Avast WEBforum

Other => Viruses and worms => Topic started by: francekj1 on December 30, 2018, 07:05:13 PM

Title: Please Remove My Site From URL:PHISHING
Post by: francekj1 on December 30, 2018, 07:05:13 PM

Hello,

When going to my website (woothosting.com) I get URL:Phishing. Can you please remove this?

Thanks,
Jeff

Title: Re: Please Remove My Site From URL:PHISHING
Post by: Pondus on December 30, 2018, 07:21:46 PM

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


Blacklisted by many
https://www.virustotal.com/#/url/d625b1c434a475a90304bed14870852241f867ecac54111e7a2f9dc65de1ef4b/detection

Title: Re: Please Remove My Site From URL:PHISHING
Post by: francekj1 on December 30, 2018, 08:05:14 PM

Thanks for the link to the report. I noticed the report uses http instead of https. Does this matter? When using https everything looks good. Can I have the https address show up only? Thanks for your help.

Title: Re: Please Remove My Site From URL:PHISHING
Post by: polonus on December 30, 2018, 08:45:23 PM

Howdy francekj1,

See the 102 recommendations shown here: https://webhint.io/scanner/3402f7d3-af37-4f03-8785-84c5bf200304
2 vulnerable jQuery libraries found: https://retire.insecurity.today/#!/scan/652cfdc351042c0df19a224857c4b5c09a90b2631726228bfdf40ad8893a27be
XSS-DOM vuln. in bootstrap for URL: htxp://woothosting.com/assets/js/bootstrap.min.js
Number of sources found: 42 ; number of sinks found: 2
F-grade security here: https://observatory.mozilla.org/analyze/woothosting.com
For the answer to your question see the recommendation there!
See: https://mozilla.github.io/server-side-tls/ssl-config-generator/
See: https://dnslytics.com/ip/67.225.188.84

Wait for a final verdict from an avast team member. We here are just volunteers with relevant knowledge,
but cannot come and unblock, just avast team members can.
No files detections refering as you can see here: https://www.virustotal.com/#/domain/woothosting.com
Considering the hoster see this report: https://radar.qrator.net/as32244
Congratulations! We have currently not seen any ZeuS C&Cs in AS32244 (LIQUID-WEB-INC - Liquid Web, Inc.).

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Title: Re: Please Remove My Site From URL:PHISHING
Post by: Pondus on December 30, 2018, 08:53:47 PM

Quote from: francekj1 on December 30, 2018, 08:05:14 PM

Thanks for the link to the report. I noticed the report uses http instead of https. Does this matter? When using https everything looks good. Can I have the https address show up only? Thanks for your help.

https://www.virustotal.com/#/url/5a883c5ed39ed27e94462e51ea6572193d70c080234e11ba0dcb00fe0af069f8/detection


IP history  >>  https://www.virustotal.com/#/ip-address/67.225.188.84
Click listed items for details


always check the scan date (Last analysis   2018-12-30 19:49:51 UTC) ... if not latest, click the blue button at top right and select rescan for a fresh result

VirusTotal  >>  https://www.virustotal.com/