Author Topic: Site Blocked - URL:Phishing  (Read 48690 times)

0 Members and 2 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31628
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #315 on: July 17, 2019, 12:25:08 PM »
Wait for a final verdict from an avast team member as they are the only ones that can come and unblock.

Flagged was a detected hidden CSS declaration as suspicious, but the reason for avast detection might be other abuse on that IP,
so you should ask for a domain exclusion as you share that IP with 30 others.

It is not flagged at zulu zscaler nor at Virus Total,
but the IP has been reported for various abuse:
see: https://www.abuseipdb.com/check/74.208.156.171
Quote
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Abuse CC: OK
Dshield Blocklist: OK
Cisco Talos Blacklist: OK
Web Server:
nginx
X-Powered-By:
PleskLin
IP Address:
-74.208.156.171
Hosting Provider:
1&1 Internet SE 
Shared Hosting:
30 sites found on -74.208.156.171

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2072
Re: Site Blocked - URL:Phishing
« Reply #316 on: July 18, 2019, 01:29:11 PM »
Hello,

I had this type of problem on this Nigerian news site some long time ago and all I did was to fix the infected file everything becomes fine but on https://morningmail.com.ng, even after moving every file from the server, Avast is still blocking every URL for "URL phishing", please can anyone advise on how to fix this? It is really giving me serious concern.
Hello,
report it through https://www.avast.com/false-positive-file-form.php

Milos

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6153
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #317 on: July 19, 2019, 02:49:07 AM »
Hello,

We have the same problem with our Website:
hxxp://congresoaapresid.org.ar
Can you unlock URL?

Thank you so much!

Detection was removed on 18.07.2019 at 15:47 PM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

Offline bogdan64

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #318 on: July 19, 2019, 11:46:15 AM »
Hello,

My site (http://www.automate-nova.ro/) still apears as blocked for URL:Phising  although the site was cleaned. Please help me with this situation.

Thank you.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31628
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #319 on: July 19, 2019, 12:10:58 PM »
Site was blacklisted because of PHISHING at
location: -https://automate-nova.ro/app/access

Both McAfee and Norton have it blacklisted. Whether the PHISH is still actual, is for an avast team member to decide,
we here are just volunteers with relative knowledge, but cannot come and unblock.
So wait for a final verdict.
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bogdan64

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #320 on: July 19, 2019, 12:29:35 PM »
Is there a way to request a reevaluation of the website?

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35971
Re: Site Blocked - URL:Phishing
« Reply #321 on: July 19, 2019, 12:32:17 PM »
« Last Edit: July 19, 2019, 01:06:37 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Nicolas285

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #322 on: August 02, 2019, 02:53:32 PM »

My site www.elembudoweb.com.ar is blocked by Avast. It informs me that it is a url pishing. I did several analyzes and did not detect any anomaly.

I enclose the tests performed.

https://www.virustotal.com/gui/url/ae43eeb8f36e57f02813753c16d34f68ecfb924d0fc80799617e2d240671ad5c/detection

https://sitecheck.sucuri.net/results/elembudoweb.com.ar

Can you  help me?

Thanks

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35971
Re: Site Blocked - URL:Phishing
« Reply #323 on: August 02, 2019, 03:24:32 PM »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6153
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #324 on: August 02, 2019, 03:34:14 PM »
Hello,

My site (hxxp://www.automate-nova.ro/) still apears as blocked for URL:Phising  although the site was cleaned. Please help me with this situation.

Thank you.

Detection was cleared on 02.08.2019 at 10:09 AM.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.

Offline Nicolas285

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #325 on: August 02, 2019, 04:15:15 PM »

I had already informed him but he was still the same. Mysteriously I just received an email and it was fixed. Thank you!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31628
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #326 on: August 02, 2019, 05:27:49 PM »
Some recommendations for the site-developer/maintainer
Retire.js
bootstrap   3.3.2   Found in http://www.automate-nova.ro/static/js/bootstrap.min.js
Vulnerability info:
High   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042

Javascript errors: Bootstrap's JavaScript requires jQuery
 /static/js/bootstrap.min.js:11

ReferenceError: jQuery is not defined
 /static/js/responsiveslides.min.js:8

ReferenceError: $ is not defined
 /static/js/main.js:1

linting results: https://webhint.io/scanner/a8d79c0d-2107-49f9-ac99-601801225df3  - 126 recommendations.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline AbhiWebSoft

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #327 on: August 13, 2019, 08:59:06 PM »
Sir, i can't find any phishing or malware in my website www.nirmalateacherstrainingcollege.com. Why you have blocked my website in your antivirus, kindly remove from your phishing URL list, Thanks.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81801
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #328 on: August 13, 2019, 09:35:19 PM »
Sir, i can't find any phishing or malware in my website www.nirmalateacherstrainingcollege.com. Why you have blocked my website in your antivirus, kindly remove from your phishing URL list, Thanks.

As mentioned several times in this topic, your starting point really should be:
Quote
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.494)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31628
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #329 on: August 14, 2019, 08:03:12 AM »
Older McAfee blacklisting, 0-iFrame - <iframe style="border: 0;" src="-htxps://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3597.0374821073747!2d81.38312911501839!3d25.63688148369367!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xb83364cc3c64920b!2sNirmala+Teachers+Training+College!5e0!3m2!1sen!2sin!4v1531576938119" width="400" height="300" frameborder="0" allowfullscreen="allowfullscreen"></iframe> when social button OK.
Not only avast detect, also Bitdefender & Fortinet's (spam):
https://www.virustotal.com/gui/url/a1e1cdf4e0b7175bf1a8149ee56fab265120532bc4ec6c94dac2da0a0c8c23f2/detection

Wait for a final verdict from an avast team member as the only ones to come and unblock.
Detection probably because of IP abuse: https://www.virustotal.com/gui/ip-address/173.208.173.98/details

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!