Author Topic: My website being blocked for apparent URL:Phishing  (Read 5315 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86141
  • No support PMs thanks
Re: My website being blocked for apparent URL:Phishing
« Reply #15 on: June 21, 2021, 07:44:48 PM »
<snip>

First domain was hxxps://trusted-tattoo.com and the new domain is hxxps://trustedtattoo.ink The first site has been deleted

These are standard WordPress sites, no ecommerce, valid SSL and once scanned no malware was found. How can I get this block removed and why is it happening so quickly, can it be an IP address? Ive never had this issue before, and my client is getting annoyed! Thanks for any help


Please 'modify' your post change the URL from http to hXXps, to break the link and avoid accidental exposure to suspect sites, thanks.

As poste in this topic:
You can report this directly yo Avast - Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
Modify message

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 73605
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 22.1.6903.IBC [UI.690] - EEK - Firefox ESR 91.5 [NS/uBO/PB] - TB 91.5.1
Avast-Tools: Secure Browser 97.1 - Cleanup 21.4 - SecureLine 5.15 - Driver Updater 21.4 - CCleaner 5.89
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Jasmina

  • Newbie
  • *
  • Posts: 1
Re: My website being blocked for apparent URL:Phishing
« Reply #17 on: January 17, 2022, 09:53:07 PM »
Hello, I'm having problems with our company website - you.com. whenever our users to access it from any computer that has Avast installed it does not allow access and the attachment popup appears which states that the website is infected with URL:Phishing.

Please unblock this you.com url, thank you
« Last Edit: January 17, 2022, 10:02:23 PM by Jasmina »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86141
  • No support PMs thanks
Re: My website being blocked for apparent URL:Phishing
« Reply #18 on: January 17, 2022, 11:41:40 PM »
Hello, I'm having problems with our company website - you.com. whenever our users to access it from any computer that has Avast installed it does not allow access and the attachment popup appears which states that the website is infected with URL:Phishing.

Please unblock this you.com url, thank you

No alert when I checked.

I do get a little suspicious about sites reportedly blocked and not (link spamming, which is frowned upon), I'm a trusting sort ;)

Some other checks:
Considered a medium security risk - https://sitecheck.sucuri.net/results/you.com
Some vulnerabilities affecting your website - https://snyk.io/test/website-scanner/?test=220117_BiDcCD_923b5adc40bae165c2ab3542361f43af&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33453
  • malware fighter
Re: My website being blocked for apparent URL:Phishing
« Reply #19 on: January 18, 2022, 05:57:22 AM »
Links seem OK Source: hackertarget word press scan -
Quote
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Security-Policy-Report-Only: script-src 'nonce-ZpzbxmAL1kUUS8wUnIOBeQ' 'report-sample' 'self' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https: https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com; object-src 'none'; img-src 'self' *.fls.doubleclick.net *.google.com data: https://www.google-analytics.com www.googletagmanager.com; connect-src 'self' *.g.doubleclick.net https://www.google-analytics.com; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chrome; base-uri 'none', require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chrome
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="uxe-owners-acl/chrome"
Report-To: {"group":"uxe-owners-acl/chrome","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/uxe-owners-acl/chrome"}]}
Date: Tue, 18 Jan 2022 04:51:34 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Last-Modified: Wed, 05 Jan 2022 19:00:00 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Transfer-Encoding: chunked
&
Quote

3rd party cold recon passive Analysis of WordPress Site(s)
Valid Target(s)
www.example.com
https://example.com/
192.16.1.1
Passive Analysis
.
Automated analysis of http://you.com that redirected to https://you.com/

SERVER DETAILS
Web Server:
cloudflare
IP Address:
172.66.43.199
Hosting Provider:
CLOUDFLARENET
Shared Hosting:
451 sites found (use Reverse IP to download list)
Title:
Please Wait... | Cloudflare

0
issues

A check of threat intelligence sources and blacklists was performed against the hostname and IP address of the target. The findings will identify reputation issues or even the presence of malicious code.

DShield    CLEAN
AlienVault OTX      CLEAN
Cisco Talos    CLEAN
abuse.ch (Feodo)    CLEAN
URLhaus    CLEAN
Spamhaus (Drop / eDrop)    CLEAN
   
Google Safe Browsing is maintained by Google and used to by Chrome to warn users that they are about to visit a malicious site. Use the link to perform a live check of the target site.
   
Virus Total is a powerful analysis engine that uses threat intelligence and antivirus to help researchers track malware.  References found on Virus Total may contain live malware. Use with caution.
If the IP address of a shared hosting server is listed in a blacklist, it may simply indicate one of the hosted websites has been compromised. It does not neccessarily indicate an immediate threat to another site on the same host, but should be investigated. Multiple listings from a shared hosting server may indicate a hosting service with poor reputation or poor security practices.

 Take care visiting the listed threat intelligence resources. Links, hosts and references found on these sites contain live malware and should be treated with caution unless you know what you are doing.

 
There are likely more plugins installed than those listed here as the detection method used here is passive. While these results give an indication of the status of plugin updates, a more comprehensive assessment should be undertaken by brute forcing the plugin paths  using a dedicated tool.

 
  Linked Sites
Reputation checks have been performed on the IP address for each of the linked sites. Hosts found on blacklists with poor reputation may be a threat to users of the site. Hosting and locations are also included in the results.

Externally Linked Host   Hosting / Company Netblock   Country   
     chrome.google.com   GOOGLE         
     www.cloudflare.com   CLOUDFLARENET         
 Login for WordPress Enumeration & Vulnerability Scanners
Aggressive enumeration of plugins, themes, version and interesting urls.

 
Re:
Date: Tue, 18 Jan 2022 04:55:26 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 6cf53b25bfa782ed-IAD
Age: 113
Cache-Control: max-age=120
Expires: Tue, 18 Jan 2022 04:53:48 GMT
Last-Modified: Tue, 18 Jan 2022 04:52:47 GMT
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
CF-Cache-Status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Set-Cookie: __cf_bm=L0EP.E0zOutScFfjwNzkBNY.gEfaVqNWsqrQ42idatI-1642481726-0-AYXyHMW7ybzQ+TlPfP8y77f23sz5A2se02+ojR7rnKid+UpuFqhBlEAkVCjUujyIoa2DpfYyd8itHf3+MLqCtwtVTKF0uqemSeD1HylTrLV0; path=/; expires=Tue, 18-Jan-22 05:25:26 GMT; domain=.www.cloudflare.com; HttpOnly; Secure
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BNlQz9y0USohniZStwhlu6huOYEIqjYD6E%2BoGNSLE67CWe2qJ8AKtf6rkBQ2Bu2BtCvoP7wyhDBVNbLWOIVCWUXH%2BrEKVdQNtV4cs9LEdpM%2BsNqlTRzD0ZB%2BjtLu8lD9w419UF6N3KY4elF%2Fmyhb%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

polonus
« Last Edit: January 18, 2022, 06:07:30 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!