Author Topic: Site Blocked - URL:Phishing  (Read 59867 times)

0 Members and 2 Guests are viewing this topic.

Offline rfontes

  • Newbie
  • *
  • Posts: 3
Site Blocked - URL:Phishing
« on: April 18, 2018, 06:52:23 PM »
Hello, I'm having problems with my website (www.jetfilm.com.br), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.

Excludes all content from the domain (folders / files) and the site is still blocked. Before that I asked Avast support to put the site on the false positive list and the response was as follows: "Detection is correct and will be maintained." That is, it is still being accused as a phishing site.

Offline LukasJ

  • Avast team
  • Jr. Member
  • *
  • Posts: 74
Re: Site Blocked - URL:Phishing
« Reply #1 on: April 18, 2018, 08:00:39 PM »
Hi,
URL block was disabled.

Lukas

Offline rfontes

  • Newbie
  • *
  • Posts: 3
Re: Site Blocked - URL:Phishing
« Reply #2 on: April 18, 2018, 08:11:21 PM »
Hello, the URL is still blocked by Avast. Please, could Avast's analysis lab give me more information about my case, if it is a file or form of the site that is causing the problem of "Phishing"?

Offline rfontes

  • Newbie
  • *
  • Posts: 3
Re: Site Blocked - URL:Phishing
« Reply #3 on: April 18, 2018, 08:42:15 PM »
Hello LukasJ, the URL is unlocked, thank you! Is there still a possibility that the URL will be blocked or the Avast lab made a mistake?

Offline LukasJ

  • Avast team
  • Jr. Member
  • *
  • Posts: 74
Re: Site Blocked - URL:Phishing
« Reply #4 on: April 18, 2018, 10:33:54 PM »
This URL block was based on phishing feeds eight months ago.
Of course, if there will be malicious content in the site, then the site will be blocked again.

Offline sissi fanelli

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #5 on: June 04, 2018, 11:58:51 PM »
Hi,
I too have the same problem with my site: genesisconsulting.it
despite the RADICAL renewal effort of the website (deletion of all the old server and database folders), it continues to be blocked on all the computers on which the Avast (Internet Security) antivirus has been installed. . In fact, the loading of the pages of the site is automatically canceled and the following message appears as a pop-up ("URL-infected connection: Phishing") --> see Attachment

I have done other research on the most important blacklist sites, but this domain is NOT absolutely infected!
How can I unlock the website to delete these incorrect reports?

Offline bauerj

  • Avast team
  • Jr. Member
  • *
  • Posts: 62
Re: Site Blocked - URL:Phishing
« Reply #6 on: June 05, 2018, 09:01:49 AM »
Hi,
Thank You for reporting. I removed genesisconsulting[.]it from our blacklist. We are sorry for any inconvenience You may have experienced.
Jirka

Offline educateurs

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #7 on: August 27, 2018, 09:44:10 AM »
hello i have the same problem with my Website:
http://www.st-antoine-ste-sophie.fr
Can you unlock URL?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61132
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31764
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #9 on: August 27, 2018, 06:19:53 PM »
As Asyn stated spammy looking link there:
A link with funky anchor text? Yes there is. affirmed:

<a style="color: #000000" href="htxp://edmedforsale.com">generic viagra</a>  in line 362 of the website code
-> https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LnN0LXxudF1bbnstc3R7LXNdcGhbey5mfQ%3D%3D~enc

3 vulnerable jQuery libraries flagged: https://retire.insecurity.today/#!/scan/a74fec90c9c30e12fad38114dcb4e5c009d4fc1fbe0e90734f7a0498280c9461

Web rep OK - Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
Apache
X-Powered-By:
None
IP Address:
213.186.33.50
Hosting Provider:
OVH SAS 
Shared Hosting:
20511 sites found on 213.186.33.50

Multiple PHP vulnerabilities: https://www.cvedetails.com/version/194835/PHP-PHP-5.4.45.html

Word Press CMS - Site is Outdated
(using WordPress version from source: 4.2.21)

Warning on configuration: Directory Indexing Enabled

In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Not observed: https://urlscan.io/domain/www.st-antoine-ste-sophie.fr  (Is there something hosted on this domain?).

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline savcin

  • Avast team
  • Full Member
  • *
  • Posts: 121
Re: Site Blocked - URL:Phishing
« Reply #10 on: August 28, 2018, 10:26:26 AM »
URL detection disabled.

Offline JoJa15

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #11 on: September 02, 2018, 07:57:41 AM »
My site https://warbrokers[.]io is also blocked. I did a URL scan and nothing is wrong with it:
https://sitecheck.sucuri.net/results/warbrokers.io

Can you please unblock it?

How do these things happen also? Does someone need to report the site or does it get caught up in automated detection?
« Last Edit: September 03, 2018, 07:54:11 AM by HonzaZ »

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31764
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #12 on: September 02, 2018, 03:08:50 PM »
Only hick-up I see there is for
Quote
www.googletagmanager.com/gtm.js?id=GTM-MPHTW35 benign
[nothing detected] (element) -www.googletagmanager.com/gtm.js?id=GTM-MPHTW35
     status: (referer=-www.google-analytics.com/)saved 93124 bytes d535765a4a69fc481830680d0fca6e66da01685f
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: d535765a4a69fc481830680d0fca6e66da01685f: 93124 bytes
     file: e0cdc6fc6cf34166af42a4c766ecc265a08a3cf0: 93370 bytes
     file: ae87146e8240a533ad6f2d7f6dbbbae90abc1e93: 93376 bytes
     file: f30e864604f4ddebdcccaa703029008d6e20332f: 93585 bytes
     file: c122d8be06c7ef5e9af3a08cb6a59ab2e0f0ac34: 93777 bytes
     file: 3f0b9cad1c1856ebf81276a6c3f2c6a96070707f: 93491 bytes
     file: bbd1d90f184e60d65e057de0a26f4eb677f7bf2e: 93615 bytes
&
Quote
-www.google-analytics.com/static/js/index.min.js (not a vulnerable library)...
     info: [decodingLevel=0] found JavaScript
     error: undefined variable f 

That's all -> https://urlquery.net/report/dbb091bd-f423-4ec5-8254-c032c4dfa70a   (no alerts)
Also consider scan results here: https://sitecheck.sucuri.net/results/www.googletagmanager.com#

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: September 02, 2018, 07:01:07 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline JoJa15

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #13 on: September 03, 2018, 01:07:12 AM »
Hi Polonus,

Thank you for the response. So based on what you showed the site shouldn't be blocked for URL:Phishing right?

Do you know how sites end up getting caught as false positive for something like this? Is it some accidental auto thing or is someone being malicious against my site and reporting it when it is fine?

Thank you for your help and your response.

Best Regards,
JoJa15

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1126
Re: Site Blocked - URL:Phishing
« Reply #14 on: September 03, 2018, 07:54:56 AM »
Hi,
warbrokers[.]io doesn't seem to be blocked now – if you still have trouble accessing it, please let us know.