phishing websites

[Christophe2]

ok thanks, but if i disable avast, then it doesn't work.

with the extension, even if avast is disabled, it shows all the time

thanks

[Asyn]

1. ok thanks, but if i disable avast, then it doesn't work.
2. thanks

1. Well, an expected result.
2. De rien.

[Christophe2]

Hi Avast team,

You forgot to add these links.

Please update your database urgently!

Thanks

Christophe

[polonus]

Cristophe2,

Merci bien,

Easy to establish these new sites are not secure, example:
https://www.scamadviser.com/check-website/grandsecretduweb.com

Also listed at blocklist.de -> https://www.abuseipdb.com/check/91.216.107.158
Operateur: https://registrydb.com/facebookaccounthack.net  (www.lws.fr/ abuse).
This website looks like it's hosted on a compromised server - 5 problems: https://mxtoolbox.com/domain/lws-hosting.biz/

Also apparently here non-public CloudFlare abuse is involved: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.lws.info%2F

wXw.lws.info

Please contact the Certificate Authority for further verification.
This server cannot be scanned for these vulnerabilities:
Heartbleed
Server scan unsuccessful.
Poodle (TLS)
Server scan unsuccessful.

Common name:
 sni59442.cloudflaressl.com
SAN:
 sni59442.cloudflaressl.com, *.a-a-hebergement.com, *.alain-prost.com, *.alain-prost.fr, *.ayrton-senna.fr, *.black-ravens.org, *.comparateur-hebergeur.com, *.domushellas.com, *.easyvaluedomain.com, *.eldrug.gr, *.fabbri-racks.co.uk, *.fabbri-racks.com, *.full-range-print.com, *.giannouris.net, *.hebergementwordpress.fr, *.hebergeur-discount.com, *.hostingrd.biz, *.isolo.biz, *.karampoula.gr, *.karampoulas.com, *.lws-hosting.be, *.lws-hosting.ch, *.lws-hosting.eu, *.lws.info, *.lws.lu, *.lwshosting.name, *.m52.ms, *.meilleurhebergeurweb.net, *.mister-hosting.fr, *.misterhosting.com, *.nietraco.nl, *.palchateo.chat, *.proland-estate.com, *.pure-biltong.co.uk, *.pure-biltong.com, *.purebiltong.co.uk, *.registrar-domain-name.com, *.ruedudomaine.com, *.ruedudomaine.fr, *.selflevelingcompounds.co.uk, *.top10hebergeursweb.com, a-a-hebergement.com, alain-prost.com, alain-prost.fr, ayrton-senna.fr, black-ravens.org, comparateur-hebergeur.com, domushellas.com, easyvaluedomain.com, eldrug.gr, fabbri-racks.co.uk, fabbri-racks.com, full-range-print.com, giannouris.net, hebergementwordpress.fr, hebergeur-discount.com, hostingrd.biz, isolo.biz, karampoula.gr, karampoulas.com, lws-hosting.be, lws-hosting.ch, lws-hosting.eu, lws.info, lws.lu, lwshosting.name, m52.ms, meilleurhebergeurweb.net, mister-hosting.fr, misterhosting.com, nietraco.nl, palchateo.chat, proland-estate.com, pure-biltong.co.uk, pure-biltong.com, purebiltong.co.uk, registrar-domain-name.com, ruedudomaine.com, ruedudomaine.fr, selflevelingcompounds.co.uk, top10hebergeursweb.com

COMODO ECC cert chain PositiveSSL Multi-Domain,Domain Control Validated

polonus

[Christophe2]

Hi,

Thanks!

But did you updated your database to blocks them?

Thanks

Best Regards

[polonus]

Hi Christophe,

We here are just volunteers with relevant knowledge, we cannot block or unblock, that is only for Avast Team Members.
Hopefully one of them will add it to their list.

polonus (volunteer website security analyst and website error-hunter)

[Christophe2]

hi, ok thanks

[polonus]

Hi Christophe2,

This one is redirecting and probably also not flagged: https://www.virustotal.com/#/url/c63192ddd6f207802f413f79e78f44387cca37e098566de66dea0a10a61ad4f1/detection
re: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=huit.re%2Fept&ref_sel=GSP2&ua_sel=ff&fs=1

Status codes
These should normally all be the same.

GoogleBot returned code 301 to -http://ona.davidgagnon.org/ban/oyv
Google Chrome returned code 301 to -http://ona.davidgagnon.org/ban/oyv

See: http://toolbar.netcraft.com/site_report?url=http://ona.davidgagnon.org
and consider: http://toolbar.netcraft.com/site_report?url=https://id.orange.fr

This link comes blocked by a good ablocker: -https://all.orfr.adgtw.orangeads.fr/js/ora_authen.identification?sKW=%27+encodeURI(oan_siteKeywords)+%27&sCT=%27+encodeURI(oan_siteContentTopic)+%27

polonus

[Christophe2]

Hi Avast team,

Did you updated these dangerous websites to your database?

Thanks

[Christophe2]

up please

[savcin]

Will be detected

[Christophe2]

Hi savcin,

Thanks, please see a new list of dangerous scam websites:
Please update them to Avast database urgently.

Thanks

Best Regards

[Christophe2]

please make the update

thanks

[polonus]

Hi Christophe2,

What is that phishing in the first example, I cannot get sources: https://urlquery.net/report/95e644e5-849e-46b5-ae1f-34a2e6d2931c
Re: http://www.isithacked.com/check/hack-facebook.com  &  http://retire.insecurity.today/#!/scan/aa5a8294f81af88f8d10b5e839cb05fed8f017f2f6d9d12fc5fd7f0f3fe5b24c
and https://privacyscore.org/site/35082/
Is it through a tracking cookie? What script is performing it here?

polonus

[Christophe2]

Hi,

It's phishing because it claims to be facebook official website to get password recover.

new list:
please update it urgently!