Author Topic: Site Blocked - URL:Phishing  (Read 52447 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #105 on: January 03, 2019, 04:01:36 PM »
Hi arni.gx

This is "brandal" injection code, read background info-> https://gist.github.com/donnykurnia/2356dad4119ce85d18d18708914c60e3

ESET now also flags at VT: https://www.virustotal.com/pl/url/1a03f8b8845c617cc09bddb61be8e7ba6c58576aa9435a1cd4ce079ded8d27cb/analysis/

Blacklisted site: https://sitecheck.sucuri.net/results/p01.notifa.info

See the obfuscated code and what it injects here: http://ddecode.com/hexdecoder/?results=8d7ce702e150b7b84926e9b0a929022c
going to and considering: https://urlscan.io/result/283f261b-8f3c-481c-9618-efc9c1d9b207/content/
IP also seen as PHISHING thrice: https://checkphish.ai/ip/118.97.116.2

Seen: 3 times in last 30 days

ASN: AS17974

ISP: TELKOMNET-AS2-AP PT Telekomunikasi Indonesia

Selamat Tahun Baru 2019,

polonus  (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline arni.gx

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #106 on: January 03, 2019, 05:38:38 PM »
Hi arni.gx

This is "brandal" injection code, read background info-> https://gist.github.com/donnykurnia/2356dad4119ce85d18d18708914c60e3

ESET now also flags at VT: https://www.virustotal.com/pl/url/1a03f8b8845c617cc09bddb61be8e7ba6c58576aa9435a1cd4ce079ded8d27cb/analysis/

Blacklisted site: https://sitecheck.sucuri.net/results/p01.notifa.info

See the obfuscated code and what it injects here: http://ddecode.com/hexdecoder/?results=8d7ce702e150b7b84926e9b0a929022c
going to and considering: https://urlscan.io/result/283f261b-8f3c-481c-9618-efc9c1d9b207/content/
IP also seen as PHISHING thrice: https://checkphish.ai/ip/118.97.116.2

Seen: 3 times in last 30 days

ASN: AS17974

ISP: TELKOMNET-AS2-AP PT Telekomunikasi Indonesia

Selamat Tahun Baru 2019,

polonus  (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

so, how to block those ip address in avast firewall or avast antivirus free ??

because everytime iam open firefox or chrome, those phising alarm still there....
« Last Edit: January 03, 2019, 10:46:05 PM by arni.gx »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60630
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #107 on: January 04, 2019, 10:26:40 AM »
Start a new topic and post your logs there: https://forum.avast.com/index.php?action=post;board=4
Instructions (basic diagnostic logs): https://forum.avast.com/index.php?topic=194892.0
Win 8.1 [x64] - Avast PremSec 19.8.2391.B#3 - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline dzenan2

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #108 on: January 15, 2019, 09:05:13 AM »
Hello,

My site empanda.info is blocked for phishing and I believe it is a false positive.
Do I report issue here or there is another place to do it?
Other malware check tools report no malware:
http://urlquery.net/report/48cf3e86-8984-45d6-bf65-c47c4980446b
https://sitecheck.sucuri.net/results/https/empanda.info

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2076
Re: Site Blocked - URL:Phishing
« Reply #109 on: January 15, 2019, 09:11:51 AM »
Hello,
the best way to report it is https://www.avast.com/false-positive-file-form.php

Milos

Offline dzenan2

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #110 on: January 15, 2019, 09:32:52 AM »
Thank you Milos. I reported the issue. Any idea how fast I could expect reaction? I have clients depending on the resources from the web application at this location. This situation is most unfortunate.
Best
« Last Edit: January 15, 2019, 09:38:20 AM by dzenan2 »

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2076
Re: Site Blocked - URL:Phishing
« Reply #111 on: January 15, 2019, 10:22:35 AM »
IIRC less in 24 hours.

Milos

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #112 on: January 15, 2019, 04:20:58 PM »
Witam zdenan2,

Re: https://urlquery.net/report/9eaae1b3-3c05-4895-8795-46570da46c2c
No retirable code detected. That is OK.

The website is still accessible over http is the main threat here.
Interference from -http://jingaster.host/index.php?a=stats&u=christalhargrove
& -http://jacknichlson.mihanblog.com/post/5/
as
Quote
<meta http-equiv="REFRESH" content="0;url=httxs://www.empanda.info/Members/Default.aspx" />
This all via http - on https 0 sinks and 0 sources for DOM-XSS vulnerabilities.

F-grade results here: https://observatory.mozilla.org/analyze/www.empanda.info
A mere 6 hints here: https://webhint.io/scanner/3d2d065a-5769-45dd-9b1a-7b66fa86b28a#Security
12 security issues: https://webscan.upguard.com/#/https://www.empanda.info

pozdravi,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: January 15, 2019, 04:23:53 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline JewelsR

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #113 on: January 26, 2019, 03:36:12 AM »
I am having the same issue on fortwayneppd.org.  I can't get in to work on the website or even see it.  We had a phishing issue, but scorch-earthed the site and put in some heavy software to keep out spammers.  Is there a way to get my website off the blacklist?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60630
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #114 on: January 26, 2019, 05:17:44 AM »
Win 8.1 [x64] - Avast PremSec 19.8.2391.B#3 - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31659
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #115 on: January 26, 2019, 01:44:24 PM »
Hi  JewelsR,

Start with updating your PHP version (Outdated and therefore vulnerable), then try to get rid of McAfee's blacklisting.
Start to use best policies: 82 hints -> https://webhint.io/scanner/5a1ff50f-c40a-4f40-8d12-c3192dde6ecb
of which 30 security related: https://webhint.io/scanner/5a1ff50f-c40a-4f40-8d12-c3192dde6ecb#Security

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline spgopinath18

  • Newbie
  • *
  • Posts: 4
Re: Site Blocked - URL:Phishing
« Reply #116 on: January 29, 2019, 04:59:26 PM »
Hello, I'm having problems with my website (http://www.learninfinity.info/), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36033
Re: Site Blocked - URL:Phishing
« Reply #117 on: January 29, 2019, 05:05:36 PM »
Hello, I'm having problems with my website (http://www.learninfinity.info/), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.
What attachment popup ?

This is what TrendMicro say > Sites whose addresses have been found in spam messages


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php



« Last Edit: January 30, 2019, 05:39:22 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3607
Re: Site Blocked - URL:Phishing
« Reply #118 on: January 29, 2019, 06:04:54 PM »
Hello, I'm having problems with my website (http://www.learninfinity.info/), whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears.
What attachment popup ?
Maybe my screenshots can help.
 ;)
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.8.0[NS,ABP,AOS], TB 60.6.1, MCS, CC 5.60, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline AstucesWordpress

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #119 on: January 30, 2019, 03:41:32 PM »
I also have a problem with Avast and my website : https://www.astuceswordpress.fr  :'(

URL:pishing with my favicon (https://www.astuceswordpress.fr/favicon.ico) detected by Avast