Author Topic: Site Blocked - URL:Phishing  (Read 114356 times)

0 Members and 2 Guests are viewing this topic.

Offline Lycurgue

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #465 on: December 08, 2019, 04:31:51 PM »
Hi,

Is it possible not to blocked Microsoft Academic for phishing ?
It is a false positive I think.

Thanks
« Last Edit: December 09, 2019, 01:38:53 AM by Lycurgue »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83751
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #466 on: December 08, 2019, 07:20:07 PM »
Hi,

Is it possible not to blocked hxxps://academic.microsoft.com for phishing ?
It is a false positive I think.

Thanks

There appears to be a redirect going on from that page, whether it is legit is the question.
See attached images.

Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.

Please modify your post to break the live link to what is (currently) a suspect link.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32688
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #467 on: December 08, 2019, 07:56:51 PM »
Consider detections for that IP: https://www.virustotal.com/gui/ip-address/13.107.246.10/relations
Also the security implications of this scan: https://webcookies.org/cookies/academic.microsoft.com/28731043?840701

No base-uri allows attackers to inject base tags which override the base URI to an attacker-controlled origin.
Set to 'none' unless you need to handle tricky relative URLs scheme.

The page loads 3 third-party JavaScript files and 6 CSS,
but does not employ Sub-Resource Integrity to prevent breach if a third-party CDN is compromised

But wait for an avast team member to give a final verdict as they are the only ones to come and unblock.
We here are just volunteers with relative knowledge.

Here website is not flagged either: https://sitecheck.sucuri.net/results/https/academic.microsoft.com

Maybe this is the info flagged: "This site uses cookies for analytics, personalized content and ads.
By continuing to browse this site, you agree to this use".

polonus (volunteer 3rd party cold reconnaissance website security anlalyst and website error-hunter)
« Last Edit: December 08, 2019, 09:59:38 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lycurgue

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #468 on: December 09, 2019, 09:32:04 AM »
@polonus

Hi,

Thanks for the details. But, can you tell me what the following message means:

Quote
Set to 'none' unless you need to handle tricky relative URLs scheme.

What do I have to set to non ?

Thanks

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32688
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #469 on: December 09, 2019, 01:09:08 PM »
Hi Lycurgue,

This is all about security header settings to better protect the website.

No Content Security Policy found or implemented unsafely. See rported in the scan results here:
https://webcookies.org/cookies/academic.microsoft.com/28731043?840701

'no base URI (no resource in the file system containing the query), settings are too easy for a scraper to scrape all of the site.
Content Security Policy setting - Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

See D-status here: https://observatory.mozilla.org/analyze/academic.microsoft.com
CSP - Content Security Policy (CSP) implemented unsafely.

This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src.

Looking for help, scan here, as again Google is your best friend in this respect:
https://csp-evaluator.withgoogle.com/?csp=https://academic.microsoft.com (credits go to:  Lukasz Weichselbaum)

On Microsoft Azure as hosting organization: https://www.shodan.io/host/13.107.246.10

And see what was found on IP relations qua detections:
https://www.virustotal.com/gui/ip-address/13.107.246.10/relations

yours respectfully,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #470 on: December 10, 2019, 02:14:42 PM »
Hi,

Is it possible not to blocked Microsoft Academic for phishing ?
It is a false positive I think.

Thanks

Detection was removed in 10.12.2019 at 06:38 AM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

« Last Edit: December 10, 2019, 02:19:45 PM by jefferson sant »

Offline grimaldi.j

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #471 on: December 10, 2019, 02:23:35 PM »
I'm having issues with my website https://truenorthdroneservices.com/ getting reports of phishing scam with Avast & AVG users.  I've been on multiple times and have run every scan imaginable showing my site is clean but the issues still persist.  I'm seeing something called URL block that needs to be disabled on my site.  Please Help! 

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66723
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.8.2427.B#2 [UI.560] - CC 5.71 - EEK - FF ESR 68.12 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32688
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #473 on: December 11, 2019, 01:52:28 PM »
Vuln. libraries: https://retire.insecurity.today/#!/scan/c402bd832bfb421ea391a1c839552bc3af364ddd8be6811d5951a4b68a74e470
Netcraft Risk status 1 red out of 10: https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Ftruenorthdroneservices.com%2F
Not being flagged here: https://www.virustotal.com/gui/ip-address/146.66.109.198/relations
Word Press CMS version does not seem to be the latest, update.
24 hints found through linting: https://webhint.io/scanner/95db2f63-07ef-4323-a9cc-71adc252897d

Strange here we get hosted in Bulgaria: https://www.shodan.io/host/146.66.109.198
Here we get inside USA, Clark Str. , Chicago -> https://dazzlepod.com/ip/?ip_address=146.66.109.198

Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell -truenorthdroneservices.com to fix it.

 All trackers
At least 4 third parties know you are on this webpage.

-truenorthdroneservices.com truenorthdroneservices.com
 -Google
 -static.kuula.io
 -Google

Retirable jQuery library detected:
Quote
jquery   1.12.4   Found in -https://truenorthdroneservices.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   -
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   -
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

Wait for a final verdict from an avast team member as they are the only ones to come and unblock.
It appears to me the site is not being blocked by avast's at all.

polonus (3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline informatique.omf

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #474 on: December 12, 2019, 03:45:54 PM »
Hello ,
We have a problem with our site www.o-sge.com, it does not appear on computers that have avast installed, and it shows us a phishing problem.
Apparently our site is save on your blacklist.
Thank you for unlocking us

Our website: www.o-sge.com

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: Site Blocked - URL:Phishing
« Reply #475 on: December 12, 2019, 03:55:48 PM »
Hello ,
We have a problem with our site www.o-sge.com, it does not appear on computers that have avast installed, and it shows us a phishing problem.
Apparently our site is save on your blacklist.
Thank you for unlocking us

Our website: www.o-sge.com
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php




Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32688
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #476 on: December 12, 2019, 05:14:30 PM »
33 instances of malware there: https://quttera.com/detailed_report/www.o-sge.com
Severity:   Malicious
Reason:   Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details:   Detected malicious inserted JavaScript code

WordPress CMS version outdated - update a.s.a.p.

Oudated plug-in detected: WordPress Plugins

The following plugins were detected by reading the HTML source of the WordPress sites front page.
   elementor 2.7.2   latest release (2.8.1)
https://elementor.com/
   CuteSlider    
   revslider    

Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

There are likely more plugins installed than those listed here as the detection method used here is passive. While these results give an indication of the status of plugin updates, a more comprehensive assessment should be undertaken by brute forcing the plugin paths using a dedicated tool.

Misconfigurations
User Enumeration

  The first two user ID's were tested to determine if user enumeration is possible.
ID   User   Login
1   None    osge
2   None    manager

It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Only the first two user ID's were tested with this scan, try the advanced membership options for detailed enumeration of users, themes and plugins.

See recnt flags: https://www.virustotal.com/gui/ip-address/5.153.23.19/relations
Website had smut content? Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=XS1zZ3suXl1tYGZdbnRzYF51c3RdbXt9X157bnR7fWB4YnxufG58LW1ddGh7fWZ1Xmt7fTk5OQ%3D%3D~enc
Presently no content returned:     Google Chrome returned code 0      GoogleBot returned code 0

https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=XS1zZ3suXl1t~enc
See: https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.o-sge.com%2F

polonus (volunteer 3rd party cold rec on website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: Site Blocked - URL:Phishing
« Reply #477 on: December 17, 2019, 11:32:44 PM »
I'm having issues with my website hxxps://truenorthdroneservices.com/ getting reports of phishing scam with Avast & AVG users.  I've been on multiple times and have run every scan imaginable showing my site is clean but the issues still persist.  I'm seeing something called URL block that needs to be disabled on my site.  Please Help!

URL not is being blocked

Quote from: Avast
The provided URL doesn't seem to be detected by Avast. Could you please send us a screenshot of the detection message you're getting? https://support.avast.com/en-ww/article/100/

Offline Karno Nur Cahyo

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #478 on: December 31, 2019, 02:52:33 AM »
Hello, can our company's site be unblocked or deleted from the blacklist? Our company website is https://braindevs.com, currently there is no phishing link found on our site, here is the proof https://sitecheck.sucuri.net/results/braindevs.com

Please respond, as soon as possible, thank you

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36755
Re: Site Blocked - URL:Phishing
« Reply #479 on: December 31, 2019, 03:02:42 AM »
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php