« previous next »
Pages: [1]   Go Down

Author Topic: (Solved)A Phishing website not flag by AOS or Webshield  (Read 961 times)

0 Members and 1 Guest are viewing this topic.

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
(Solved)A Phishing website not flag by AOS or Webshield
« on: September 07, 2017, 10:22:51 AM »
hXXps://formcrafts.com/a/29982
BitDefender & Fortinet flag it as a Phishing.
https://www.virustotal.com/#/url/824220468d7db7c71cdaa18f372fce7635bb62c69723563f14921a49e7047e63/detection

Logged
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: (Solved)A Phishing website not flag by AOS or Webshield
« Reply #1 on: September 07, 2017, 01:00:09 PM »
IP and domain flagged here: https://otx.alienvault.com/indicator/ip/159.203.154.213/?utm_medium=InProduct&utm_source=ThreatCrowd
Not yet given here: https://urlscan.io/result/bab5f1fa-377e-4d3b-9390-8c4efd918dd4/#summary
laravel-cookie issue, read on background here: https://github.com/laravel/framework/issues/1462
Server: nginx/1.4.6 (Ubuntu)
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks. But...good news — none of the requests made to the site returned a cookie not flagged as "HttpOnly".
Insecurity in one jQyery library detected: http://formcrafts.com/a/29982
Then iit is good we have same origin upheld here with A-Grade status: https://sritest.io/#report/d1227b9c-7a3f-4eda-a736-b50b364466c0

F-Grade status found and recommended change proposed here: https://observatory.mozilla.org/analyze.html?host=formcrafts.com

Ready for modern technology and best practices, only score 52%: https://en.internet.nl/domain/formcrafts.com/92566/

Malware detected, MX and DNS issues found: https://threatintelligenceplatform.com/report/formcrafts.com/VlNpFKlcor
for outsend mail consider: http://toolbar.netcraft.com/site_report?url=http://o16789118x48.outbound-mail.sendgrid.net
Sendgrid has certificate installed as root on the server (warning).  Go Daddy chain certificate (root and tested G2)...
BIGIP -  SSH Private Key vulnerability using SAINT exploitable? No, on non-public cloudflaressl...cloudflare abuse...

Various instances still do not list the PHISHing:
Web of Trust: Safe Web Search & Browsing   OK   Status: safe
Yandex Safe Browsing   OK   Status: safe
Phish Tank   OK   Status: safe
Virus Total suspicious URLs analyser   Failed   Status: dangerous
BitDefender - phishing site

Google Safe Browsings   OK   Status: safe

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »