Author Topic: Site Blocked - URL:Phishing  (Read 46907 times)

bellarmine16 and 1 Guest are viewing this topic.

Offline omayab

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #30 on: October 23, 2018, 10:59:35 AM »
Hola,

esta url:  https://app.clinic-cloud.com/ me la marca como phising cuando no es así, también he contactado con los administradores y me dicen que todo está bien. Por favor, arreglad este error, ya que es un falso positivo.

Gracias.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60267
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #31 on: October 23, 2018, 11:04:59 AM »
Please post English here, else use the forum section for your language.
-> https://forum.avast.com/index.php?board=21.0
Windows 8.1 [x64] - Avast Premium 19.7.2388.BC - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline amir39

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #32 on: October 31, 2018, 11:54:14 AM »
Hi,
Our client portal https://www.opusvirtualoffices.com/portal is being incorrectly identified as phishing, can you check this and advise?

Thanks

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60267
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #33 on: October 31, 2018, 12:28:58 PM »
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Windows 8.1 [x64] - Avast Premium 19.7.2388.BC - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #34 on: October 31, 2018, 02:00:55 PM »
Submitting your site to phishcheck.me I get an affirmative response: "{"sid": 134080, "is_success": true}".

Well, your Word Press version does not seem to be the latest, Version does not appear to be latest 4.9.8 - update now.
See the redirect here: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ll1wdXN2W310dXxsXWZmW157cy5eXW1gcF19dHxs~enc

2 vulnerable libraries detected: https://retire.insecurity.today/#!/scan/1e6ca5b7c2c1903f3150cf291d9e7ac73761acf0dbd91cf4a7951569fb2edb4e

security hints: https://webhint.io/scanner/b83394ed-e3f2-4931-9c25-99b81c5cdd38

F-grade security status: https://observatory.mozilla.org/analyze/www.opusvirtualoffices.com

See recent detections for your domain: https://www.virustotal.com/#/domain/www.opusvirtualoffices.com
with generic trojans, like Trojan-Downloader.JS.Iframe
and a PHISHING detection on -https://www.youtube.com/paypal

No longer detected or IDS flagged here: https://urlquery.net/report/31ab48af-d6b6-4f30-837b-a11968c5c988

Wait for an avast team member to give the final verdict, as we are just volunteers with relevant knowledge
as only avast team members can come and unblock detections.

polonus (volunteer website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Scott353

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #35 on: November 01, 2018, 10:44:26 AM »
OK - I excluded chinesewatchwiki.net to stop the erroneous url:phishing block, only to have Avast Online Security pop up a warning that the site could have already harmed my computer.  Bullpucky! There doesn't seem to be a way to dismiss or exclude the pop-up rendering the site unusable.

I have visited this site before with no problems, but now that I have been granted an editors account and login, Avast blocks me from using the website.

How do we get this problem corrected?

« Last Edit: November 01, 2018, 10:57:34 AM by Scott353 »

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #36 on: November 01, 2018, 12:02:35 PM »
Nothing to do with avast however, site cannot be scanned as it has an issue: https://sitecheck.sucuri.net/results/chinesewatchwiki.net
and serves up a redirect to: -http://chinesewatchwiki.net/Main_Page
and then you get an avast alert like "The site you are about to enter contains malicious content".

Re: traceroute to -chinesewatchwiki.net (-167.88.115.174), 30 hops max, 28 byte packets
Quote
1  hosted-by.2is.nl (62.221.192.2)  0.249 ms  0.233 ms  0.225 ms
 2  ae0-cr01.ams04.astralus.net (185.187.12.64)  5.265 ms ae0-cr02.ams05.astralus.net (185.187.12.66)  0.541 ms  0.543 ms
 3  ae0-cr02.ams05.astralus.net (185.187.12.35)  0.670 ms xe-3-3-0.cr0-ams6.ip4.gtt.net (46.33.81.81)  19.943 ms ae0-cr02.ams05.astralus.net (185.187.12.38)  0.594 ms
 4  ae-8.r25.amstnl02.nl.bb.gin.ntt.net (129.250.3.229)  0.721 ms xe-3-3-0.cr0-ams6.ip4.gtt.net (46.33.81.81)  19.934 ms  19.928 ms
 5  ae-5.r23.asbnva02.us.bb.gin.ntt.net (129.250.6.162)  85.464 ms ae-8.r25.amstnl02.nl.bb.gin.ntt.net (129.250.3.229)  0.699 ms  0.849 ms
 6  * ae-10.r22.snjsca04.us.bb.gin.ntt.net (129.250.6.237)  164.131 ms ae-5.r23.asbnva02.us.bb.gin.ntt.net (129.250.6.162)  93.749 ms
 7  * * *
 8  * * ae-3.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.125)  177.602 ms
 9  * ae-3.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.125)  176.261 ms  176.464 ms
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *

Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Xmhbbntze3d8dF5od1trWy5ue3Q%3D~enc

Wait for a final verdict by an avast team member as they are the only ones to come and eventually unblock,
we here are just volunteers with relevant knowledge.

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: November 01, 2018, 12:07:17 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60267
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Windows 8.1 [x64] - Avast Premium 19.7.2388.BC - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 320
Re: Site Blocked - URL:Phishing
« Reply #38 on: November 01, 2018, 05:13:13 PM »
Hello,

detection will be turned off in next stream update.

Offline Hennaboy

  • Newbie
  • *
  • Posts: 8
Re: Site Blocked - URL:Phishing
« Reply #39 on: November 06, 2018, 04:20:54 PM »
Just had this reported by a customer.

www.henna-boy.co.uk

URL:Phishing

Where? On my logo apparently, as it points to www.henna-boy.co.uk and the customer is using henna-boy.co.uk

Is this some kind of joke? I expect more from a company such as Avast.

Have they started employing children with no idea what they are doing?


Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35944
Re: Site Blocked - URL:Phishing
« Reply #40 on: November 06, 2018, 04:23:34 PM »
Just had this reported by a customer.

www.henna-boy.co.uk

URL:Phishing

Where? On my logo apparently, as it points to www.henna-boy.co.uk and the customer is using henna-boy.co.uk

Is this some kind of joke? I expect more from a company such as Avast.

Have they started employing children with no idea what they are doing?
Sucuri site check  >>  https://sitecheck.sucuri.net/results/www.henna-boy.co.uk

Norton SafeWeb  >>  https://safeweb.norton.com/report/show?url=henna-boy.co.uk


if you think it is wrong, report it  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

« Last Edit: November 06, 2018, 04:25:13 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Hennaboy

  • Newbie
  • *
  • Posts: 8
Re: Site Blocked - URL:Phishing
« Reply #41 on: November 06, 2018, 04:31:36 PM »
Yes, I had already looked at those sites. However, I should have had too as its pretty damn clear that this is a mistake. Do they just use badly written bots to determine what should be listed or not?

Absolute joke.

I have reported it and I doubt I will get any kind of reply or apology. Meanwhile, I am having to contact customers to inform them of incompetence.

How long does it take for it to be evaluated?

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35944
Re: Site Blocked - URL:Phishing
« Reply #42 on: November 06, 2018, 04:47:53 PM »
Quote
Do they just use badly written bots to determine what should be listed or not?
If you know how to detect/block this amount of malware/URLs evry day with no False Positives then evry security vendor in the world would like to know how

No security program have 100% detection or zero false positives

https://www.webarxsecurity.com/website-hacking-statistics-2018-february/

https://www.av-test.org/en/statistics/malware/





« Last Edit: November 06, 2018, 04:49:56 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #43 on: November 06, 2018, 04:55:37 PM »
Well this is making some frown at that code, maybe it was responsible for that detection, being a FP or not. ;):
Quote
587:  < /body> < /html> Content after the < /html> tag should be considered suspicious.

589:  < !-- WITHOUT CACHE: 0.10239195823669 -->
590:  < !-- WITH CACHE: 0.00049901008605957 -->
see: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lmh7bm58LWJdeS5eXS51aw%3D%3D~enc

See also 27 security recommendations here: https://webhint.io/scanner/dcc05974-b44e-4994-8c92-7e7780738957#Security

But where the URL=PHISHING is concerned I am at the end of my thether finding that out.
So wait for a final verdict from an avast team member,
as they are the ones to eventually come & unblock,
as we are just volunteers with relative knowledge about general website security.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bauerj

  • Avast team
  • Jr. Member
  • *
  • Posts: 62
Re: Site Blocked - URL:Phishing
« Reply #44 on: November 07, 2018, 07:48:25 AM »
Hi,
I disabled detection causing your site not being accessible. It should be OK after next streaming update. We are sorry for your inconvenience.
Jirka