b9d43bf7568f22d92f/detection
IP blocklisted and various detections on your website: https://www.virustotal.com/gui/ip-address/69.73.184.160/relations

Seems no longer blocked by avast's, as website coming soon.  ;)


polonus (3rd party cold recon website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on September 27, 2019, 04:06:59 AM
I am having similar problem for my domain wxw.pakarmoring.com/  kindly remove the block

Detection has been removed in 26.09.2019 at 04:20 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: Amy D on September 28, 2019, 04:17:19 PM
https://goo.gle/gocc_01_sea
Whit this link I get the same pop up message from avast. Could anyone unlock this for me?
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on September 28, 2019, 04:25:32 PM
https://goo.gle/gocc_01_sea
Whit this link I get the same pop up message from avast. Could anyone unlock this for me?
If you think it is wrong then report it .... looks suspicious since it ask for your google password ?


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php





Title: Re: Site Blocked - URL:Phishing
Post by: Amy D on September 28, 2019, 04:44:35 PM
https://goo.gle/gocc_01_sea
Whit this link I get the same pop up message from avast. Could anyone unlock this for me?
If you think it is wrong then report it .... looks suspicious since it ask for your google password ?


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

Thank you!
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on September 28, 2019, 05:52:20 PM
Here you can see that that address you give is redirecting to:
 -https://prismatic-age-179203.appspot.com/gprep_tech1/register *

See at: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Z11dLmdse2BnXV5eXzAxX3N7fA%3D%3D~enc

* this redirected address seems OK, when scanned for at VT: https://www.virustotal.com/gui/url/80eaf94a693eff0787e1bb09a5f45ac2cc20a93e06d65e7240bdc08c23a26adf/details
while associated relations affiliates will kick up quite some flags, also at VT (when we dig a little deeper):
https://www.virustotal.com/gui/ip-address/172.217.212.153/relations

Wait for a final verdict by an avast team member, they are the ones to come and unblock,
whenever that should be appropriate.

By the way the redirect address complete uri just kicks up an error.,
while the general domain address opens up to Google Online Challenge,
wit a hostname as -iad23s69-in-f20.1e100.net 
There we come to encounter a "404 not found", nothing to do with avast detection, I assume.
So you are probably barking at the wrong tree, and it is an internal hick-up at Goggle's.  ;)

Just for the record some scan results on that redirecting domain address.

DOM-XSS issues Results from scanning URL: -https://prismatic-age-179203.appspot.com/
Number of sources found: 0
Number of sinks found: 22

Scan also opens up to: -https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
Number of sources found: 43
Number of sinks found: 0  (bootstrap.min.js Is it really needed, read the diacussion at StackOverflow's:
-> https://stackoverflow.com/questions/48738305/jquery-min-js-is-it-needed-bootstrap-4-0-0-alpha-6  )
   &
Results from scanning URL: -https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
Number of sources found: 33
Number of sinks found: 10
   &
Results from scanning URL: -https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js
Number of sources found: 33
Number of sinks found: 10

2 vulnerable libraries with retrable jQuery library code:
https://retire.insecurity.today/#!/scan/29241cb52ddcbce0960ccbec1d7e624aaa73d4855946a407918867b6c81e65f4
scan info credits go to Erlend Oftedal

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)



Title: Re: Site Blocked - URL:Phishing
Post by: martineli_martineli on October 05, 2019, 07:24:06 AM
Same here for
Autods.com
Can u please unblock it?
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on October 05, 2019, 07:26:06 AM
-> https://sitecheck.sucuri.net/results/Autods.com
Title: Re: Site Blocked - URL:Phishing
Post by: martineli_martineli on October 05, 2019, 01:56:58 PM
 Well avast blocked the site becouse of phishing. What to do than, when the site is secure?


Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on October 05, 2019, 02:13:56 PM
Well avast blocked the site becouse of phishing. What to do than, when the site is secure?
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on October 05, 2019, 07:21:50 PM
VT gives the site as clean: https://www.virustotal.com/gui/url/3f9278444a9f00bf4dada6d52cad059e626103f84c533e9b911390740ef29d0c/details
Probable reason for detection is malware on other domains on that same IP:
https://www.virustotal.com/gui/ip-address/104.24.102.175/relations

CMS Word Press version is outdated. Site issue and outdated software PHP: https://sitecheck.sucuri.net/results/Autods.com
Also consider: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=fHV0XSNzLl5dbQ%3D%3D~enc

DOM-XSS issues: Results from scanning URL: -https://Autods.com
Number of sources found: 162
Number of sinks found: 513
&
Results from scanning URL: -https://code.jquery.com/ui/1.11.4/jquery-ui.min.js
Number of sources found: 27
Number of sinks found: 8
&
Results from scanning URL:-https://autods.com/wp-content/cache/busting/1/wp-content/themes/Avada/includes/lib/assets/min/js/library/packery-2.0.0.js
Number of sources found: 4
Number of sinks found: 2
&
Results from scanning URL: -https://autods.com/wp-content/cache/busting/1/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-column-1.js
Number of sources found: 5
Number of sinks found: 2  Stating congratulations you have reached the end of the Internet  ::)
&
Results from scanning URL: -https://autods.com/wp-content/cache/busting/1/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-responsive-typography-1.js
Number of sources found: 27
Number of sinks found: 5
&
Results from scanning URL: -https://www.googletagmanager.com/gtag/js?id=UA-125371527-2
Number of sources found: 33
Number of sinks found: 12
&
Results from scanning URL: -https://autods.com/wp-content/cache/busting/1/wp-content/plugins/heateor-facebook-comments-moderation/js/front/front-1.2.10.js
Number of sources found: 23
Number of sinks found: 24
&
Results from scanning URL: -https://autods.com/wp-content/cache/busting/1/wp-content/themes/Avada/includes/lib/assets/min/js/library/packery-2.0.0.js
Number of sources found: 79
Number of sinks found: 16
& last but not least
Results from scanning URL: -https://code.jquery.com/ui/1.11.4/jquery-ui.min.js
Number of sources found: 294
Number of sinks found: 14

See the vulnerabilities on the CloudFlare server for that IP: https://www.shodan.io/host/104.24.102.175
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
linux-gnu-SF.

polonus (3rd party cold recon website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on October 07, 2019, 02:14:19 PM
Same here for
Autods.com
Can u please unblock it?

Detection was removed in 07.10.2019 at 04:59 AM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: jam_jam2 on October 08, 2019, 10:13:15 PM
Hello.
I have problem with my site. The avast has blocked my site. pizzeriananda.fi  could you please unblock my site.
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on October 08, 2019, 10:24:50 PM
Hello.
I have problem with my site. The avast has blocked my site. pizzeriananda.fi  could you please unblock my site.
Sucuri scan  https://sitecheck.sucuri.net/results/pizzeriananda.fi

urlvoid  https://www.urlvoid.com/scan/pizzeriananda.fi/

Virustotal  https://www.virustotal.com/gui/url/85602daec9493010c461d2328744a8e9f105c6b29582c7ccd64aeb7acc0edbb6/detection




Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php





Title: Re: Site Blocked - URL:Phishing
Post by: polonus on October 08, 2019, 11:28:56 PM
Here a phishing test came up undecided: https://www.immuniweb.com/radar/?id=QJnzNkG7

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: kankanyan on October 09, 2019, 09:04:16 AM
Awast started blocking legitimate company web site https://www.nsasoft.us with reason "URL:phishing". This site doesn't have anything related with "URL:phishing". How to fix and remove this alert?
Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on October 09, 2019, 09:06:03 AM
Awast started blocking legitimate company web site https://www.nsasoft.us with reason "URL:phishing". This site doesn't have anything related with "URL:phishing". How to fix and remove this alert?

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


Sucuri scan  >>  https://sitecheck.sucuri.net/results/https/www.nsasoft.us


Blacklist check  >>  https://www.virustotal.com/gui/url/c60360e150218aced045232a440096a8dbc49880c18fa5377c7d3fefcae6971e/detection




Title: Re: Site Blocked - URL:Phishing
Post by: polonus on October 09, 2019, 11:18:34 AM
4 engines to detect it on the VirusTotal IP relations scan, one of the first to bark at it, is Bitdefender's. (fresh scans).

Redleg\'s File Viewer alerts for:
Quote
URLs that redirect found in: -https://www.nsasoft.us

1: -http://www.wa4y.com/wa.html?wa4y_uid=WA4Y_1_1&wa4y_event=OnPageView&wa4y_js=0 ->
-https://www.wa4y.com/wa4y_api/wahtml.php?wa4y_uid=WA4Y_1_1&wa4y_event=OnPageView&wa4y_js=0

Note: The URLs listed above that were found in the page you are checking are redirecting to other URLs. In many cases the redirects are legitmate so it can be tricky to determine whether or not the redirects are causing a problem. Take a look at the URL that is being redirected to -- Does it look suspicious?? Is the domain being redirected to shown on the malware warning (if you are getting one)?

A moment ago we scanned: https://www.virustotal.com/gui/url/cb0c2bfedad0a9b29edcdb9faa86d8cc5bcb85d17871f9e5aef7486a6027a125/detection
See: https://www.virustotal.com/gui/ip-address/66.206.5.203/relations

So this could well be an FP, wait for an avast team member to give the final verdict. We do not know about the download files?

53
tcp
dns-tcp
-9.11.4-P2-RedHat-9.11.4-9.P2.el7  (with backported security fixes, moderate bind security bug detected).

Excessive server info proliferation is a bad thing however, as malcreants just have to look for existing vuln. & exploits
or create their own code against it.

Resolver name: server.nsasoft.us -> https://toolbar.netcraft.com/site_report?url=http://server.nsasoft.us&refresh=1#history_table

Not found up here: http://isitphishing.org/ -> https://www.bitsdujour.com/software/nsasoft-hardware-software-inventory/virus-scan

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on October 12, 2019, 02:10:38 AM
Hello.
I have problem with my site. The avast has blocked my site. pizzeriananda.fi  could you please unblock my site.

Detection was removed on Wednesday 09.10.2019 at 03:43 AM.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: mastersoft2 on October 12, 2019, 03:23:59 PM
Hi, I'm having problems with my website (www.mastersoft.com.cy), whenever I try to access it from any computer that has Avast installed it does not allow access.

The site is hosted by bluehost and after a full scanning they tell me the site is clean.

The site is actually still empty, just a wellcome screen.

We mainly use the site's FTP to upload new versions for our clients.

Please advice since we cannot serve our customers anymore.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on October 12, 2019, 04:09:19 PM
Probably a html detection related to that domain's IP:
https://www.virustotal.com/gui/ip-address/74.118.69.26/relations

Wait for a final verdict by an avast team member for a final verdict,
as we cannot come and unblock, only avast team members do.

1. URL: -http://www.mastersoft.com.cy/
  Server response code and content type: 301, text/html; charset=UTF-8
  Elapsed time: 1350.80ms
  Dr.Web not recommended websites database: Clean
  Redirect:-http://mastersoft.com.cy/
2. URL: -http://mastersoft.com.cy/
  Server response code and content type: 200, text/html; charset=UTF-8
  Elapsed time: 862.71ms
  Dr.Web not recommended websites database: Clean
  Size: 8048
  MD5: 9a2851c69f8f0956e85615200a5b20c7
  Scan time: 29.07ms
  Scan result: clean
  Full Dr.Web scan report: *

3. URL: -http://mastersoft.com.cy/wp-includes/js/jquery/jquery.js
  Server response code and content type: 200, application/javascript
  Elapsed time: 456.60ms
  Dr.Web not recommended websites database: Clean
  Size: 96873
  MD5: 49edccea2e7ba985cadc9ba0531cbed1
  Scan time: 150.40ms
  Scan result: clean
  Full Dr.Web scan report: *

2019-10-12 17:05:15

Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK
Web Server:
nginx/1.17.3
X-Powered-By:
None
IP Address:
-162.241.218.145
Hosting Provider:
Unified Layer
Shared Hosting:
8000 sites found on -162.241.218.145

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on October 12, 2019, 04:52:30 PM
-> https://sitecheck.sucuri.net/results/www.mastersoft.com.cy
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on October 15, 2019, 04:02:27 AM
Awast started blocking legitimate company web site hxxps://www.nsasoft.us with reason "URL:phishing". This site doesn't have anything related with "URL:phishing". How to fix and remove this alert?

Detection was removed in 14.10.2019 at 07:50 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on October 15, 2019, 04:03:45 AM
Hi, I'm having problems with my website (wxw.mastersoft.com.cy), whenever I try to access it from any computer that has Avast installed it does not allow access.

The site is hosted by bluehost and after a full scanning they tell me the site is clean.

The site is actually still empty, just a wellcome screen.

We mainly use the site's FTP to upload new versions for our clients.

Please advice since we cannot serve our customers anymore.

Detection was removed in 14.10.2019 at 07:24 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: Mahmoud Ofeisa on October 15, 2019, 03:07:04 PM
Hello,

I have the same issue "URL:Phishing" with my website "www.mahmoud-ofeisa.com".
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on October 15, 2019, 06:02:30 PM
Here the site was not found to be phishing: https://phishcheck.me/47661/details
No indications here: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lm18aG1ddSMtXWZ7W3N8Ll5dbQ%3D%3D~enc

Your Word Press CMS is outdated, update a.s.a.p.

Again 5 engines detect PHISHING at the IP you share with other domains:
https://www.virustotal.com/gui/url/eeada5a06e596ca581edd0517ecd0efe55f246a02d99235b8d91c75cc1639c93/detection

See: https://www.shodan.io/host/178.128.194.130

2 vulnerable jQuery libraries detected on website: https://retire.insecurity.today/#!/scan/a70ade7b966e00ad73f6050494df1437911a92a65bd32b5cd9ebb0f1b81fd38a

DOM-XSS flaws found: Results from scanning URL: -https://www.mahmoud-ofeisa.com/wp-content/themes/latte/assets/js/parallax.min.js?ver=5.1.3
Number of sources found: 44
Number of sinks found: 2
&
Results from scanning URL: -https://www.googletagmanager.com/gtag/js?id=UA-149912833-1
Number of sources found: 33
Number of sinks found: 12

Wait for a final verdict from an avast team member, as they are the only ones that can come and unblock,
we just advise you through relative knowledge of website security analysis.

Netcraft Risk Rating 10 red out of 10: https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.mahmoud-ofeisa.com
12 immediate threats: https://app.upguard.com/webscan#/www.mahmoud-ofeisa.com

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on October 16, 2019, 11:39:50 PM
Hello,

I have the same issue "URL:Phishing" with my website "wxw.mahmoud-ofeisa.com".

Detection was removed in 16.10.2019 at 12:21 PM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: omega5 on October 17, 2019, 11:39:00 PM
I also have this problem with http://omegacomputuerservices.ca

1. Please remove this website from your blacklist.

2. Why is this (our) site on your blacklist?

3. Assuming that there was a good reason at one time in the past, why is it still on the list? Don't you guys check these things? Or is it damned once then damned for all time? Not every website that has an issue was designed to be bad. Some could have been attacked and hacked by outside people. Don't you believe that these problems could be eventually found, fixed , and security tightened up?

If you keep reporting a currently good site as bad, it is not the site's problem, it is Avast's. If you are not reliable, then there is no point in using your services, is there?

4. If you don't respond to points 2 and 3, that is an indication of how much you care about customers, which could be reciprocated by how much customers care about your product.


Title: Re: Site Blocked - URL:Phishing
Post by: Pondus on October 17, 2019, 11:47:06 PM
Quote
4. If you don't respond to points 2 and 3, that is an indication of how much you care about customers, which could be reciprocated by how much customers care about your product.
They will not respond unless you report it the correct way .... and how to do that is posted in many reply`s in this topic


Title: Re: Site Blocked - URL:Phishing
Post by: Michael (alan1998) on October 18, 2019, 12:15:37 AM
<Edit>
Got it.

Please ensure you give us the RIGHT url next time --> http://omegacomputerservices.ca
Title: Re: Site Blocked - URL:Phishing
Post by: Michael (alan1998) on October 18, 2019, 12:36:40 AM
Google has you guys listed as a COmputer Consultant company.

This URL >> hxxp://www.omegacomputerservices.ca/

Flagged by BitDefender >> https://www.virustotal.com/gui/url/1ab0119ceaa1f93075a443789b762161b0f972347bbc0dd6df0e574a5178c004/detection
URLVoid reveals 2 bans >> https://www.urlvoid.com/scan/omegacomputerservices.ca/
Sucuri warnings on non-https >> https://sitecheck.sucuri.net/results/omegacomputerservices.ca

You keep referencing an email address to omega@portal.ca. Portal.ca appears to be offline.
Offline >> https://downforeveryoneorjustme.com/portal.ca

Interesting though, because the omega website has MX (Mail eXchange) records on it.
DNS >> https://www.ultratools.com/tools/dnsLookupResult

Polonus will more then likely have more to add.

Volunteer

As for points 2 and 3,

To answer them
Quote
2. Why is this (our) site on your blacklist?
The anti-virus tells you, Phishing.

Quote
3. Assuming that there was a good reason at one time in the past, why is it still on the list? Don't you guys check these things? Or is it damned once then damned for all time? Not every website that has an issue was designed to be bad. Some could have been attacked and hacked by outside people. Don't you believe that these problems could be eventually found, fixed , and security tightened up?
No, you're not damned once, then damned for all time. There are 28 pages (IN THIS THREAD) of people having their respective issues handled. You comment served no purpose other then to annoy people.

Do they check up on domains? Hell. No. There are 324.6 million domains registered. Avast! definitely does not have the time to check them; and for that matter, no company has the time to check that many domains.

Hacked by others: Yes, that's true, domains can be hacked by others. That's your job to fix, whether that means doing it yourself, or contracting someone else is up to you. Here's what Avast! knows, it's doing something bad. That's the bottom line, not "who did it" because that doesn't matter.

Do you believer problems can be found, fixed and security tightened: Yes, obviously. Reference 28 pages in this thread alone of people like Polonus, Jefferson and Pondus pointing out vulnerable jQueries, software of plain stupid oversights.

To respond to point 4.
Quote
If you don't respond to points 2 and 3, that is an indication of how much you care about customers, which could be reciprocated by how much customers care about your product.
It's an indication if you go through official channels maybe. Most of the people on these forums (with exceptions like Milos, VitSU, and others) are all here as volunteers. These forums are not monitoring 24/7, and while Avast! usually keeps tabs around, others usually call Avast!'s attention to updates and responses in threads so they don't get lost.

The OFFICIAL way of documenting a potential false-positive can be found here >> https://www.avast.com/false-positive-file-form.php.

Quote
If you keep reporting a currently good site as bad, it is not the site's problem, it is Avast's. If you are not reliable, then there is no point in using your services, is there?
On the surface, all may appear well and good. Heck, there may not even be a way to get from the homepage to the phishing page. THe phishing page might be buried to avoid detection. I've seen this in the wild, legit websites (hotel in this case) be completely normal on the surface, and then have a full blown Microsoft phishing page buried deep, with no way of accessing unless you have the direct URL (or seriously go hunting for it.)
Title: Re: Site Blocked - URL:Phishing
Post by: omega5 on October 18, 2019, 02:34:40 AM
Quote
The OFFICIAL way of documenting a potential false-positive can be found here >> https://www.avast.com/false-positive-file-form.php.

I started with avast.com. The above looks like the proper place to go but either I did not find a way to get there, (I could have missed the link) or I didn't get a response (It has been a few months since I first started this quest). Google eventually led me to this place but I don't feel up to reading 4000 responses to catch up on the history of this issue.

The website in question is static. It does not ask for any information from the viewer. The most sophisticated thing it does is to use bootstrap to properly display on various devices.

The email address is as it is for historical reasons. The ISP was absorbed by others but the email address domain still exists. The mailbox associated with omegacomputerservices.ca exists but is not being used.

omegacomputerservices.COM is a different company and today that url redirects to ocs.help.

A bit over a year ago, something hacked the site and a separate subdirectory tree was planted. This was ripped out and, currently, nothing that does not belong there is there.

But avast details reports URL:Phishing with the offending URL being
http://omegacomputerservices.ca/bootstrap/css/bootstrap-responsive.css   one time and
http://omegacomputerservices.ca/bootstrap/js/jquery.js                            another time
and eventually just about every file in that directory tree. If there were an actual problem, it would not move around from file to file.

From this forum I did discover  sitecheck.sucri.net  and
https://sitecheck.sucuri.net/results/omegacomputerservices.ca
says the site is clean.

If I were not using Avast, I would not be aware that Avast had a problem with this website. If Avast would continue showing it bad until somebody tells Avast that it is not, the false status could go on forever.

If any of this helps in solving the problem, then thank you all and thank the goddesses. If this does not solve the problem, then the goddesses will need another sacrifice.

Title: Re: Site Blocked - URL:Phishing
Post by: Michael (alan1998) on October 18, 2019, 02:10:49 PM
3. Assuming that there was a good reason at one time in the past, why is it still on the list? Don't you guys check these things? Or is it damned once then damned for all time? Not every website that has an issue was designed to be bad. Some could have been attacked and hacked by outside people. Don't you believe that these problems could be eventually found, fixed , and security tightened up?

A bit over a year ago, something hacked the site and a separate subdirectory tree was planted. This was ripped out and, currently, nothing that does not belong there is there.

See, now we're getting somewhere... Instead of half-assed accusing Avast! of not caring about customers, would it not have been simpler to say "We got hacked a year ago, we cleaned it up, can you check and confirm, and remove our website [from your list] accordingly?"? It's a lot simpler, and a hell of a lot more civil. I would argue that Avast! must care about it's customer's if they've chosen to block a webpage that had been compromised.


Quote
But avast details reports URL:Phishing with the offending URL being
http://omegacomputerservices.ca/bootstrap/css/bootstrap-responsive.css   one time and
http://omegacomputerservices.ca/bootstrap/js/jquery.js                            another time
and eventually just about every file in that directory tree. If there were an actual problem, it would not move around from file to file.
Avast! likely blocked your entire domain, not a specific file. That behaviour is not uncommon on any platform, Avast! or otherwise.


Quote
From this forum I did discover  sitecheck.sucUri.net  and
https://sitecheck.sucuri.net/results/omegacomputerservices.ca
says the site is clean.
OK, that's one check... What about the other half dozen? There are websites that I don't even know about. The basis for a detection is not made solely off one website typically. I have reported your domain to Avast! for re-evaluation. I will draw the attention of Milos to this thread as well.


A note for other platforms that detect you. Be honest, don't beat around the bush - tell them you were hacked a year ago, and cleaned it up (as opposed to saying.. "Maybe their was a reason?" then "Yes, we were hacked"). And be civil, otherwise they may just ignore you.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on October 18, 2019, 02:20:22 PM
Well said Michael..!! :) 8)
Title: Re: Site Blocked - URL:Phishing
Post by: Michael (alan1998) on October 18, 2019, 04:04:57 PM
Well said Michael..!! :) 8)

Ay, cheers! (Asyn is another one of the top helpers around here, Omega). Makes me look like small game :P)

@Omega5; Your domain has been whitelisted. Stay safe out there.

Hello,
if you mean the "omegacomputerservices.ca" it was unblocked today, 09:38 CET

Milos
Title: Re: Site Blocked - URL:Phishing
Post by: lbeslay on October 21, 2019, 09:32:01 AM
Hy,

i have a Website hacked, but i deleted everything, did a new one, everything is clean; Google reviewed the url, but i'm still blacklisted in Avast and McAfee ...

Please can you whitelist it ?

this is the url:

www.mmeruetabaga.org

thank you.
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on October 21, 2019, 11:25:28 AM
-> https://sitecheck.sucuri.net/results/www.mmeruetabaga.org
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on October 23, 2019, 02:31:31 AM
Hy,

i have a Website hacked, but i deleted everything, did a new one, everything is clean; Google reviewed the url, but i'm still blacklisted in Avast and McAfee ...

Please can you whitelist it ?

this is the url:

wxw.mmeruetabaga.org

thank you.

Detection was removed in 22.10.2019 at 03:59 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: Danielle11 on October 25, 2019, 09:14:08 PM
I think I have a similar problem trying to login Shoppers' Drug Mart. 
The address is https://accounts.pcid.ca/login

I called Shoppers and they say their site is secured and that there are no problems reported.

Title: Re: Site Blocked - URL:Phishing
Post by: Michael (alan1998) on October 25, 2019, 09:35:04 PM
PC Optimum is owned by Loblaws (who also own Shoppers, Super Store etc).

Do you get the warning on the PC Optimum website? >> https://www.pcoptimum.ca/login
Title: Re: Site Blocked - URL:Phishing
Post by: Danielle11 on October 25, 2019, 09:42:39 PM
Ohhh …. I can login using https://www.pcoptimum.ca/login !
I will change my settings

Many many many thanks !


Title: Re: Site Blocked - URL:Phishing
Post by: Winglio on October 26, 2019, 09:29:39 PM
Hi, could you please unblock https://office.winglio.com/
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on October 26, 2019, 10:07:26 PM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on October 28, 2019, 10:04:02 PM
Hi, could you please unblock hxtps://office.winglio.com/

Detection was removed in 28.10.2019 at 11:00 AM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: on October 30, 2019, 02:42:09 AM
Hi, my site https://pyramid-1491.com/ is being detected as url:phishing by avast. Can you help to unblock the site?
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on October 30, 2019, 06:10:02 AM
Hi 皓,

Probably some issue with the proxy VPN server at Linode's at 172.105.195.170

Wait for a final verdict from an avast team member, we have relative knowledge but only avast team members can come and unblock.  Website seems to have a good web rep and no detection at Virus Total at the moment.
Request returned: 您的请求在Web服务器中没有找到对应的站点!(not finding corresponding site!).

See issues: https://www.shodan.io/host/172.105.195.170

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on October 30, 2019, 01:10:00 PM
This is the content code I get
Quote
Content that was returned by your request for the URL: https://pyramid-1491.com/
also see: https://www.virustotal.com/gui/url/b0d3988efc7914ac6d3391354f8e716fdc01045af9913c89def2c2bb953a545e/detection

1:  < html>
2:  < head> < title> 502 Bad Gateway< /title> < /head>
3:  < body>
4:  < center> < h1> 502 Bad Gateway< /h1> < /center>
5:  < hr> < center> nginx< /center>
6:  < /body>
7:  < /html> Content after the < /html> tag should be considered suspicious.

8:  < !-- a padding to disable MSIE and Chrome friendly error page -->
9:  < !-- a padding to disable MSIE and Chrome friendly error page -->
10:  < !-- a padding to disable MSIE and Chrome friendly error page -->
11:  < !-- a padding to disable MSIE and Chrome friendly error page -->
12:  < !-- a padding to disable MSIE and Chrome friendly error page -->
13:  < !-- a padding to disable MSIE and Chrome friendly error page -->
IP = 34.80.130.210 Google Cloud address returned
Quote
Header returned by request for: https://pyramid-1491.com/ -> 34.80.130.210

HTTP/2 502
server: nginx
date: Wed, 30 Oct 2019 12:05:48 GMT
content-type: text/html
content-length: 552

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on October 30, 2019, 03:29:06 PM
Hi, my site hxxps://pyramid-1491.com/ is being detected as url:phishing by avast. Can you help to unblock the site?

Detection was removed in 30.10.2019 at 09:13 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: Jamie131 on November 10, 2019, 12:33:50 PM
Please unblock: https://www.verpakkingenzo.nl/ site is all clear
The phising has been removed a few months ago
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on November 10, 2019, 01:42:16 PM
Hallo Jamie131,

VirusTotal does give the website as clean: https://www.virustotal.com/gui/file/f730c6185bde492f4eec5364f5cdb212ce0d7a77e77bcfa5bfd6415e511d72aa/behavior/VirusTotal%20Cuckoofork
and https://www.virustotal.com/gui/url/f98d33c625fe20c00a3d6fe54f6bdffc94b6830dd76b61a15eae26eb45ee1aa5/details

There were 2 engines to detect, but that was the previous month:
https://www.virustotal.com/gui/url/45b57651d4d6fcf580d1f39e13d4211c3c320af64e513d73b5ce71ae6ee4d4be/detection
Hopefully that all has been cleansed.

Did some linting for the website, see 49 recommendations there:
https://webhint.io/scanner/a585099b-a1de-4a50-94b4-2701b6174b0b

Wait for a final verdict from an avast team member, they are the only ones to come and unblock.
We here are just volunteers with relevant knowledge for website security improvement advice.

Met vriendelijke groet,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: Site Blocked - URL:Phishing
Post by: stalker780 on November 11, 2019, 06:29:39 PM
Hi, what is wrong with https://lovelybunny.com.ua?

Why is it blocked for phishing?  :o

It never had any security problems or viruses.

PS
you captcha blew my mind 100 times till I placed this post :(
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on November 11, 2019, 06:39:12 PM
Hi, what is wrong with hxxps://lovelybunny.com.ua?

Why is it blocked for phishing?  :o

It never had any security problems or viruses.

PS
you captcha blew my mind 100 times till I placed this post :(

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

Just because you haven't had any security problems or viruses doesn't mean you won't.

That said nothing found at https://sitecheck.sucuri.net/results/lovelybunny.com.ua (https://sitecheck.sucuri.net/results/lovelybunny.com.ua), so use the report a suspected FP site in the link above.

The Captcha, is only for the first three posts, it is an anti spam measure so has to be hard.
Title: Re: Site Blocked - URL:Phishing
Post by: stalker780 on November 11, 2019, 06:58:55 PM


You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

Just because you haven't had any security problems or viruses doesn't mean you won't.

That said nothing found at https://sitecheck.sucuri.net/results/lovelybunny.com.ua (https://sitecheck.sucuri.net/results/lovelybunny.com.ua), so use the report a suspected FP site in the link above.

The Captcha, is only for the first three posts, it is an anti spam measure so has to be hard.

Already reported. Thanks
Title: Re: Site Blocked - URL:Phishing
Post by: DavidR on November 11, 2019, 08:01:08 PM
You're welcome.
Title: Re: Site Blocked - URL:Phishing
Post by: polonus on November 11, 2019, 10:10:57 PM
This could well have been an FP because of another domain detected sharing the same IP:
https://www.virustotal.com/gui/ip-address/78.46.204.251/relations

polonus
Title: Re: Site Blocked - URL:Phishing
Post by: jefferson sant on November 12, 2019, 03:02:34 AM
Please unblock: hxxps://www.verpakkingenzo.nl/ site is all clear
The phising has been removed a few months ago

Detection was removed in 11.11.2019 at 05:59 AM.

Quote
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.
Title: Re: Site Blocked - URL:Phishing
Post by: Jamie131 on November 13, 2019, 07:31:00 AM
Hallo Jamie131,

VirusTotal does give the website as clean: https://www.virustotal.com/gui/file/f730c6185bde492f4eec5364f5cdb212ce0d7a77e77bcfa5bfd6415e511d72aa/behavior/VirusTotal%20Cuckoofork
and https://www.virustotal.com/gui/url/f98d33c625fe20c00a3d6fe54f6bdffc94b6830dd76b61a15eae26eb45ee1aa5/details

There were 2 engines to detect, but that was the previous month:
https://www.virustotal.com/gui/url/45b57651d4d6fcf580d1f39e13d4211c3c320af64e513d73b5ce71ae6ee4d4be/detection
Hopefully that all has been cleansed.

Did some linting for the website, see 49 recommendations there:
https://webhint.io/scanner/a585099b-a1de-4a50-94b4-2701b6174b0b

Wait for a final verdict from an avast team member, they are the only ones to come and unblock.
We here are just volunteers with relevant knowledge for website security improvement advice.

Met vriendelijke groet,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Thanks for your reply. Is there a form i need to fill out to let a Avast team member check and unblock, or is this forum the right place.

Thanks again
Title: Re: Site Blocked - URL:Phishing
Post by: Asyn on November 13, 2019, 07:33:45 AM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php