Site Blocked - URL:Phishing

[rfontes]

Hello, I'm having problems with my website (www.jetfilm.com.br), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.

Excludes all content from the domain (folders / files) and the site is still blocked. Before that I asked Avast support to put the site on the false positive list and the response was as follows: "Detection is correct and will be maintained." That is, it is still being accused as a phishing site.

[LukasJ]

Hi,
URL block was disabled.

Lukas

[rfontes]

Hello, the URL is still blocked by Avast. Please, could Avast's analysis lab give me more information about my case, if it is a file or form of the site that is causing the problem of "Phishing"?

[rfontes]

Hello LukasJ, the URL is unlocked, thank you! Is there still a possibility that the URL will be blocked or the Avast lab made a mistake?

[LukasJ]

This URL block was based on phishing feeds eight months ago.
Of course, if there will be malicious content in the site, then the site will be blocked again.

[sissi fanelli]

Hi,
I too have the same problem with my site: genesisconsulting.it
despite the RADICAL renewal effort of the website (deletion of all the old server and database folders), it continues to be blocked on all the computers on which the Avast (Internet Security) antivirus has been installed. . In fact, the loading of the pages of the site is automatically canceled and the following message appears as a pop-up ("URL-infected connection: Phishing") --> see Attachment

I have done other research on the most important blacklist sites, but this domain is NOT absolutely infected!
How can I unlock the website to delete these incorrect reports?

[bauerj]

Hi,
Thank You for reporting. I removed genesisconsulting[.]it from our blacklist. We are sorry for any inconvenience You may have experienced.
Jirka

[educateurs]

hello i have the same problem with my Website:
http://www.st-antoine-ste-sophie.fr
Can you unlock URL?

[Asyn]

-> https://sitecheck.sucuri.net/results/www.st-antoine-ste-sophie.fr/
-> http://labs.sucuri.net/db/malware/spam-seo.spammy_keywords?1.158

[polonus]

As Asyn stated spammy looking link there:
A link with funky anchor text? Yes there is. affirmed:

<a style="color: #000000" href="htxp://edmedforsale.com">generic viagra</a>  in line 362 of the website code
-> https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LnN0LXxudF1bbnstc3R7LXNdcGhbey5mfQ%3D%3D~enc

3 vulnerable jQuery libraries flagged: https://retire.insecurity.today/#!/scan/a74fec90c9c30e12fad38114dcb4e5c009d4fc1fbe0e90734f7a0498280c9461

Web rep OK - Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
Apache
X-Powered-By:
None
IP Address:
213.186.33.50
Hosting Provider:
OVH SAS 
Shared Hosting:
20511 sites found on 213.186.33.50

Multiple PHP vulnerabilities: https://www.cvedetails.com/version/194835/PHP-PHP-5.4.45.html

Word Press CMS - Site is Outdated
(using WordPress version from source: 4.2.21)

Warning on configuration: Directory Indexing Enabled

In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Not observed: https://urlscan.io/domain/www.st-antoine-ste-sophie.fr  (Is there something hosted on this domain?).

polonus (volunteer website security analyst and website error-hunter)

[savcin]

URL detection disabled.

[JoJa15]

My site https://warbrokers[.]io is also blocked. I did a URL scan and nothing is wrong with it:
https://sitecheck.sucuri.net/results/warbrokers.io

Can you please unblock it?

How do these things happen also? Does someone need to report the site or does it get caught up in automated detection?

[polonus]

Only hick-up I see there is for

www.googletagmanager.com/gtm.js?id=GTM-MPHTW35 benign
[nothing detected] (element) -www.googletagmanager.com/gtm.js?id=GTM-MPHTW35
     status: (referer=-www.google-analytics.com/)saved 93124 bytes d535765a4a69fc481830680d0fca6e66da01685f
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: d535765a4a69fc481830680d0fca6e66da01685f: 93124 bytes
     file: e0cdc6fc6cf34166af42a4c766ecc265a08a3cf0: 93370 bytes
     file: ae87146e8240a533ad6f2d7f6dbbbae90abc1e93: 93376 bytes
     file: f30e864604f4ddebdcccaa703029008d6e20332f: 93585 bytes
     file: c122d8be06c7ef5e9af3a08cb6a59ab2e0f0ac34: 93777 bytes
     file: 3f0b9cad1c1856ebf81276a6c3f2c6a96070707f: 93491 bytes
     file: bbd1d90f184e60d65e057de0a26f4eb677f7bf2e: 93615 bytes

&

-www.google-analytics.com/static/js/index.min.js (not a vulnerable library)...
     info: [decodingLevel=0] found JavaScript
     error: undefined variable f 

That's all -> https://urlquery.net/report/dbb091bd-f423-4ec5-8254-c032c4dfa70a   (no alerts)
Also consider scan results here: https://sitecheck.sucuri.net/results/www.googletagmanager.com#

polonus (volunteer website security analyst and website error-hunter)

[JoJa15]

Hi Polonus,

Thank you for the response. So based on what you showed the site shouldn't be blocked for URL:Phishing right?

Do you know how sites end up getting caught as false positive for something like this? Is it some accidental auto thing or is someone being malicious against my site and reporting it when it is fine?

Thank you for your help and your response.

Best Regards,
JoJa15

[HonzaZ]

Hi,
warbrokers[.]io doesn't seem to be blocked now – if you still have trouble accessing it, please let us know.