Author Topic: Site Blocked - URL:Phishing  (Read 59905 times)

0 Members and 2 Guests are viewing this topic.

Offline Fernando427

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #90 on: December 18, 2018, 10:16:16 PM »
Please remove my site http://orquidea.trensu.com from url:phishing mode. The site is clean but blocked by avast

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3921
Re: Site Blocked - URL:Phishing
« Reply #91 on: December 18, 2018, 10:37:57 PM »
Hi, I can't reach my website - www.moloneyarchitects.com.au. Avast is giving the following message. "We've safely aborted connection on www.moloneyarchitects.com.au because it was infected with URL:Phishing".
Maybe my screenshot helps a little bit?

Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11)|
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3|
FFesr 60.9.0[NS,ABP,AOS],TB 60.6.1,MCS,CC 5.63,MBAM,MBAE,ASB 77.1, FW (W7+XP): CIS 3.14[FW,D+], AV (W7+XP): Avast Free 2015.10.4.2233|

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31765
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #92 on: December 18, 2018, 11:10:46 PM »
Hi Fernando427,

Critical Zoom vulnerability allows series of malicious actions.
Site came under webapp attack via net/intrusion/via controlled grecaptcha/different versions of captcha displayed, see:
https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=XX1xdVsje3wudH17bnN1Ll5dbWA%3D~enc

Mick40,

Confirmed at https://phishcheck.me submitted we get:
Quote
{"sid": 159075, "is_success": true}

polonus
« Last Edit: December 18, 2018, 11:18:54 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3921
Re: Site Blocked - URL:Phishing
« Reply #93 on: December 18, 2018, 11:41:34 PM »
Hi pol,

Thanks for your help.

Merry Xmas and a happy new 2019!

=Snake=
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11)|
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3|
FFesr 60.9.0[NS,ABP,AOS],TB 60.6.1,MCS,CC 5.63,MBAM,MBAE,ASB 77.1, FW (W7+XP): CIS 3.14[FW,D+], AV (W7+XP): Avast Free 2015.10.4.2233|

Offline brandonfarrell2743

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #94 on: December 19, 2018, 06:04:34 AM »
Hello,

My site acataactivewear.com is blocked for phishing and I believe it is a false positive.
I have reported the issue, but am looking for insight.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61134
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5396
  • Spartan Warrior
Windows 10 Home 64-bit 1809 Avast Premier Security version 19.8.2393 (build 19.8.4793.541) UI version 1.0.415.  Current version is back to Avast Internet Security.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31765
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #97 on: December 19, 2018, 12:09:51 PM »
Hi brandonfarrall2743,

Susceptible to man-in-the-middle attacks
SSL not available
Vulnerabilities can be uncovered more easily
X-Powered-By header exposed
Vulnerable to cross-site attacks
HttpOnly cookies not used
Emails can be fraudulently sent
SPF not enabled

207 recommendations: https://webhint.io/scanner/cb185613-eaea-4da6-90ed-5e840fecea56

You return a 301 error.
shotify spamvertiser eralier detected?...redirecting -
Quote
Server IP(s):
0.0.0.0 -> https://www.abuseipdb.com/check/23.227.38.32  also involved in ransomeware abuse.
Confidence of Abuse is 36%: -> https://cymon.io/23.227.38.32
=========================
HTTP headers:

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 19 Dec 2018 10:58:16 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Sorting-Hat-PodId: 99
X-Sorting-Hat-PodId-Cached: 0
X-Sorting-Hat-ShopId: 10704453732
X-Sorting-Hat-PrivacyLevel: default
X-Sorting-Hat-FeatureSet: default
X-Sorting-Hat-Section: pod
X-Sorting-Hat-ShopId-Cached: 0
X-Frame-Options: DENY
X-ShopId: 10704453732
X-ShardId: 99
Content-Language: en
Location:- https://acataactivewear.com/
X-Request-Id: a3b7f046-591a-410e-8ce7-a41dd10bb672
X-Shopify-Stage: production
Content-Security-Policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=a3b7f046-591a-410e-8ce7-a41dd10bb672
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=a3b7f046-591a-410e-8ce7-a41dd10bb672
X-Dc: ash,gcp-us-east1
X-Content-Type-Options: nosniff

=========================
Server IP(s):
0.0.0.0

=========================
HTTP headers:

GET / HTTP/1.0
Host: -acataactivewear.com:443
User-Agent: Mozilla/7.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.2) Gecko/20010726 Netscape/7.0
Referer: -http://acataactivewear.com
Accept-Encoding: gzip
Given as benign here: https://zulu.zscaler.com/submission/6ce47014-588d-4631-a589-007197a00e70

Wait for an avast team member to give a final verdict, we are just volunteers here with relative knowledge,
but only avast team members can come and unblock.

polonus (volunteer website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline rubistyle

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #98 on: December 21, 2018, 04:27:52 PM »
Hi there, my website www.rubistyle.com has been blocked for phishing but is scanning clean by sucuri so I believe this to be flasely flagged. Can this be unblocked asap please as it is seriously affecting my business. Much appreciated, thank you!

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36147
Re: Site Blocked - URL:Phishing
« Reply #99 on: December 21, 2018, 04:47:54 PM »
Hi there, my website www.rubistyle.com has been blocked for phishing but is scanning clean by sucuri so I believe this to be flasely flagged. Can this be unblocked asap please as it is seriously affecting my business. Much appreciated, thank you!
have you reported it to avast lab ?

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


Something you may fix  >>  https://retire.insecurity.today/#!/scan/0e71eb1533b0dea67791e2117c34849715a2c2166ec520e73071f5350826f631


« Last Edit: December 21, 2018, 04:53:42 PM by Pondus »
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31765
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #100 on: December 21, 2018, 05:35:05 PM »
There is more, some 388 recommendations to improve the website: https://webhint.io/scanner/7d891db1-49ef-4da0-97ba-495a34e186d6  and also including 57 security hints: https://webhint.io/scanner/7d891db1-49ef-4da0-97ba-495a34e186d6#Security

Outdated plug-ins: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

wp-super-cache 1.4.9   latest release (1.6.4) Update required
https://wordpress.org/plugins/wp-super-cache/
flo-shortcodes   
contact-form-7-datepicker 2.6.0   latest release (2.6.0)
https://github.com/relu/contact-form-7-datepicker/
recent-facebook-posts 2.0.3   latest release (2.0.13) Update required
https://dannyvankooten.com/donate/
sb-popular-posts-tabbed-widget   latest release (1.1)
http://scottbolinger.com/
contact-form-7 5.0.4   latest release (5.1.1) Update required
https://contactform7.com/
flo-instagram 1.4.6   latest release (1.4.6)
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

Warning  User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   Amy French   amy-french
2   tandrewlynd   tandrewlynd
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ln11YltzdHlsey5eXW0%3D~enc

IP is part of a PHISH: https://checkphish.ai/ip/77.104.133.125

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline LukasJ

  • Avast team
  • Jr. Member
  • *
  • Posts: 74
Re: Site Blocked - URL:Phishing
« Reply #101 on: December 21, 2018, 06:54:55 PM »
Hey guys,
sites acataactivewear and rubistyle.com were unblocked.

Regards
Lukas

Offline Alex840

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #102 on: January 03, 2019, 11:55:33 AM »
Hello! Avast blocks the connection to the telegra.ph site, as it is infected with the URL ^ Phishing. How to solve this problem? What can be wrong?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61134
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #103 on: January 03, 2019, 12:03:56 PM »
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline arni.gx

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #104 on: January 03, 2019, 02:58:42 PM »
since yesterday, i have got this .....



...... are those false alarms, or what ?? :(

and how to fix those malware?
« Last Edit: January 03, 2019, 03:00:16 PM by arni.gx »