Author Topic: Site Blocked - URL:Phishing (Read 83381 times)

rfontes · « **on:** April 18, 2018, 06:52:23 PM »

Hello, I'm having problems with my website (www.jetfilm.com.br), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.

Excludes all content from the domain (folders / files) and the site is still blocked. Before that I asked Avast support to put the site on the false positive list and the response was as follows: "Detection is correct and will be maintained." That is, it is still being accused as a phishing site.

LukasJ · « **Reply #1 on:** April 18, 2018, 08:00:39 PM »

Hi,
URL block was disabled.

Lukas

rfontes · « **Reply #2 on:** April 18, 2018, 08:11:21 PM »

Hello, the URL is still blocked by Avast. Please, could Avast's analysis lab give me more information about my case, if it is a file or form of the site that is causing the problem of "Phishing"?

rfontes · « **Reply #3 on:** April 18, 2018, 08:42:15 PM »

Hello LukasJ, the URL is unlocked, thank you! Is there still a possibility that the URL will be blocked or the Avast lab made a mistake?

LukasJ · « **Reply #4 on:** April 18, 2018, 10:33:54 PM »

This URL block was based on phishing feeds eight months ago.
Of course, if there will be malicious content in the site, then the site will be blocked again.

sissi fanelli · « **Reply #5 on:** June 04, 2018, 11:58:51 PM »

Hi,
I too have the same problem with my site: genesisconsulting.it
despite the RADICAL renewal effort of the website (deletion of all the old server and database folders), it continues to be blocked on all the computers on which the Avast (Internet Security) antivirus has been installed. . In fact, the loading of the pages of the site is automatically canceled and the following message appears as a pop-up ("URL-infected connection: Phishing") --> see Attachment

I have done other research on the most important blacklist sites, but this domain is NOT absolutely infected!
How can I unlock the website to delete these incorrect reports?

bauerj · « **Reply #6 on:** June 05, 2018, 09:01:49 AM »

Hi,
Thank You for reporting. I removed genesisconsulting[.]it from our blacklist. We are sorry for any inconvenience You may have experienced.
Jirka

educateurs · « **Reply #7 on:** August 27, 2018, 09:44:10 AM »

hello i have the same problem with my Website:
http://www.st-antoine-ste-sophie.fr
Can you unlock URL?

Asyn · « **Reply #8 on:** August 27, 2018, 09:51:16 AM »

-> https://sitecheck.sucuri.net/results/www.st-antoine-ste-sophie.fr/
-> http://labs.sucuri.net/db/malware/spam-seo.spammy_keywords?1.158

polonus · « **Reply #9 on:** August 27, 2018, 06:19:53 PM »

As Asyn stated spammy looking link there:
A link with funky anchor text? Yes there is. affirmed:

<a style="color: #000000" href="htxp://edmedforsale.com">generic viagra</a> in line 362 of the website code
-> https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LnN0LXxudF1bbnstc3R7LXNdcGhbey5mfQ%3D%3D~enc

3 vulnerable jQuery libraries flagged: https://retire.insecurity.today/#!/scan/a74fec90c9c30e12fad38114dcb4e5c009d4fc1fbe0e90734f7a0498280c9461

Web rep OK - Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
Apache
X-Powered-By:
None
IP Address:
213.186.33.50
Hosting Provider:
OVH SAS
Shared Hosting:
20511 sites found on 213.186.33.50

Multiple PHP vulnerabilities: https://www.cvedetails.com/version/194835/PHP-PHP-5.4.45.html

Word Press CMS - Site is Outdated
(using WordPress version from source: 4.2.21)

Warning on configuration: Directory Indexing Enabled

In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Not observed: https://urlscan.io/domain/www.st-antoine-ste-sophie.fr (Is there something hosted on this domain?).

polonus (volunteer website security analyst and website error-hunter)

savcin · « **Reply #10 on:** August 28, 2018, 10:26:26 AM »

URL detection disabled.

JoJa15 · « **Reply #11 on:** September 02, 2018, 07:57:41 AM »

My site https://warbrokers[.]io is also blocked. I did a URL scan and nothing is wrong with it:
https://sitecheck.sucuri.net/results/warbrokers.io

Can you please unblock it?

How do these things happen also? Does someone need to report the site or does it get caught up in automated detection?

polonus · « **Reply #12 on:** September 02, 2018, 03:08:50 PM »

Only hick-up I see there is for

Quote

www.googletagmanager.com/gtm.js?id=GTM-MPHTW35 benign
[nothing detected] (element) -www.googletagmanager.com/gtm.js?id=GTM-MPHTW35
status: (referer=-www.google-analytics.com/)saved 93124 bytes d535765a4a69fc481830680d0fca6e66da01685f
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
file: d535765a4a69fc481830680d0fca6e66da01685f: 93124 bytes
file: e0cdc6fc6cf34166af42a4c766ecc265a08a3cf0: 93370 bytes
file: ae87146e8240a533ad6f2d7f6dbbbae90abc1e93: 93376 bytes
file: f30e864604f4ddebdcccaa703029008d6e20332f: 93585 bytes
file: c122d8be06c7ef5e9af3a08cb6a59ab2e0f0ac34: 93777 bytes
file: 3f0b9cad1c1856ebf81276a6c3f2c6a96070707f: 93491 bytes
file: bbd1d90f184e60d65e057de0a26f4eb677f7bf2e: 93615 bytes

&

Quote

-www.google-analytics.com/static/js/index.min.js (not a vulnerable library)...
info: [decodingLevel=0] found JavaScript
error: undefined variable f

That's all -> https://urlquery.net/report/dbb091bd-f423-4ec5-8254-c032c4dfa70a (no alerts)
Also consider scan results here: https://sitecheck.sucuri.net/results/www.googletagmanager.com#

polonus (volunteer website security analyst and website error-hunter)

JoJa15 · « **Reply #13 on:** September 03, 2018, 01:07:12 AM »

Hi Polonus,

Thank you for the response. So based on what you showed the site shouldn't be blocked for URL:Phishing right?

Do you know how sites end up getting caught as false positive for something like this? Is it some accidental auto thing or is someone being malicious against my site and reporting it when it is fine?

Thank you for your help and your response.

Best Regards,
JoJa15

HonzaZ · « **Reply #14 on:** September 03, 2018, 07:54:56 AM »

Hi,
warbrokers[.]io doesn't seem to be blocked now – if you still have trouble accessing it, please let us know.

Author Topic: Site Blocked - URL:Phishing (Read 83381 times)

rfontes

Site Blocked - URL:Phishing

LukasJ

Re: Site Blocked - URL:Phishing

rfontes

Re: Site Blocked - URL:Phishing

rfontes

Re: Site Blocked - URL:Phishing

LukasJ

Re: Site Blocked - URL:Phishing

sissi fanelli

Re: Site Blocked - URL:Phishing

bauerj

Re: Site Blocked - URL:Phishing

educateurs

Re: Site Blocked - URL:Phishing

Asyn

Re: Site Blocked - URL:Phishing

polonus

Re: Site Blocked - URL:Phishing

savcin

Re: Site Blocked - URL:Phishing

JoJa15

Re: Site Blocked - URL:Phishing

polonus

Re: Site Blocked - URL:Phishing

JoJa15

Re: Site Blocked - URL:Phishing

HonzaZ

Re: Site Blocked - URL:Phishing