Author Topic: Site Blocked - URL:Phishing  (Read 225001 times)

0 Members and 3 Guests are viewing this topic.

Offline lukacsrob

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #720 on: February 18, 2022, 12:51:37 PM »
Avast antivirus threat is reported at https://ecl.hu/.  The website is ours, we removed the hacking attempt last month and it is now secure, but it still indicates a threat. We would like to request a solution to the problem.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76181
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast PremSec 22.6.7355.BC [UI.713] - Firefox ESR 91.10 [NS/uBO/PB] - Thunderbird 91.10
Avast-Tools: Secure Browser 102.1 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline lukacsrob

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #722 on: March 03, 2022, 03:20:49 PM »
Avast is still reporting a virus, please remove it from the database. Virustotal.com still says that G-Data is reporting a virus, but G-data has already told us that:
The submitted URL is currently not blocked by our software anymore.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37181
Re: Site Blocked - URL:Phishing
« Reply #723 on: March 03, 2022, 03:24:25 PM »
Quote
Virustotal.com still says that G-Data is reporting a virus,
No it is not ... always refresh for a fresh result


https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438



Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33627
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #724 on: March 03, 2022, 05:15:02 PM »
The website has various security issues, that should be tackled a.s.a.p.
Word Press CMS version is outdated: 4.9.19

User enumeration is left as enabled for user, download-directory listing has been left as enabled.

The following plugins were detected by reading the HTML source of the WordPress sites front page.

Plugin   Update Status   About
contact-form-7 5.0.5   Warning   latest release (5.5.6)
https://contactform7.com/
supportcandy 1.1.4   Warning   latest release (2.3.0)
https://wordpress.org/plugins/supportcandy/
event-geek 2.5.2    Unknown   
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

There are likely more plugins installed than those listed here as the detection method used here is passive. While these results give an indication of the status of plugin updates, a more comprehensive assessment should be undertaken by brute forcing the plugin paths  using a dedicated tool.

Here the website has been qualified as potentially suspicious and has blacklisted links: https://quttera.com/detailed_report/ecl.hu

Libraries to be retired:
Quote
bootstrap   3.3.7   Found in -https://ecl.hu/wp-content/themes/graphene/bootstrap/js/bootstrap.min.js?ver=2018.09.01 _____Vulnerability info:
Medium   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   
Medium   XSS is possible in the data-target attribute. CVE-2016-10735   
jquery   1.12.4   Found in -https://ecl.hu/wp-includes/js/jquery/jquery.js?ver=1.12.4 _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   1234
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   1
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   1

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: March 03, 2022, 06:29:12 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline thao_legend

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #725 on: March 04, 2022, 05:43:45 AM »
I hope avast considers removing the phishing warning from the website : energized.pro
this is just a website that provides a filter to block ads on the browser, no problem at all
thanks

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 47146
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Site Blocked - URL:Phishing
« Reply #726 on: March 04, 2022, 02:07:53 PM »
I hope avast considers removing the phishing warning from the website : energized.pro
this is just a website that provides a filter to block ads on the browser, no problem at all
thanks
Follow the advice offered here:
https://forum.avast.com/index.php?topic=218384.msg1676256#msg1676256
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 22.5, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33627
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #727 on: March 04, 2022, 06:53:46 PM »
What is being pinged from this website?
-energized.pro, -watchdog.energized.pro, -browser.net, -(maxt)icons8.com, -opencollective.com,
-paypalobjects.com, -shields.io, -img.shield.io
Site also has raw http headers. Site does not have cloaking, different status codes, spammy looking links, iframes, and is not being blacklisted.

Follow bob3160's advice.
Then wait for a final verdict from avast team.
This as they are the only ones to come and unblock.

We here are just volunteers with relative knowledge.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline charles.jaw

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #728 on: March 15, 2022, 01:19:25 PM »
Our website(hxtps://headlineforce.com) had been hacking last month, and we already fixed it. But it still repored as a threat. Can you help unlock the website?
« Last Edit: April 11, 2022, 07:45:35 AM by Milos »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76181
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast PremSec 22.6.7355.BC [UI.713] - Firefox ESR 91.10 [NS/uBO/PB] - Thunderbird 91.10
Avast-Tools: Secure Browser 102.1 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline pascal.luescher

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #730 on: March 17, 2022, 12:08:56 PM »
Hello our site hxtps://my.bpw.ch is blocked for phishing but we have no idea why.
both sitecheck and wirustotal show no malware. can you unblock it please?
« Last Edit: April 11, 2022, 07:45:25 AM by Milos »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76181
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #731 on: March 17, 2022, 12:14:47 PM »
Hi, you can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
W8.1 [x64] - Avast PremSec 22.6.7355.BC [UI.713] - Firefox ESR 91.10 [NS/uBO/PB] - Thunderbird 91.10
Avast-Tools: Secure Browser 102.1 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33627
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #732 on: March 17, 2022, 01:08:08 PM »
Only external link that could have come blocked is to -cdn.jsdelivr.net
No particulars here:
https://quttera.com/detailed_report/my.bpw.ch  * https://www.shodan.io/host/51.103.140.125

Wait for a final verdict from avast team, as they are the only ones to come and unblock.
We here are just volunteers with relative knowledge,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline paolorossi15

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #733 on: April 16, 2022, 03:17:06 PM »
Hello, please forgive me for the inconvenience.
Unfortunately, the access by users to the eurekaddl.bid site is blocked due to the presence of URL: TechScan
I believe it may be a false positive because I have tried all the Wordpress security plugins and none of them have found such a threat:
https://i.postimg.cc/C1QPPcMD/Screenshot-1.png
Also, I tried to scan it with Virustototal and it doesn't detect any threats:
https://www.virustotal.com/gui/url/adff3abba0d1d394b57a50dc01873a39c10322bda6435a6cfcbd5e625fbf7c13?nocache=1
Same thing for Google Safe Browsing:
https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Feurekaddl.bid
Please help me solve this problem.
Thanks for your kindness and understanding, best regards

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86652
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #734 on: April 16, 2022, 03:31:36 PM »
Use the link posted in Reply #731 (quoted below) to report it.

Hi, you can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security