Author Topic: Site Blocked - URL:Phishing  (Read 115140 times)

0 Members and 3 Guests are viewing this topic.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36752
Re: Site Blocked - URL:Phishing
« Reply #555 on: August 03, 2020, 10:50:15 PM »
Report a false positive (select file or website)

Click this link  >>  https://www.avast.com/false-positive-file-form.php




Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83791
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #556 on: August 03, 2020, 11:23:21 PM »
@ avast686
This check considers it a medium security risk, which could potentially lead to hacking, etc.
https://sitecheck.sucuri.net/results/centurylink.net
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline michael.ting

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #557 on: September 07, 2020, 04:02:44 AM »
hello i have the same problem with my Website:
hxtp://www.zotech.com.tw
I restored and scanned the system, no problems were found
Can you unlock URL?
« Last Edit: September 07, 2020, 11:12:49 AM by Milos »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66854
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #558 on: September 07, 2020, 06:22:23 AM »
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #559 on: September 07, 2020, 02:09:10 PM »
Hi michael.ting,

As you can see from Asyn's reply, your PHP software version is outdated.
Word Press version also is not the latest!

1 vulnerable retirable jQuery library became detected: https://retire.insecurity.today/#!/scan/b96d312272294991fe23d99dd1b3b709c8be1ac24a3c968840da133d7e951e72
See: https://www.shodan.io/host/104.28.26.118

Recommendation to improve website and website's security:
https://webhint.io/scanner/87b441a9-ec50-49ca-8656-3f5d31b47b9c

Wait for a final verdict from avast team, as they are the only ones to come and unblock.
We here are just volunteers with relative knowledge.

Important is you had the all green from here:
DShield    CLEAN
AlienVault OTX      CLEAN
Cisco Talos    CLEAN
abuse.ch (Feodo)    CLEAN
URLhaus    CLEAN
Spamhaus (Drop / eDrop)    CLEAN

So report here: https://www.avast.com/false-positive-file-form.php

Nice greetings to you in Taiwan, keep safe and secure online and offline,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: September 07, 2020, 02:37:41 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline alikerembalkas

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #560 on: September 10, 2020, 01:15:52 PM »
Hi

my website has been blocked by you. Please unblock because my website is OK

www.performancebilisim.com

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66854
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #562 on: September 10, 2020, 02:16:30 PM »
As Asyn showed a Joomla Security Scan produced two major issues with outdated software.
A serious malware threat is also WARNING: PHP 5.6.40 is end of life (no updates).

The template (theme) has been found by examining the path /templates/ *template name* /

dd_engineer_99 1.0   -http://diablodesign.eu
While other addons get a lot of attention when it comes to security vulnerabilities, templates are another source of security vulnerabilities within Joomla installations, always keep them updated to the latest version available and check the developers page for information about security related updates and fixes.

The template listed here is the active template found in the HTML source of the page. It is recommended to remove all unused templates and other code to minimise the attack surface of the Joomla installation.

See some improvement recommendations here: https://webhint.io/scanner/09fb24e5-daac-4308-87ac-3e3c0f6f74a4

49 hints so that is a reasonable amount, also F-Grade scan results here:
https://observatory.mozilla.org/analyze/www.performancebilisim.com

Also consider the vulnerabilities by the hoster where you share your IP with some 500 other domains:
https://www.shodan.io/host/78.31.67.89

The avast detection was probably IP related:
Re: https://ip-46.com/78.31.67.89   and  https://censys.io/ipv4/78.31.67.89  and  https://checkphish.ai/ip/78.31.67.89

CVE-2018-15919   Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
CVE-2017-15906   The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

Wait for a final verdict by an avast team member, as they are the only ones to come and unblock.
We here are just volunteers with relative knowledge about website security intelligence.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: September 10, 2020, 03:48:01 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline WK_schnarfl

  • Jr. Member
  • **
  • Posts: 24
Re: Site Blocked - URL:Phishing
« Reply #563 on: September 13, 2020, 07:11:10 AM »
I am sorry if I put my question into the wrong Topic, as there is no instruction on how to do that correctly,
but here goes:

Avast Premium Security warned me that the usual URL I use to sign into my bank account is
having a problem with  HTML:PhishingBank-Cog [Phish].
The URL is  https://www.onlinebanking.pnc.com/alservlet/EnrollmentInitServlet
Other info:
Browser   C:Program Files\Mozilla Firefox\firefox.exe
Web Shield   
Connection aborted   
An alternative URL there is
https://www.onlinebanking.pnc.com/alservlet/OnlineBankingServlet#

I call customer service at PNC  (A bank located in Pittsburgh, Pennsylvania, USA, with the
general URL  www.pnc.com) and they don't know a thing about it. I can't sign in, can't look at my account
can't pay my bills, or the credit card.  That's a problem.
   
Question:   Is it possible for Avast to determine whether this is a real banking trojan or a false positive? 

Note: Avast scan itself does not find anything on my local computer.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66854
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline j.gibbs2010

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #565 on: September 13, 2020, 08:29:07 AM »
been using this exact website for weeks now and then all of a sudden this morning avast is giving me the threat detected phishing:url warning and canceling my connection.

https://app.uniswap.org/#/swap?inputCurrency=ETH&outputCurrency=0xf911a7ec46a2c6fa49193212fe4a2a9b95851c27
tried different browsers and even when i open up a tab that i was using yesterday the same phishing warning comes up??
is this a false positive ?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #566 on: September 13, 2020, 12:31:23 PM »
Hi j.gibbs2010,

Clean MX is the only engine to flag htxps://app.uniswap.org/  or the link you forwarded as with PHISHING.
Re: https://www.virustotal.com/gui/url/5b20346afda2521e88d0512f6f0ed53d2c1fed6dcedad310c68f74779127c77e/detection

See associated malware via relations on IP: https://www.virustotal.com/gui/ip-address/104.18.64.168/relations
Probably this detection on IP played a role to flag it: https://otx.alienvault.com/indicator/domain/prostovpn.org

While not more engines are to flag this website address (uri), it well could be a false positive.
So wait for a final verdict from an avast team member, as they are the only ones to come and unblock.
We are just volunteers with relative knowledge in the field of website security intelligence.

However there is some DOM-XSS issues on that domain: Results from scanning URL:
-https://app.uniswap.org/static/js/4.0b6f6ccc.chunk.js
Number of sources found: 375
Number of sinks found: 111
&
Results from scanning URL: -https://app.uniswap.org/static/js/4.0b6f6ccc.chunk.js
Number of sources found: 375
Number of sinks found: 111

hxtps://app.uniswap.org
Detected libraries:
No vulnerable libraries found

Scanner output:
Scanning -https://app.uniswap.org ...
Script loaded: -https://app.uniswap.org/static/js/main.ae1ba38b.chunk.js
Script loaded: -https://app.uniswap.org/static/js/4.0b6f6ccc.chunk.js
Status: success

Just wait over the week-end to get an avast reaction,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #567 on: September 13, 2020, 01:06:29 PM »
Website has outdated Word Press CMS and lacks hardening measures, but according to Virus Total it is not flagged:
https://www.virustotal.com/gui/url/8ce255baa56782630f8cd8ba4766e4e0bd48acd56df0e0c27bfc81762d32c823/detection

Re: https://sitecheck.sucuri.net/results/https/chevallier.biz/coronavirus-censure-des-declarations-du-pr-luc-montagnier-sur-thana-tv/

Site not found with malware, but MBAM extension blocks it
Website blocked due
to possible suspicious activity
We strongly recommend you do not visit this site.

Website blocked: -https://chevallier.biz/coronavirus-censure-des-declarations-du-pr-luc-montagnier-sur-thana-tv/
Probably because of this https://host.io/chevallier.biz  (Can anybody confirm this? pol)
There is a backlink there that is blocked in the same manner by MBAM-beta extension as with suspicious activity:
We strongly recommend you do not visit this site.
Website blocked: htxp://ismeaa.com/

1 vulnerable jQuery librarie to retire: https://retire.insecurity.today/#!/scan/5be51750f227654e29a8d203583c76fbde2b15d88f092f4a817aee635f5938a1

Is this a FP or just a way to block clickbait?

polonus
« Last Edit: September 13, 2020, 01:19:49 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Janet112

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #568 on: September 14, 2020, 02:02:55 AM »
As of yesterday I am having the exact same problem with the same site as WK_schnarfl, except that I tried on Chrome and Bing browsers. I have used the site for years without any issue. Trying to find any information about this issue is extremely difficult. Surely there are many people who bank with PNC who suddenly cannot log on. What steps should I take to regain access to my bank account?

 
I am sorry if I put my question into the wrong Topic, as there is no instruction on how to do that correctly,
but here goes:

Avast Premium Security warned me that the usual URL I use to sign into my bank account is
having a problem with  HTML:PhishingBank-Cog [Phish].
The URL is  https://www.onlinebanking.pnc.com/alservlet/EnrollmentInitServlet
Other info:
Browser   C:Program Files\Mozilla Firefox\firefox.exe
Web Shield   
Connection aborted   
An alternative URL there is
https://www.onlinebanking.pnc.com/alservlet/OnlineBankingServlet#

I call customer service at PNC  (A bank located in Pittsburgh, Pennsylvania, USA, with the
general URL  www.pnc.com) and they don't know a thing about it. I can't sign in, can't look at my account
can't pay my bills, or the credit card.  That's a problem.
   
Question:   Is it possible for Avast to determine whether this is a real banking trojan or a false positive? 

Note: Avast scan itself does not find anything on my local computer.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83791
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #569 on: September 14, 2020, 02:37:08 AM »
Use the link given by Asyn above.

<snip>
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro