Site Blocked - URL:Phishing

[jefferson sant]

Hello there,

My website hxxps://www.sertifier.com/ is being listed as one of phishing sites to Avast users.

Can you please enlighten me on this issuse? I hace checked my website for many times about malware issues but sees none. Can you please fix this issue?

The detection of the removed by AVG today 17.09.2019 at 09:27 in the morning

The detection by AVG was incorrect and was removed in a recent AVG update, please wait at least 24 hours.

Avast has been confirmed that it is no longer being blocked.

please unblock 4ce.ca and its subdomains.....

There was never any phishing and as the ite is a url shortener, i would like if you apply the same rules you do for sites like bit.ly to this one.

https://safeweb.norton.com/report/show?url=4ce.ca

Detection was removed yesterday

[Anon5]

Our site is being listed as one of phishing sites http://zero400photo.com.au/

Could you please remove it from the blocked list.

[Shabbir Ahmad]

URL detection disabled.

My site still blocked: as there is not phishing things in it, its cleaned.

http://connect.brooklynmusicfactory.com/

Please unblock it.

[Asyn]

Our site is being listed as one of phishing sites hxxp://zero400photo.com.au/

Could you please remove it from the blocked list.

-> https://sitecheck.sucuri.net/results/zero400photo.com.au

[polonus]

@Shabbir Ahmad,

There is code after html that is suspicious anyways: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Xl1ubntedC5ifV1da2x5bm11c1teZnxedF19eS5eXW1g~enc

VT does not flag: https://www.virustotal.com/gui/url/00c35e15a2926244f6b6e0c648c6098cd21f5292fe643415662484f2610ebf8a/detection

Wait for an avast team member to give a final verdict, they are the only ones to come and unblock,

xJavaScript error: File not found: hxtp://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js

ReferenceError: $ is not defined
 /login.php:53

C+ privacy grade: This website is insecure.
66% of the trackers on this site could be protecting you from NSA snooping. Tell -brooklynmusicfactory.com to fix it.

Identifiers | All Trackers
 Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

 -cdnjs.cloudflare.com__cfduid
-3r8vm6njnjptpou6lkglh50dr7 connect.brooklynmusicfactory.comphpsessid

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

P.S. Seems to me that website is no longer flagged by avast's.

[DavidR]

You have got your answer, use the process of reporting what you consider an FP in the link that I provided.  That goes directly to avast and the avast virus team.  Only they can deal with it.

Making multiple posts on the same issue how it is done, it just means multiple people end up responding and as mentioned above isn't going to get the direct attention you require. 

Most respondents in the forums are Avast Users, not Avast Team (seen in the info to the left of posts) so can't remove your site without it being investigated by avast.

Sites are only flagged by Avast (not by being reported by anyone) so only they can remove it.

[Pondus]

The link provided only gives the option of giving a link with almost no info, so what can be said there? Nothing.

You can when they reply to your mail

[Anon5]

Our site is being listed as one of phishing sites hxxp://zero400photo.com.au/

Could you please remove it from the blocked list.

-> https://sitecheck.sucuri.net/results/zero400photo.com.au

My site still blocked and also our site is cleaned.

[jefferson sant]

Our site is being listed as one of phishing sites hxxp://zero400photo.com.au/

Could you please remove it from the blocked list.

-> https://sitecheck.sucuri.net/results/zero400photo.com.au

My site still blocked and also our site is cleaned.

Detection will be removed tomorrow
Already submitted to virus lab

[Arsalan6]

I am having similar problem for my domain www.pakarmoring.com/  kindly remove the block

[DavidR]

I am having similar problem for my domain www.pakarmoring.com/  kindly remove the block

As has been mentioned before, several times in this topic.

You can report it - Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php and it will be investigated.

[jefferson sant]

Our site is being listed as one of phishing sites hxxp://zero400photo.com.au/

Could you please remove it from the blocked list.

-> https://sitecheck.sucuri.net/results/zero400photo.com.au

My site still blocked and also our site is cleaned.

Detection was removed on 25.09.2019 at 06:49 AM

Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

[jefferson sant]

My site still blocked: as there is not phishing things in it, its cleaned.

hxxp://connect.brooklynmusicfactory.com/

Please unblock it.

Detection was removed on 25.09.2019 at 07:11 AM.

Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

[polonus]

Site has been reported for PHISHing at: -http://pakarmoring.com/wp-content/upd/gdoc/yahoo.php

Wrong settings enabled for User Enumeration in CMS:
 User Enumeration
  The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   arsalan   arsalan
2   None   None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Wrong settings for Directory Listing set:
  Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Website had at one moment: Threat Name:Web Attack: Ransomlock Website
Location:-http://pakarmoring.com/wp-includes/jx/newp/ii.php

Threat Name:Web Attack: Ransomlock Website
Location:-http://pakarmoring.com/wp-includes/cx/gdoc/

Retirable jQuery libraries detected: https://retire.insecurity.today/#!/scan/49e7ed2f336379e4b9c4a8e4fc495cb96687dfafea9196345c2bb56f4ac61f8f

147 Linting recommendations: https://webhint.io/scanner/4b692cee-d349-4fc9-9ef1-a07d145c558f

4 engines that detect: https://www.virustotal.com/gui/url/db0596f2296e8135e788862827f9cce9a75cfab997e862b9d43bf7568f22d92f/detection
IP blocklisted and various detections on your website: https://www.virustotal.com/gui/ip-address/69.73.184.160/relations

Seems no longer blocked by avast's, as website coming soon. 


polonus (3rd party cold recon website security analyst and website error-hunter)

[jefferson sant]

I am having similar problem for my domain wxw.pakarmoring.com/  kindly remove the block

Detection has been removed in 26.09.2019 at 04:20 AM.

Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.