Author Topic: Site Blocked - URL:Phishing  (Read 101751 times)

0 Members and 2 Guests are viewing this topic.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 64704
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.4.2409.B#4 [UI.520] - CC 5.65 - EEK - FF ESR 68.8 [NS/AOS/uBO/PB] - TB 68.8.1 - ASB/ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32441
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #496 on: March 04, 2020, 11:54:39 AM »
Witam JohnnyKR,

Website has outdated software: PHP under 7.3.12
Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK
Web Server:
Apache
X-Powered-By:
PHP/7.3.0
IP Address:
62.212.65.74
Hosting Provider:
LeaseWeb Netherlands B.V.
Shared Hosting:
500 sites found on 62.212.65.74

Security score -3 grade: https://webcookies.org/cookies/felgimomo.pl/29216505?423410

Consider these security recommendations found through linting:
https://webhint.io/scanner/de02d35a-2f34-432a-9169-70ab088d5d8a#category-security

Consider also the hosting at linuxpl dot com here: hxtp://s99.linuxpl.com/  connection insecure...

Wait for a final verdict from an avast team member as they are to only ones to come and unblock,
report website to them here: https://www.avast.com/false-positive-file-form.php

pozdrawiam,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6772
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #497 on: March 06, 2020, 12:42:46 AM »
Hello, could you please clear hxxps://felgimomo.pl domain? I have cleaned up the server, virus total shows everything is fine: https://www.virustotal.com/gui/url/cc03c709144d61a7c845956e847251070b0eb6bdc45ae2597f17c5bad7b63194/detection but Avast still marks the domain as phishing

Detection was removed 05.03.2020 at 10:54 AM.It will continue to be blocked by the Avast Online Security plugin due to this

https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Ffelgimomo.pl%2F&hl=en

Quote from: Avast
Our virus specialists have been working on this problem and they informed me that this detection is correct.

Offline Banu3

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #498 on: March 11, 2020, 08:01:57 AM »
Hello i have the same problem with my Website:
https://www.weddingsutra.com/
Please can you unlock URL?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 64704
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.4.2409.B#4 [UI.520] - CC 5.65 - EEK - FF ESR 68.8 [NS/AOS/uBO/PB] - TB 68.8.1 - ASB/ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline xin7

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #500 on: March 11, 2020, 11:49:55 AM »
hello,
i have a website: https://naptien.shopgiatot.net/
my website meet url phishing and avast auto block.
but i scan on https://sitecheck.sucuri.net/results/naptien.shopgiatot.net
that it's ok.
how can i do.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36637
Re: Site Blocked - URL:Phishing
« Reply #501 on: March 11, 2020, 12:02:29 PM »
Report a false positive (select file or website)

Click this link >>  https://www.avast.com/false-positive-file-form.php



« Last Edit: March 11, 2020, 12:04:31 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32441
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #502 on: March 11, 2020, 01:32:42 PM »
Retirable jQuery library:
Quote
jquery   1.12.4   Found in htxps://naptien.shopgiatot.net/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

IP related detections (not your website/domain): https://www.virustotal.com/gui/ip-address/104.28.13.105/relations
-> CloudFlare abuse? see vulnerabilities on host: https://www.shodan.io/host/104.28.13.105

Hints found by linting: https://webhint.io/scanner/4fe90925-70c0-456c-84f4-08757b813ad3

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6772
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #503 on: March 12, 2020, 03:26:08 AM »
Detection was removed 11.03.2020

weddingsutra.com and  naptien.shopgiatot.net is not blocked by Avast

Quote from: Avast
The provided URL doesn't seem to be detected by Avast. Could you please send us a screenshot of the detection message you're getting? https://support.avast.com/en-ww/article/100/

Offline richdad.tx

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #504 on: March 20, 2020, 10:49:01 AM »
Hello,

I'm having problems with my website (evippay[dot]com), whenever I try to access it from any computer that has Avast installed it does not allow access. I do not understand why my website blocked by Avast.

Please help me check and unlock

Thanks

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83031
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #505 on: March 20, 2020, 11:00:36 AM »
<snip>
I'm having problems with my website (evippay[dot]com), whenever I try to access it from any computer that has Avast installed it does not allow access. I do not understand why my website blocked by Avast.
<snip>

As mentioned a few posts above yours, report it directly to Avast.
https://sitecheck.sucuri.net/results/evippay.com

Report a false positive (select file or website)

Click this link >>  https://www.avast.com/false-positive-file-form.php
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32441
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #506 on: March 20, 2020, 01:12:26 PM »
Howdy richdad.tx,

Do as DavidR says and wait for a final verdict from avast's.

But on the other hand that pay-site could well do better where website security is being concerned.

That particular IP is not being flagged, but likewise addresses from the same IP are:
https://www.virustotal.com/gui/ip-address/45.32.133.30/relations

See various hints to get that website somewhat more secure:
https://webhint.io/scanner/ab8cd1c0-a875-43d4-81a7-65012ba92c82#category-security

Retirable JQuery libraries detected
Quote
bootstrap   3.3.5   Found in -https://evippay.com/catalog/view/javascript/bootstrap/js/bootstrap.min.js
Vulnerability info:
High   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   
jquery   2.1.1.min   Found in -https://evippay.com/catalog/view/theme/journal3/lib/jquery/jquery-2.1.1.min.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

Gets a -2 security score here: https://webcookies.org/cookies/evippay.com/29958976?542440
No CSP implementation, whatsoever, and that for an online payment site  ???

See for the known vulnerablities at the hosting party: https://www.shodan.io/host/45.32.133.30

Have a nice day,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline richdad.tx

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #507 on: March 22, 2020, 10:47:16 AM »
Howdy richdad.tx,

Do as DavidR says and wait for a final verdict from avast's.

But on the other hand that pay-site could well do better where website security is being concerned.

That particular IP is not being flagged, but likewise addresses from the same IP are:
https://www.virustotal.com/gui/ip-address/45.32.133.30/relations

See various hints to get that website somewhat more secure:
https://webhint.io/scanner/ab8cd1c0-a875-43d4-81a7-65012ba92c82#category-security

Retirable JQuery libraries detected
Quote
bootstrap   3.3.5   Found in -https://evippay.com/catalog/view/javascript/bootstrap/js/bootstrap.min.js
Vulnerability info:
High   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   
jquery   2.1.1.min   Found in -https://evippay.com/catalog/view/theme/journal3/lib/jquery/jquery-2.1.1.min.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

Gets a -2 security score here: https://webcookies.org/cookies/evippay.com/29958976?542440
No CSP implementation, whatsoever, and that for an online payment site  ???

See for the known vulnerablities at the hosting party: https://www.shodan.io/host/45.32.133.30

Have a nice day,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Thank you for your information , i make new domain and fix it , Someone is trying to put my website on a blacklist at new domain directpay[dot]vip. Help me remove it on blacklist and how to make my website not in blacklist ? It is affecting my work

Thank you


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32441
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #508 on: March 22, 2020, 12:57:21 PM »
Hi richdad.txt,

Report the abuse to your hosting parties, and when they do not act let your website host somewhere else.
It is a free world, and you should not keep up with such abuse.  Or take a dedicated IP address.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83031
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #509 on: March 22, 2020, 06:18:54 PM »
@ richdad.tx
You're new site is in an even worse state, with more scanners blacklisting it and it is also considered a Critical Security Risk:
https://sitecheck.sucuri.net/results/directpay.vip

I would hazard a guess that the things found by Polonus on the other domain are likely to be replicated with this domain.
This would appear to be the case: https://webhint.io/scanner/f7699e7d-410a-47b2-8fd6-349ab43e2b05
« Last Edit: March 22, 2020, 06:22:15 PM by DavidR »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro