Author Topic: Site Blocked - URL:Phishing  (Read 53208 times)

0 Members and 1 Guest are viewing this topic.

Offline Fernando Lopes

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #135 on: March 04, 2019, 10:45:23 AM »
hello i have the same problem with my Website:
https://www.nghd.pt/
Can you unlock URL?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60711
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.8.2393.BUC - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31666
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #137 on: March 04, 2019, 01:04:15 PM »
Hi Fernando Lopes,

This was why it was actually blacklisted originally:
Threat Report
small-caution Viruses Threats found: 3 
Here is a complete list: (for more information about a specific threat, click on the Threat Name below)

Threat Name: Trojan.Gen.NPE
Location: -https://nghd.pt/editor*/create/

Threat Name: Trojan.Gen.NPE
Location: -https://nghd.pt/editor*/create/index_files/adv_m10006_de.htm

Threat Name: Direct Link To Trojan.Gen.NPE
Location: -https://nghd.pt/editor*/create/

small-caution Phishing Attacks Threats found: 1 
Here is a complete list: (for more information about a specific threat, click on the Threat Name below)

Location: -http://nghd.pt/public_    according to Norton Safe Web report info...

191 implementations for improvement: https://webhint.io/scanner/69fe8de4-be9a-406a-8a51-9ac81b716620

Scumware had it 3 months ago. Now urlvoid does not flag any longer.
Wait for an avast team member to give the final verdict, as they are the only ones to come and unblock.
We here are just volunteers with relevant knowledge. Your site still seems infested with malcode.

4 still flag  Trojan.Gen.NPE  here: https://www.virustotal.com/#/url/4075d7ea8a427ee721bf10a90a092aeca828b3f7a85d4b6345dad9c53e3e7876/detection

Seen recent (yesterdays') detections: https://www.virustotal.com/#/domain/nghd.pt
Only fortinet's here to flag: https://urlquery.net/report/b32667c7-31e9-4892-ab5e-744ddc8b2556

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: March 04, 2019, 01:27:08 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline romano.riondino

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #138 on: March 04, 2019, 01:36:30 PM »
Hi, I'm having problems with my website www.rndwss.com.
It seems recognize a phishing situation. Can you check it, please.
I can connect to it without any problem using the dedicated personal url provided by 1&1.

Regards,
Romano.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31666
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #139 on: March 04, 2019, 02:32:08 PM »
Block more than likely because of the same IP you share with a flagged domain:
https://www.virustotal.com/#/ip-address/74.208.236.102

Ask an avast team member for an exclusion of your domain,
as we here are volunteers with relevant knowledge but cannot come and unblock or exclude.

16 recommendations here: https://webhint.io/scanner/a66c2f7b-ffa3-46e7-88f0-8ee4399b6691
Vulnerabilities: Security Checks for -http://www.rndwss.com
(2) Susceptible to man-in-the-middle attacks
(2) Vulnerabilities can be uncovered more easily
Emails can be fraudulently sent
(3) Unnecessary open ports

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Ser518

  • Newbie
  • *
  • Posts: 4
Re: Site Blocked - URL:Phishing
« Reply #140 on: March 05, 2019, 10:16:36 AM »
Hello, the site is blocked by the https://bankrot.fedresurs.ru/ antivirus program, please remove it from the database of infected sites.
I can not download the document at https://bankrot.fedresurs.ru/Download/file.fo?id=1950738&type=MessageDocument
from the message https://bankrot.fedresurs.ru/MessageWindow.aspx?ID=2355C7E8F2E418F8C624CE12E4FA884C

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60711
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.8.2393.BUC - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Youssef27

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #142 on: March 05, 2019, 11:54:49 AM »
Hello i have the same problem with my Website:
https://www.selektimmo.com/



Can you unlock URL?

Genially

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60711
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.8.2393.BUC - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline savcin

  • Avast team
  • Full Member
  • *
  • Posts: 121
Re: Site Blocked - URL:Phishing
« Reply #144 on: March 05, 2019, 12:13:44 PM »
Fixed

Offline Youssef27

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #145 on: March 05, 2019, 12:31:53 PM »
thank you

Offline Ser518

  • Newbie
  • *
  • Posts: 4
Re: Site Blocked - URL:Phishing
« Reply #146 on: March 05, 2019, 12:53:33 PM »
Fixed

Please tell me the reason for hitting the site in the blacklist.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31666
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #147 on: March 05, 2019, 06:27:15 PM »
Hi

Here you can make an ascertained guess: https://www.virustotal.com/#/domain/bankrot.fedresurs.ru
Probably the Express.exe folders
Attack analysis: https://www.reverse.it/sample/483be61bcee0b7fef9773ec27cc28fcafa89ecfc8752f4b61762fbdf6101bf33?environmentId=100

Whether this is an old or a persistent question can only be answered by avast team members, as we are just volunteers with relevant knowledge, but cannot come and unblock or explain the avast detection policy/decisions. That is completely and utterly their cup of tea.

Security Checks for -https://bankrot.fedresurs.ru
(2) Susceptible to man-in-the-middle attacks SSL is not available.
(2) Vulnerabilities can be uncovered more easily
The X-Powered-By header reveals information about specific technology used on the server. This information can be used to exploit vunerabilities. The server configuration should be changed to remove this header.
Vulnerable to cross-side attacks
HttpOnly cookies not used
Emails can be fraudulently sent
SPF not enabled

Further website recommendations: https://webhint.io/scanner/84be7d8e-9dc0-4240-baf6-f1d881307ea5
Cannot be scanned properly:
Scan Failed
-http://bankrot.fedresurs.ru/

 
Unable to properly scan your site. Connection closed (your webhosting is probably blocking us)

Site Issue Detected
-http://bankrot.fedresurs.ru/404javascript.js

 
Unable to scan the page. Connection closed (your webhosting is probably blocking us)

Site Issue Detected
[http://bankrot.fedresurs.ru/404testpage4525d2fdc

 
Unable to scan the page. Connection closed (your webhosting is probably blocking us)
Why see: https://toolbar.netcraft.com/site_report?url=https://bankrot.fedresurs.ru

This still there? Re: https://www.virustotal.com/#/file/fecef91acc63413f4656be7c43b38298872fce85aa7530f1564d4cf0153496b3/detection

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline tomahawk6759

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #148 on: March 06, 2019, 06:01:37 PM »
Getting same error intermittently for www.currenrv.com

can this site be removed from list as well please

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36055
« Last Edit: March 06, 2019, 06:55:33 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.