Author Topic: Site Blocked - URL:Phishing  (Read 109720 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32605
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #540 on: June 19, 2020, 12:23:05 AM »
2 engines detect this here: https://www.virustotal.com/gui/url/15f856199512ada1d3b1a0110730d22fef94ceb086d302598e30c4ca57483a82/details

Insecure hosting on IP 87.76.23.83 -> Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell -nexcess.net to fix it.

 All trackers
At least 1 third parties know you are on this webpage.

-obpuk1-05.nexcess.net -obpuk1-05.nexcess.net

 Tracker could be tracking safely if this site was secure.

Webpage kicking up a 400 Bad Request error!

Problem with SSL, a problem with the SSL prevented the page from being retrieved!
Server certificate is issued for different domain(s) and does NOT cover -thekeoghpractice.ie!
Server certificate does NOT cover both domains with and without www.

See: https://sitereport.netcraft.com/?url=http%3A%2F%2Fwww.thekeoghpractice.ie

Wait for a final verdict from an avast team member, as they are the only ones to come and unblock.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jnli931008

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #541 on: June 22, 2020, 01:53:33 AM »
I also have this issue whit my domain which is demo.rla-latamvirtual.com.. i don't know why is this happening please help cause i am doing a virtual event and many people can not get into de web page

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 65942
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.6.2420.BUC [UI.544] - CC 5.68 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32605
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #543 on: June 22, 2020, 02:43:16 PM »
Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=I3ttXS59bHwtbHx0fG12W310dXxsLl5dbQ%3D%3D~enc

You should take this up with GoDaddy's -
Quote

1:  < !DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2:  < html> < head>
3:  < title> 403 Forbidden< /title>
4:  < /head> < body>
5:  < h1> Forbidden< /h1>
6:  < p> You don't have permission to access this resource.< /p>
7:  < p> Additionally, a 403 Forbidden
8:  error was encountered while trying to use an ErrorDocument to handle the request.< /p>
9:  < /body> < /html>


Avast flags the site as with PHISHING.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Amesimeku

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #544 on: July 16, 2020, 03:32:55 PM »
Hello i have the same problem!! My website https://crowdmagna.com/ is being blocked but i have scanned it thoroughly and there is no phishing links!! Kindly assist me by removing it from your list for me.
« Last Edit: July 16, 2020, 03:37:47 PM by Amesimeku »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 65942
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.6.2420.BUC [UI.544] - CC 5.68 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83519
  • No support PMs thanks
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32605
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #547 on: July 17, 2020, 12:27:00 AM »
Site can be reached for some scanners. Hosted @ 45.133.200.3 that is from -cpanel-host.prohoster.info
Quote
<html><head><META HTTP-EQUIV="Cache-control" CONTENT="no-cache"><META HTTP-EQUIV="refresh" CONTENT="0;URL=/cgi-sys/defaultwebpage.cgi"></head><body></body></html>

The problem is there and you should take it up with the hoster, MBAM also flags:
Website blocked due to trojan
We strongly recommend you do not visit this site.
Website blocked: hxtp://cpanel-host.prohoster.info/

DOM-XSS issues: Results from scanning URL: -https://crowdmagna.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Number of sources found: 41
Number of sinks found: 17
&
Results from scanning URL: -https://crowdmagna.com/wp-content/plugins/wp-fundraising-donation/assets/public/script/single-page/jquery.magnific-popup.min.js?ver=1.1.16
Number of sources found: 13
Number of sinks found: 18

SERVER DETAILS
Web Server:
nginx
IP Address:
-45.133.200.3
Hosting Provider:
INTERNET-IT, NL
Shared Hosting:
65 sites found (use Reverse IP to download list)
Title:
Index of /wp-includes

DShield    CLEAN
AlienVault OTX      CLEAN
Cisco Talos    CLEAN
abuse.ch (Feodo)    CLEAN
URLhaus    CLEAN
Spamhaus (Drop / eDrop)    CLEAN

0 issues found during a high level analysis at a 3rd party word press security scan.

Wait for a final verdict from an avast team member, as they are the only ones to come and unblock,
or establish we deal with a genuine trojan detection.

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mgnplay1

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #548 on: July 30, 2020, 01:30:16 AM »
Hi Avast.
I have this website , activegear2go.com, that has been flagged as phishing. The hosting company, bluehost, informed me numerous times the site is ok. I cannot use it due to aborting mechanism built in your code.
Please help me get control over the website.
Thank you.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83519
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #549 on: July 30, 2020, 02:35:49 AM »
Hi Avast.
I have this website , activegear2go.com, that has been flagged as phishing. The hosting company, bluehost, informed me numerous times the site is ok. I cannot use it due to aborting mechanism built in your code.
Please help me get control over the website.
Thank you.



It isn't just avast that considers it suspect https://sitecheck.sucuri.net/results/activegear2go.com
Also see https://webhint.io/scanner/46ed5c96-c13e-4b30-b775-8b6410d8d471 for other things that may need to be addressed.

Outside of that - You can use the Reporting Possible False Positive on Website - https://www.avast.com/false-positive-file-form.php form.
That will get a review, but no guarantee that it would be removed as there is some vulnerable software on that site which could place it at risk.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32605
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #550 on: July 30, 2020, 12:32:07 PM »
There are also problems with the security of the Word Press CMS.
Set user enumeration and directory listing on disabled.
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mgnplay1

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #551 on: July 31, 2020, 04:06:17 AM »
Hi Avast.
I have this website , activegear2go.com, that has been flagged as phishing. The hosting company, bluehost, informed me numerous times the site is ok. I cannot use it due to aborting mechanism built in your code.
Please help me get control over the website.
Thank you.



It isn't just avast that considers it suspect https://sitecheck.sucuri.net/results/activegear2go.com
Also see https://webhint.io/scanner/46ed5c96-c13e-4b30-b775-8b6410d8d471 for other things that may need to be addressed.

Outside of that - You can use the Reporting Possible False Positive on Website - https://www.avast.com/false-positive-file-form.php form.
That will get a review, but no guarantee that it would be removed as there is some vulnerable software on that site which could place it at risk.

Hi,

Thanks for your quick response. I replaced all the wordpres files with good ones . I checked the links and in the first one, only McAfee finds an issue with the site and in regards to the second link , i don't know what to make of it. Can you help me understand what is relevant to my problem?
Thank you in advance.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83519
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #552 on: July 31, 2020, 10:26:49 AM »
Hi,

Thanks for your quick response. I replaced all the wordpres files with good ones . I checked the links and in the first one, only McAfee finds an issue with the site and in regards to the second link , i don't know what to make of it. Can you help me understand what is relevant to my problem?
Thank you in advance.

As for "Replacing the wordpress files with good ones," I'm not entirely sure what you mean by that. What needs to be done is to ensure that you have the latest wordpress version installed on your website as older versions are vulnerable to attack.

The first link is just to confirm Avast isn't alone in blocking the site and you would also have to try and get that cleared also.

The second link shows details of what areas (in particularly related to security) it didn't do well in.  That would have to be taken up with whomever built the site or help from your Hosting service.  I'm sorry, this isn't something that I can help with, nor something that we undertake in the forums.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32605
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #553 on: July 31, 2020, 01:08:55 PM »
Hi mgnplay1,

Still 2 issues
Issues found during a high level analysis of the target site. It is recommended that further active scanning be undertaken for a more accurate assessment.
Scan can be performed here: https://hackertarget.com/wordpress-security-scan/  then you could see issues for yourself.

1. User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.

Username   Name
ID: 1   not found   
ID: 2   admin1   admin1
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

2. Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

Path Tested   Status
/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Linked sites OK - javascript resources also OK.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline avast686

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #554 on: August 03, 2020, 10:40:35 PM »
The AVAST WebShield is also blocking the Centurylink webmail link at https://webmail.centurylink.net/mail#1;

I have verified a number of times by disabling the web shield and the site loads.  If enabled, the site does not load.

I have verified this issue on several workstations and with several Centurylink accounts.  Can you remove this URL from the block list?

The notification at the time of the blocked site URL load was that the site was blocked: PHISHING.