« previous next »
Pages: [1]   Go Down

Author Topic: Phishing website  (Read 2410 times)

0 Members and 1 Guest are viewing this topic.

Offline Mauro108

  • Newbie
  • *
  • Posts: 2
Phishing website
« on: January 24, 2019, 11:27:45 AM »
Hi, Avast keeps on blocking this website openload.pw with an "URL:Phishing" message.

I've checked with https://sitecheck.sucuri.net/results/openload.pw and https://www.virustotal.com/it/url/88cb7284dc77a7bf834cb43cbbd48823db441c8d18250ea1f34302348b9da61d/analysis/1548325572/

Everything looks green (malware/blacklist), just there is no HTTPS encryption.

Thanks.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Re: Phishing website
« Reply #1 on: January 24, 2019, 11:34:30 AM »
Checked at PHISHcheck: {"sid": 172585, "is_success": true}

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5719
  • Spartan Warrior
Re: Phishing website
« Reply #2 on: January 24, 2019, 09:06:08 PM »
Quttera:  https://quttera.com/detailed_report/openload.pw

Have you implemented any of the hardening steps recommended for free by Sucuri?  (See link above posted in your OP.)
Logged
Windows 11 Home 23H2
Windows 11 Pro 23H2
Avast Premier Security version 24.8.6127 (build 24.8.9372.868)
UI version 1.0.814

Offline Mauro108

  • Newbie
  • *
  • Posts: 2
Re: Phishing website
« Reply #3 on: January 25, 2019, 12:06:34 AM »
Quote from: mchain on January 24, 2019, 09:06:08 PM
Quttera:  https://quttera.com/detailed_report/openload.pw

Have you implemented any of the hardening steps recommended for free by Sucuri?  (See link above posted in your OP.)

Yeah, if I go for the https version, Avast let me browse the site so I already sent an email to the administrator. Thanks.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Re: Phishing website
« Reply #4 on: January 25, 2019, 12:39:02 AM »
A http version should not exist next to a https or should redirect there.

File name: /assets/js/typed.min.js is the code that Sucuri's is flagging and has been abused since 2005 henceon,
Potentially malicious JavaScript contexts
And it is also flagged by SNYK and here: https://retire.insecurity.today/#!/scan/35110fca543262031700b8d0feee7070dc119cd675e9e6760ac1c4751ae536f3
DOM-XSS related issues like sources and sinks for URL: htxp://openload.pw/assets/js/jquery.min.js
Number of sources found: 43 ; number of sinks found: 19

Various (28) best policy hints given here: https://webhint.io/scanner/06db7313-1212-4f96-8f0d-d254c3d5a8e9

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: January 25, 2019, 01:04:49 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Re: Phishing website
« Reply #5 on: January 25, 2019, 01:03:39 AM »
L.S.

Inherent when vulnerable javascript is being used on PHP-driven CMS,
sometimes such potential insecurity could lead to malcode like crypto-PHP-malware.

See this way to remove such malware:
https://github.com/shieldfy/CryptoPHP-malware-removal/blob/master/cryptophp_removal.php

Info credits for these github contributions go to "netcode" -> shieldfy seems left since 2014,
which is quite long in  the digital time-frame as we know it,

Maybe some remover here may put this contribution to a good purpose  ;)

I just link to it for what it is worth,

Damian aka polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »