Author Topic: Site Blocked - URL:Phishing  (Read 115435 times)

0 Members and 1 Guest are viewing this topic.

Offline Emilio55

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #270 on: June 01, 2019, 01:41:16 AM »
Estimado Avast,

Tengo un sitio web seraser.pe, este sitio anteriormente estaba infectado con phishing pero hemos trabajo en limpiarlo, ahora escaneamos nuestros archivos y el resultado es favorable, no contamos con mas archivos infectados.
Pero el antivirus avast detecta nuestro sitio malicioso, http://prntscr.com/nw4h5o

Por favor deseamos saber porque, sudece esto.
Pensamos que podria ser que ustede no han actulizado su base de datos despues que nuestro sitio fue limpiado.
Por favor pedimos su ayuda.

Saludos

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83800
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #271 on: June 01, 2019, 03:20:03 AM »
Estimado Avast,

Tengo un sitio web seraser.pe, este sitio anteriormente estaba infectado con phishing pero hemos trabajo en limpiarlo, ahora escaneamos nuestros archivos y el resultado es favorable, no contamos con mas archivos infectados.
Pero el antivirus avast detecta nuestro sitio malicioso, http://prntscr.com/nw4h5o

Por favor deseamos saber porque, sudece esto.
Pensamos que podria ser que ustede no han actulizado su base de datos despues que nuestro sitio fue limpiado.
Por favor pedimos su ayuda.

Saludos

Have you actually submitted the URL to avast for analysis ?
If not use the report form.

¿Has enviado la URL a avast para su análisis?
Si no utiliza el formulario de informe.

https://www.avast.com/false-positive-file-form.php.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32702
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #272 on: June 01, 2019, 06:32:37 PM »
No detection here: https://www.virustotal.com/gui/url/ccec016a3c910bc2aac90f757d2a38fd4073baba197c4265d0f263f541f2da6a/detection
Cloudflare abuse? https://www.shodan.io/host/104.20.14.105
Re: https://www.abuseipdb.com/check/104.20.14.105
No content:
Quote
Content that was returned by your request for the URL: https://prntscr.com/nw4h5o
Note: Content displayed is from the redirect location, the URL https://prnt.sc/nw4h5o
Quote
1:  < html>
2:  < head> < title> 301 Moved Permanently< /title> < /head>
3:  < body bgcolor="white">
4:  < center> < h1> 301 Moved Permanently< /h1> < /center>
5:  < hr> < center> nginx< /center>
6:  < /body>
7:  < /html>
Advertencia Marked as phishing site..flagged https://sitecheck.sucuri.net/results/https/prntscr.com/nw4h5o

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #273 on: June 04, 2019, 05:00:42 AM »
Estimado Avast,

Tengo un sitio web seraser.pe, este sitio anteriormente estaba infectado con phishing pero hemos trabajo en limpiarlo, ahora escaneamos nuestros archivos y el resultado es favorable, no contamos con mas archivos infectados.
Pero el antivirus avast detecta nuestro sitio malicioso, http://prntscr.com/nw4h5o

Por favor deseamos saber porque, sudece esto.
Pensamos que podria ser que ustede no han actulizado su base de datos despues que nuestro sitio fue limpiado.
Por favor pedimos su ayuda.

Saludos

Detection was removed 03.06.2019 at 08:44 am

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.
With URLs this change should be instant, but it might take up to 24 hours with files.

Offline recordplay

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #274 on: June 04, 2019, 07:54:21 PM »
In the past week, every time I go to the web site studio51music.com I get blocked by Avast with the message, infected with URL:Phishing.  I know the site is good, I've talked with the owner and no one else has had any problems with it.  Can you please unblock?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83800
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #275 on: June 04, 2019, 08:35:33 PM »
In the past week, every time I go to the web site studio51music.com I get blocked by Avast with the message, infected with URL:Phishing.  I know the site is good, I've talked with the owner and no one else has had any problems with it.  Can you please unblock?

It would appear that it isn't only Avast that finds it suspect, McAfee  also.

https://sitecheck.sucuri.net/results/studio51music.com

I suggest that at the very least you use the https://www.avast.com/false-positive-file-form.php report form.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32702
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #276 on: June 04, 2019, 09:46:57 PM »
According to this scan the site is still PHISHING
https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c3R1I1tdNTFtdXNbXi5eXW0%3D~enc
vuln. jQuery libraries: https://retire.insecurity.today/#!/scan/5e2c3ba337c68a84c699f43e3737aa6ba2a35747d81b3d819f03e6387c58ea16
This seems OK: http://www.isithacked.com/check/studio51music.com
Site is blacklisted. Web authorities are blocking traffic because your website is unsafe for visitors.
DOM-XSS issues: Results from scanning URL: -http://studio51music.com/js/S51Content.js
Number of sources found: 263
Number of sinks found: 17
recommendations to improve website: https://webhint.io/scanner/9e2e97bc-9640-4ca8-af21-115ca2ad1496

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Guillaume B

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #277 on: June 05, 2019, 11:48:08 AM »
Hello,
My site www.my-skybar.com is blocked by Avast for a "URL:Phishing" reason. I don't understand since I developed it using embedded features of a big CMS, so I guess it is clean...

Based on what I read on this forum, I have just submitted it to Avast for false positive analysis. I double checked on sucuri as well and my site seems clean (minimal security risk).

Do I have anything more to do ?

Thank you for your help.
Best,
GB

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #278 on: June 06, 2019, 01:04:37 PM »
In the past week, every time I go to the web site studio51music.com I get blocked by Avast with the message, infected with URL:Phishing.  I know the site is good, I've talked with the owner and no one else has had any problems with it.  Can you please unblock?

Detection was removed 06.06.2019 at 05:38.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #279 on: June 06, 2019, 01:07:52 PM »
Hello,
My site www[.]my-skybar[.]com is blocked by Avast for a "URL:Phishing" reason. I don't understand since I developed it using embedded features of a big CMS, so I guess it is clean...

Based on what I read on this forum, I have just submitted it to Avast for false positive analysis. I double checked on sucuri as well and my site seems clean (minimal security risk).

Do I have anything more to do ?

Thank you for your help.
Best,
GB

Detection already removed 06.06.2019.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided URL is not detected by Avast anymore.
« Last Edit: June 06, 2019, 01:25:34 PM by jefferson sant »

Offline whil

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #280 on: June 11, 2019, 06:43:38 AM »
Hello,

I'm also having the same problem with a site I'm working on https://celebritypublishers.com. it is being blocked for "URL:Phishing", but it is a relatively new site and a clean install. I also tried to scan it thoroughly, this is clearly a false positive.

Thanks

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32702
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #281 on: June 11, 2019, 07:37:32 PM »
Hi whil,

Checking for cloaking
There is a difference of 1 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot.
This probably means some code is running on your site that's trying to hide from browsers
but make Google think there's something else on the page. show.
Quote
var tve_dash_front = {"ajaxurl":"-https:\/\/celebritypublishers.com\/wp-admin\/admin-ajax.php","force_ajax_send":"","is_crawler":""};
var tve_dash_front = {"ajaxurl":"-https:\/\/celebritypublishers.com\/wp-admin\/admin-ajax.php","force_ajax_send":"","is_crawler":"1"};

27 improvement suggestions, some security related: https://webhint.io/scanner/787f748a-b7e8-414d-9e54-73292270cab6

1 vuln. jQuery library detected: https://retire.insecurity.today/#!/scan/c2ac8916a761d187351573daca1c2b3c32273c7a59bef31962d47f758eafd297

Quite some vuln. on the Houston hoster, where you share your address with 137 others:
https://www.shodan.io/host/192.185.163.130  a.o. Exim smtpdVersion: 4.91 vuln. version, recently in the news,
hopefully they patched that server with F-grade scan results: https://observatory.mozilla.org/analyze/unifiedlayer.com

15 immediate potential threats: https://app.upguard.com/#/https://celebritypublishers.com

probably your detection is IP related (trojan finds): https://www.virustotal.com/gui/ip-address/192.185.163.130/relations

Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Abuse CC: OK
Dshield Blocklist: OK
Cisco Talos Blacklist: OK
Web Server:
nginx/1.15.10
X-Powered-By:
None
IP Address:
-192.185.163.130
Hosting Provider:
Unified Layer 
Shared Hosting:
138 sites found on 192.185.163.130

Protection Recommendations
Directory Listing is enabled on your site. This can lead to information leakage. We recommend disabling Directory Listing.
a.k.a.  Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/      enabled (should be set disabled)
/wp-content/plugins/      disabled

Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Check for latest updates: The following plugins were detected by reading the HTML source of the WordPress sites front page.

thrive-visual-editor   
google-analytics-for-wordpress   latest release (7.6.0)
https://www.monsterinsights.com/
the-grid   
gtranslate   latest release (2.8.47)
https://gtranslate.io/
smart-slider-3   latest release (3.3.20)
https://smartslider3.com/

Wait for an avast team member to give a final verdict, we are just volunteers with relevant expertise.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #282 on: June 11, 2019, 11:55:45 PM »
Hello,

I'm also having the same problem with a site I'm working on hxxps://celebritypublishers.com. it is being blocked for "URL:Phishing", but it is a relatively new site and a clean install. I also tried to scan it thoroughly, this is clearly a false positive.

Thanks

Detection was removed in the morning on 11.06.2019.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #283 on: June 12, 2019, 12:50:29 AM »
In the past week, every time I go to the web site studio51music.com I get blocked by Avast with the message, infected with URL:Phishing.  I know the site is good, I've talked with the owner and no one else has had any problems with it.  Can you please unblock?

Site continues to be classified by the plugin Avast Online Security (Phishing) should be cleaned by the owner who is saying that the site is good.

https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fstudio51music.com%2F&hl=en

https://www.phishtank.com/phish_detail.php?phish_id=6051287

When Google Safe Browsing report show up no unsafe content was found then avast can cleanup the reputation
use  https://www.avast.com/false-positive-file-form.php
« Last Edit: June 12, 2019, 12:56:29 AM by jefferson sant »

Offline Milin Shah

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #284 on: June 17, 2019, 02:13:46 PM »
Hello,

I have the same problem with my Website:
https://appraisermatch.com
Can you unlock URL?