Author Topic: Site Blocked - URL:Phishing  (Read 158982 times)

0 Members and 1 Guest are viewing this topic.

Offline Hennaboy

  • Newbie
  • *
  • Posts: 8
Re: Site Blocked - URL:Phishing
« Reply #45 on: November 07, 2018, 08:41:27 AM »
Thanks. Streaming occurs when? daily or more frequent.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37028
Re: Site Blocked - URL:Phishing
« Reply #46 on: November 07, 2018, 08:45:17 AM »
Thanks. Streaming occurs when? daily or more frequent.
Evry 5-15 minutes

You may run a manual Update and reboot


Info from 2012.   https://press.avast.com/avast-software-streaming-updates-for-all-with-the-newa-avast-7

« Last Edit: November 07, 2018, 08:49:57 AM by Pondus »

Offline Hennaboy

  • Newbie
  • *
  • Posts: 8
Re: Site Blocked - URL:Phishing
« Reply #47 on: November 07, 2018, 09:56:49 AM »
I dont use avast or norton products so unable to check. Thanks for the information and that cache text has also been removed.

Norton state that it takes up to a week to remove their block which is it looks this whole mess has stemmed from. How it takes a week to update their users I have no idea but I am thankful for the quick response from Avast on this.

Offline Kame-style

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #48 on: November 08, 2018, 11:44:38 AM »
Hello,

My website www.my-footmania.com is often blocked by Avast for no reason. The website is hosted by Shopify, with a secured structure.

https://screenshot.click/07-57-r2fcf-uzqof.jpg

Would you please remove it from your blacklist?

Thank you

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70583
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 21.5.6346.B5i [UI.645] - EEK - Firefox ESR 78.11 [NS/uBO/PB] - TB 78.11
Avast-Tools: Secure Browser 91.0 - Cleanup 21.1 - SecureLine 5.12 - Driver Updater 21.1 - CCleaner 5.81
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33194
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #50 on: November 08, 2018, 03:22:28 PM »
Hi Kame-style,

Detection is most likely because of IP driven malware: https://ransomwaretracker.abuse.ch/ip/23.227.38.64/
and maybe through other domains' abuse, which are sharing that same IP, like you:
https://cymon.io/23.227.38.64
See comment and reports here: https://www.abuseipdb.com/check/23.227.38.64

Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lm15LWZdXXRtfG5bfC5eXW1g~enc

No response as shown here: https://urlquery.net/report/e3fddf63-1124-4ef4-b077-543679fd0d8f
resolving to 0.0.0.0
Netcraft risk grade = 1 red out of 10: https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.my-footmania.com+

84 security related recommendations to be found here: https://webhint.io/scanner/902082f2-7142-409a-9327-710d3eea72ed#Security

Wait for an avast team member to give a final verdict on your website as they are the only ones to come and unblock. We here are just volunteers with relevant knowledge on website security.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Fernando427

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #51 on: November 14, 2018, 08:25:42 PM »
Hello,

My site http://orquidea.trensu.com is being reported as Phishing, but I can't find anything that's wrong with it.
Could you please unblock it?

Thanks!

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5420
  • Spartan Warrior
Windows 10 Home 64-bit 20H2 Avast Premier Security version 21.3.2459 (build 21.3.6164.652) UI version 1.0.612.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33194
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #53 on: November 14, 2018, 10:28:23 PM »
Location of the PHISHing: -Location: -http://trensu.com/htm/costumer-verifiacation-reviews-logins
See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=dH17bnN1Ll5dbWBodG1gXl1zdHVte30tdnt9W2ZbfF58dFtdbi19e3Zbe3dzLWxdZ1tucw%3D%3D~enc
On IP you share: https://www.threatcrowd.org/ip.php?ip=198.38.82.159
SOPHOS & Spamhaus and fortinet's flag your site: https://www.virustotal.com/#/url/185af2168e2b4e507983e72843d9032fa69fde7b07c7dd4da55873f2ad4fbc97/detection  Domain is being studied.

Wait for an avast team member to give a final verdict on their detection, as we are just volunteers with relevant knowledge, but cannot come and unblock.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Hennaboy

  • Newbie
  • *
  • Posts: 8
Re: Site Blocked - URL:Phishing
« Reply #54 on: November 24, 2018, 04:01:20 PM »
Back again. Customer has reported that my site is still flagged as url phishing by her avast software.

So was cleared just over 2 weeks ago.

Could another user as I do not use this software check please.

https://www.henna-boy.co.uk




Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33194
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #55 on: November 24, 2018, 06:48:29 PM »
Hi Hennaboy,

Given green but with open cart recommendations:
https://webscan.foregenix.com/webscan_results.html?scanid=857b64dc_56ba_40d0_85a7_99341cd9f74b

The server sent a Server header, this may leak server technology and version information.
Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lmh7bm58LWJdeS5eXS51aw%3D%3D~enc
C-grade scan results here: https://observatory.mozilla.org/analyze/www.henna-boy.co.uk
E-mails can be fraudulently sent: Lenient SPF filtering
Sender Policy   Framework (SPF) record is too lenient as to which domains are allowed to send email on the domain's behalf. This record should definitely not contain (+all) or (?all) mechanisms, as these allow any domain to send email posing as this domain. This record should preferably not use the (~all) mechanism, as this will still allow emails flagged as being from an invalid domain, but will still allow the message to be delivered. Best practice is to use (-all).
EXPECTED:
contains -all
FOUND:
contains ~all
DMARC not enabled
DMARC record is not present. This may allow spammers to send messages with forged addresses from this domain. The DNS record for the domain should be modified to include a DMARC record.
EXPECTED:
v=DMARC1...
FOUND:
[not set]

Open to MiM attacks DNSSec not set.  Also consider: https://dnsspy.io/scan/henna-boy.co.uk

Coming up as green here: https://www.phishcheck.me/146588/details
No issues here: http://www.isithacked.com/check/https%3A%2F%2Fwww.henna-boy.co.uk%2F

Low risk (one red out of 10 Netcraft risk-grade): https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.henna-boy.co.uk%2F

25 security related recommendations here: https://webhint.io/scanner/ab9875d5-fc48-479d-8185-7f6f6f5d4b79#Security

Wait for an avast team member here to give a final verdict and eventually unblock,
as we here are just volunteers with relative knowledge. One of them might be in after the week-end.

regards,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: November 24, 2018, 06:53:00 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Hennaboy

  • Newbie
  • *
  • Posts: 8
Re: Site Blocked - URL:Phishing
« Reply #56 on: November 25, 2018, 12:07:27 AM »
Hi Hennaboy,

Given green but with open cart recommendations:
https://webscan.foregenix.com/webscan_results.html?scanid=857b64dc_56ba_40d0_85a7_99341cd9f74b

The server sent a Server header, this may leak server technology and version information.
Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lmh7bm58LWJdeS5eXS51aw%3D%3D~enc
C-grade scan results here: https://observatory.mozilla.org/analyze/www.henna-boy.co.uk
E-mails can be fraudulently sent: Lenient SPF filtering
Sender Policy   Framework (SPF) record is too lenient as to which domains are allowed to send email on the domain's behalf. This record should definitely not contain (+all) or (?all) mechanisms, as these allow any domain to send email posing as this domain. This record should preferably not use the (~all) mechanism, as this will still allow emails flagged as being from an invalid domain, but will still allow the message to be delivered. Best practice is to use (-all).
EXPECTED:
contains -all
FOUND:
contains ~all
DMARC not enabled
DMARC record is not present. This may allow spammers to send messages with forged addresses from this domain. The DNS record for the domain should be modified to include a DMARC record.
EXPECTED:
v=DMARC1...
FOUND:
[not set]

Open to MiM attacks DNSSec not set.  Also consider: https://dnsspy.io/scan/henna-boy.co.uk

Coming up as green here: https://www.phishcheck.me/146588/details
No issues here: http://www.isithacked.com/check/https%3A%2F%2Fwww.henna-boy.co.uk%2F

Low risk (one red out of 10 Netcraft risk-grade): https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.henna-boy.co.uk%2F

25 security related recommendations here: https://webhint.io/scanner/ab9875d5-fc48-479d-8185-7f6f6f5d4b79#Security

Wait for an avast team member here to give a final verdict and eventually unblock,
as we here are just volunteers with relative knowledge. One of them might be in after the week-end.

regards,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Thanks but none of these point to the url phishing flagged which is a link back to the home page on the very same website. Just makes me think that this software is written by a bunch of 5yr olds.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33194
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #57 on: November 25, 2018, 02:38:33 PM »
Hi Henna-boy,

I haven't a clue what 5-years old may be  capable of doing with PHP-based software and jQuery on a website  ;). Either they have build it up from the ground or developed it as a drill-down.

Little old me just reported here for security weaknesses, I stumbled upon, and it is up to you to take this info into account or not or inform your hoster and/or web-admin of such facts. I from my side just thank avast webforums for creating a platform for me to do this.
If it helps just towards a slightly more secure website I am happy to do so.

Then again I am no clairvoyant and cannot say why avast should block the site and where they have based this blockage upon. You should hear that from the "zebra's mouth" as only avast team members could tell you and also inform you that they will unblock your site. Wait for one to appear after the week-end.

polonus (volunteer third party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline arpege92

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #58 on: November 25, 2018, 03:32:45 PM »
Hi,

Since a few days, Avast is bloquing the access to https://ing.ingdirect.es/pfm/#login/

Could you please see what is happening?

Thanks

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70583
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #59 on: November 25, 2018, 03:36:02 PM »
Win 8.1 [x64] - Avast PremSec 21.5.6346.B5i [UI.645] - EEK - Firefox ESR 78.11 [NS/uBO/PB] - TB 78.11
Avast-Tools: Secure Browser 91.0 - Cleanup 21.1 - SecureLine 5.12 - Driver Updater 21.1 - CCleaner 5.81
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0