Author Topic: Site Blocked - URL:Phishing  (Read 225013 times)

0 Members and 1 Guest are viewing this topic.

Offline paolorossi15

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #735 on: April 16, 2022, 03:37:51 PM »

Hi, thank you very much DavidR, I wrote, what could be the times for them to remove the block?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33627
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #736 on: April 16, 2022, 05:06:38 PM »
Hi paolorossi15,

Wait for a final verdict from avast team, as they are the only ones to come and unblock.
No issues here: https://quttera.com/detailed_report/eurekaddl.bid
But you connect out to an insecure munkhey dot com connection.
with info proliferation for the ratpacket.php file (with mail address given),
which file could be vulnerable to a Cloudflare small file download issue.
Ratpacker as a file is given as secure: https://webrate.org/site/ratpacker.com
Let them take that issue up with Cloudflare staff. That's all we know.

Bella Ciao,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: April 16, 2022, 05:10:48 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86654
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #737 on: April 16, 2022, 05:40:45 PM »

Hi, thank you very much DavidR, I wrote, what could be the times for them to remove the block?

You're welcome.
You should get a response in a day or two. Bearing in mind this is a (Easter) weekend, it may take a little longer.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RP Sistema

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #738 on: May 10, 2022, 10:59:17 PM »
Hello
Am developer from a company and one of our website is blacklisted
can someone tell me why and how to unblacklist please? those websites doesnt have potential risks!
already submit a form for false positive, but not answer yet

https://agendaweb.com.ar/

Thanks in avanced!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86654
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #739 on: May 10, 2022, 11:56:18 PM »
Please break active link to suspect site!

You can browse this topic and you will see many sites that you can check your site against.  Those trying to help in this topic are Avast Users and we get the information from those sites.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33627
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #740 on: May 12, 2022, 08:01:48 PM »
Wait for a final verdict from Avast  team as they are the only ones to come and unblock.
Vulnerabilities in existing webpage:
Quote
Retire.js
bootstrap   3.3.5   Found in -https://agendaweb.com.ar/artro/www/bootstrap/js/bootstrap.min.js _____Vulnerability info:
Medium   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   1
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   
Medium   XSS is possible in the data-target attribute. CVE-2016-10735   
jquery   1.10.2.min   Found in -https://agendaweb.com.ar/artro/www/bootstrap/js/jquery-1.10.2.min.js _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   

This could be meant as flagged: ONCLICK
/* button.btn btn-md btn-primary col-xs-12 col-sm-12 col-md-12 col-lg-12.onclick = */
ir('hxtps://agendaweb.com.ar/artro/');

polonus
« Last Edit: May 14, 2022, 01:15:31 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline fterrades

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #741 on: May 25, 2022, 11:41:36 AM »
Hello, our site https://digitalsignage.academy is blocked by Avast. We made a new website but the url seems to rest blocked. Can you help us? Thanks!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76181
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast PremSec 22.6.7355.BC [UI.713] - Firefox ESR 91.10 [NS/uBO/PB] - Thunderbird 91.10
Avast-Tools: Secure Browser 102.1 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33627
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #743 on: May 25, 2022, 04:56:04 PM »
A WordPress security scan does not render major problems, all plug-ins are latest versions.
User enumeration and directory listing are disabled. Latest version of CMS used.

But the issues and vulnerabilities seem to reside at where the website is being hosted:
https://www.shodan.io/host/92.205.6.170

So take this up with the hoster, then wait for a final verdict from avast team.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter).
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86654
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #744 on: May 28, 2022, 12:24:31 AM »
My website linkedup.me is getting a false positive (phishing) and my students and customers are having a lot of trouble! Why this is happening? I send a ticket via your website and I didn't have a response. I need a solution ASAP please!

Ismael.

Please break active link to suspect site!

-  Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Markus192

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #745 on: May 31, 2022, 11:33:01 AM »
Hi,

the url http://www.revosax.sachsen.de/Text.link?stid=30734 is blocked by avast - URL:phishing. The Website is part of the infrastructure of the federal state of Saxony, Germany, and run by the gouvernment. It most likely is not trying to phish. Could you please unblock it? Thanks!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76181
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #746 on: May 31, 2022, 11:36:51 AM »
Hi, you can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
W8.1 [x64] - Avast PremSec 22.6.7355.BC [UI.713] - Firefox ESR 91.10 [NS/uBO/PB] - Thunderbird 91.10
Avast-Tools: Secure Browser 102.1 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33627
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #747 on: June 01, 2022, 12:00:52 AM »
Some additional remark apart from the fact that the site might well be "above board" so to say.

In view of it being better to resolve directly to https-only,
certainly for "Staatsbetrieb Saechsische Informatik Dienste",
this site starts with http and it could be that redirection chain is bein flagged:

Quote
-http://www.revosax.sachsen.de/Text.link?stid=30734
-https://www.revosax.sachsen.de/Text.link?stid=30734
-http://www.revosax.sachsen.de/vorschrift/15101-EFRE-Technologiefoerderung-2014-bis-2020?follow_successor=no

VT gives the site the all green: https://www.virustotal.com/gui/url/7629ea8e80dd92079a93a4c9c533423b0c4f10fb4dba6262f05bcdac7113d4a5/details

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!