Author Topic: Site Blocked - URL:Phishing  (Read 110199 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32617
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #105 on: January 03, 2019, 04:01:36 PM »
Hi arni.gx

This is "brandal" injection code, read background info-> https://gist.github.com/donnykurnia/2356dad4119ce85d18d18708914c60e3

ESET now also flags at VT: https://www.virustotal.com/pl/url/1a03f8b8845c617cc09bddb61be8e7ba6c58576aa9435a1cd4ce079ded8d27cb/analysis/

Blacklisted site: https://sitecheck.sucuri.net/results/p01.notifa.info

See the obfuscated code and what it injects here: http://ddecode.com/hexdecoder/?results=8d7ce702e150b7b84926e9b0a929022c
going to and considering: https://urlscan.io/result/283f261b-8f3c-481c-9618-efc9c1d9b207/content/
IP also seen as PHISHING thrice: https://checkphish.ai/ip/118.97.116.2

Seen: 3 times in last 30 days

ASN: AS17974

ISP: TELKOMNET-AS2-AP PT Telekomunikasi Indonesia

Selamat Tahun Baru 2019,

polonus  (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline arni.gx

  • Newbie
  • *
  • Posts: 15
Re: Site Blocked - URL:Phishing
« Reply #106 on: January 03, 2019, 05:38:38 PM »
Hi arni.gx

This is "brandal" injection code, read background info-> https://gist.github.com/donnykurnia/2356dad4119ce85d18d18708914c60e3

ESET now also flags at VT: https://www.virustotal.com/pl/url/1a03f8b8845c617cc09bddb61be8e7ba6c58576aa9435a1cd4ce079ded8d27cb/analysis/

Blacklisted site: https://sitecheck.sucuri.net/results/p01.notifa.info

See the obfuscated code and what it injects here: http://ddecode.com/hexdecoder/?results=8d7ce702e150b7b84926e9b0a929022c
going to and considering: https://urlscan.io/result/283f261b-8f3c-481c-9618-efc9c1d9b207/content/
IP also seen as PHISHING thrice: https://checkphish.ai/ip/118.97.116.2

Seen: 3 times in last 30 days

ASN: AS17974

ISP: TELKOMNET-AS2-AP PT Telekomunikasi Indonesia

Selamat Tahun Baru 2019,

polonus  (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

so, how to block those ip address in avast firewall or avast antivirus free ??

because everytime iam open firefox or chrome, those phising alarm still there....
« Last Edit: January 03, 2019, 10:46:05 PM by arni.gx »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66061
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #107 on: January 04, 2019, 10:26:40 AM »
Start a new topic and post your logs there: https://forum.avast.com/index.php?action=post;board=4
Instructions (basic diagnostic logs): https://forum.avast.com/index.php?topic=194892.0
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline dzenan2

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #108 on: January 15, 2019, 09:05:13 AM »
Hello,

My site empanda.info is blocked for phishing and I believe it is a false positive.
Do I report issue here or there is another place to do it?
Other malware check tools report no malware:
http://urlquery.net/report/48cf3e86-8984-45d6-bf65-c47c4980446b
https://sitecheck.sucuri.net/results/https/empanda.info

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2167
Re: Site Blocked - URL:Phishing
« Reply #109 on: January 15, 2019, 09:11:51 AM »
Hello,
the best way to report it is https://www.avast.com/false-positive-file-form.php

Milos

Offline dzenan2

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #110 on: January 15, 2019, 09:32:52 AM »
Thank you Milos. I reported the issue. Any idea how fast I could expect reaction? I have clients depending on the resources from the web application at this location. This situation is most unfortunate.
Best
« Last Edit: January 15, 2019, 09:38:20 AM by dzenan2 »

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2167
Re: Site Blocked - URL:Phishing
« Reply #111 on: January 15, 2019, 10:22:35 AM »
IIRC less in 24 hours.

Milos

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32617
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #112 on: January 15, 2019, 04:20:58 PM »
Witam zdenan2,

Re: https://urlquery.net/report/9eaae1b3-3c05-4895-8795-46570da46c2c
No retirable code detected. That is OK.

The website is still accessible over http is the main threat here.
Interference from -http://jingaster.host/index.php?a=stats&u=christalhargrove
& -http://jacknichlson.mihanblog.com/post/5/
as
Quote
<meta http-equiv="REFRESH" content="0;url=httxs://www.empanda.info/Members/Default.aspx" />
This all via http - on https 0 sinks and 0 sources for DOM-XSS vulnerabilities.

F-grade results here: https://observatory.mozilla.org/analyze/www.empanda.info
A mere 6 hints here: https://webhint.io/scanner/3d2d065a-5769-45dd-9b1a-7b66fa86b28a#Security
12 security issues: https://webscan.upguard.com/#/https://www.empanda.info

pozdravi,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: January 15, 2019, 04:23:53 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline JewelsR

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #113 on: January 26, 2019, 03:36:12 AM »
I am having the same issue on fortwayneppd.org.  I can't get in to work on the website or even see it.  We had a phishing issue, but scorch-earthed the site and put in some heavy software to keep out spammers.  Is there a way to get my website off the blacklist?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66061
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #114 on: January 26, 2019, 05:17:44 AM »
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32617
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #115 on: January 26, 2019, 01:44:24 PM »
Hi  JewelsR,

Start with updating your PHP version (Outdated and therefore vulnerable), then try to get rid of McAfee's blacklisting.
Start to use best policies: 82 hints -> https://webhint.io/scanner/5a1ff50f-c40a-4f40-8d12-c3192dde6ecb
of which 30 security related: https://webhint.io/scanner/5a1ff50f-c40a-4f40-8d12-c3192dde6ecb#Security

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline spgopinath18

  • Newbie
  • *
  • Posts: 4
Re: Site Blocked - URL:Phishing
« Reply #116 on: January 29, 2019, 04:59:26 PM »
Hello, I'm having problems with my website (http://www.learninfinity.info/), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36730
Re: Site Blocked - URL:Phishing
« Reply #117 on: January 29, 2019, 05:05:36 PM »
Hello, I'm having problems with my website (http://www.learninfinity.info/), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.
What attachment popup ?

This is what TrendMicro say > Sites whose addresses have been found in spam messages


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php



« Last Edit: January 30, 2019, 05:39:22 PM by Pondus »

Offline =Snake=

  • ..... minden elfelejtettem.
  • Starting Graphoman
  • *
  • Posts: 6195
Re: Site Blocked - URL:Phishing
« Reply #118 on: January 29, 2019, 06:04:54 PM »
Hello, I'm having problems with my website (http://www.learninfinity.info/), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.
What attachment popup ?
Maybe my screenshots can help.
 ;)
Main:AMD LE1620,W7ult SP1 | MS-7091,P4,XPpro SP3 | AMD-Athlon 1800+ (W7ult SP1 + XP pro SP3,FFesr 45.9,TB 45.8,CC 5.11)|
Laptops: Acer Aspire V5-591G,W10 Home[x64] v1909 (Build 18363.959) | HPI_2020M,W8.1 pro[x64] | Amilo Xi2428,W8.1 pro | MD95400,W7ult SP1 | MD97400,XP pro SP3|
FF 68.11.0esr[NS,AOS,ABP],TB 68.10.0,MCS,CC 5.69,MBAM,MBAE, FW (XP+W7):CIS 3.14[FW,D+],AV:Avast Free [XP+W7:10.4.2233] 19.8.2393|

Offline AstucesWordpress

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #119 on: January 30, 2019, 03:41:32 PM »
I also have a problem with Avast and my website : https://www.astuceswordpress.fr  :'(

URL:pishing with my favicon (https://www.astuceswordpress.fr/favicon.ico) detected by Avast