« previous next »
Pages: [1]   Go Down

Author Topic: Does avast flag this as a phishing site?  (Read 2018 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Does avast flag this as a phishing site?
« on: October 04, 2015, 06:23:36 PM »
Shorten link= htxp://t.co/bdk7ckgWEz
Long link= htxp://kitchenland-lv.com/wp-content/plugins/search-and-replace/lythwkal.php?huujm

Well, I am not quite sure if this is real, as all the scans isn't conclusive (return a 403 forbidden error). I can't access the site though the shorten link either. There seem to be no blacklist yet (probably due to it can't be access directly this way or the content have been removed).

I asked if this is phishing because I get some notification saying that this site is phishing some university id and password.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: Does avast flag this as a phishing site?
« Reply #1 on: October 04, 2015, 07:12:38 PM »
Hi risckyyeung,

WP seems OK on site, only check WP-plug-in "q-and-a 1.0.6.2" - no update given, could be left CMS software 8)

error was encountered while trying to use an ErrorDocument to handle the request
HTTP Server: Apache HTTP Server 2.2.29
Operating System: Gentoo Linux
PHP Version: 5.3.29-pl0-gentoo (Outdated)
This seems OK: http://toolbar.netcraft.com/site_report?url=http://kitchenland-lv.com

Check these also: Linked iFrames
Compromised sites will often contain embedded iframes that can also deliver malicious code to visitors of the web site. Check any discovered iframes and ensure they are legitimate.

-http://www.houzz.com/jsGalleryWidget/pro/kitchenlandinc/new_window=yes/width=240
//www.facebook.com/plugins/like.php?href=-https%3A%2F%2Fwww.facebook.com%2Fpages%2FKitchenland%2F111540662244214&send=false&layout=standard&width=228&show_faces=false&font&colorscheme=light&action=like&height=35&appId=277793668998994
//www.facebook.com/plugins/likebox.php?href=-http%3A%2F%2Fwww.facebook.com%2Fpages%2FKitchenland%2F111540662244214&width=228&height=395&show_faces=false&colorscheme=light&stream=true&show_border=false&header=false&appId=277793668998994

Again flagged: <iframe data-hzvt="MjAxMzEwMDk6MTc1MDpwcm8tYWNjb3VudG1lbnU=" name="HouzzWidget4864278" id="HouzzWidget4864278" border="0" frameborder="0" scrolling="NO" style="border:0 none;width:232px;height:205px;" src="-http://www.houzz.com/jsGalleryWidget/pro/kitchenlandinc/new_window=yes/width=240"></iframe>
Just a note, social media buttons often show up here -> http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.houzz.com%2FjsGalleryWidget%2Fpro%2Fkitchenlandinc%2Fnew_window%3Dyes%2Fwidth%3D240
Well that site is not phising but it takes canvas fingerprints, and I do not know what of the two is worse:
CanvasFingerprintBlock
Blocked 1600 potential HTML canvas fingerprinting attempts on this page
Prevented a script on -http://www.houzz.com from capturing the point (1, 8) on the following 35px × 35px canvas:
Prevented a script on -http://www.houzz.com from capturing the point (2, 8) on the following 35px × 35px canvas:
Prevented a script on -http://www.houzz.com from capturing the point (3, 8) on the following 35px × 35px canvas:

polonus (volunteer website security analyst and website error-hunter)





Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »