Site Blocked - URL:Phishing

[rocksteady]

Report a false positive. (You should not fail to miss this post by Pondus in big Red font):
https://forum.avast.com/index.php?topic=218384.msg1561206#msg1561206

[polonus]

Three issues on your Word Press CMS - outdaated plug-in software:
   widget-options 3.6.1   Warning   latest release (3.7.4)
https://widget-options.com/
wp-author-date-and-meta-remover 1.0.4   Warning   latest release (1.0.5)
http://wpadmrproplus.com

Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

Path Tested   Status
/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Here no alerts: https://sitecheck.sucuri.net/results/manhealth.com.pk  but mentioned insecurity: TLS & protection issues.

Wait for a final verdict from an avast team member, as they are the only ones to come and unblock.

We here are volunteers with relative knowledge,

polonus (volunteer 3rd party cold recon  website security and website error-hunter)

[nover]

Hello Sir Polonus

Our site a clickfunnel page is being tagged as phishing site. Please remove us on the blacklist or if there's any proof of legitimacy you need we can provide too. Its just our clients are experiencing blockage during a visit to our site.

h[ttp]s://register.thedoersway[.]net/mem-exclusive-membership-access

Please help.

I have already submit our site at the report form.

Thanks

[polonus]

There is a detection there, avast holds is genuine. But then you have to take that up with an avast team member,
as they are the only ones to come and unblock. It is their detection and this here is part of their forums.

They just offer us a platform and we here are just volunteers with relative website security intelligence knowledge.

Seems the detection has to do with some CloudFlares anti-bot code obfuscation.

Take it up with your clickfunnel representative, and let them address this issue with someone from avast team,
responsible for blocking the sites involved that apparently are PHISHing in such a manner,
and make use of clickfunnel services.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

[porenga]

Hola.
Tengo el mismo problema que se señala repetidamente por los compañeros.
La web es https://hea.eus/
¿Podríais mirar si está en la lista y el motivo?
Mil gracias

[Asyn]

-> https://sitecheck.sucuri.net/results/https/hea.eus

[polonus]

Hola porenga,

Word Press version outdated. Outdated plug-in:    gdpr-cookie-compliance 4.3.8   Warning   latest release (4.3.9)
https://wordpress.org/plugins/gdpr-cookie-compliance/

User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.

Username   Name
ID: 1   pepe   
ID: 2   not found   
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

Path Tested   Status
/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

There is one more engine that detects this site: https://www.virustotal.com/gui/url/b50451881dcd95beb4abca15d55d71db1538ee23a281f052962ea7e26a47f462/detection
That were the results of 1 month ago, it now seems given as clean:
https://www.virustotal.com/gui/url/b50451881dcd95beb4abca15d55d71db1538ee23a281f052962ea7e26a47f462/detection
Nor here: https://www.virustotal.com/gui/ip-address/5.145.174.10/relations

Detection probably based on older blacklisting reports by McAfee's and here: https://threatminer.org/host.php?q=5.145.174.10

Wait for an official verdict by an avast team member, as they are the only ones to come and unblock,
as we here are just volunteers with relative website security expertise.

Some 463 recommendations for improvement on website, see:
https://webhint.io/scanner/5e6b6723-ec49-4303-ab65-8c6fbee76e1b

Con Dios,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

[porenga]

Mil gracias, Polonus
La información es extremadamente interesante y comleta
Me pongo a estudiarla con calma.
También he pedido a Avast que revise la clasificación
Saludos

[polonus]

Hola porenga,

You are welcome, muy bien. 

Did you report the site to avast's team? Good to know their final verdict,
as they are the only ones to come and unblock.

Saludos,

polonus

[Ecco Perú]

Hi, my name is Andres of Ecco Perú, my website is blocked ecco.pe, please i need help, thanks

my website have more of 3 years. (si hubiera atención en español, lo agradecería)

[polonus]

Hola  Ecco Perú,

Your website CMS is outdated and even worse left, there won't be upgrades to Magento 1.
Magento 1 is end of life!
Read this report: https://www.magereport.com/scan/?s=https://ecco.pe/ *

Your website runs a high risk of being compromised.
Follow instructions from magereport * (for spanish use google translate -> english to spanish).

Con Dios,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

[fumachi1]

Dear,

www.audazodontologia.com.br

Avast is showing Phishing in my website.
We already done every check and eliminate all risks.

Please, could you verify and remove this advise fro Avast? 

Thank you in advance!
Regards

[Asyn]

-> https://sitecheck.sucuri.net/results/www.audazodontologia.com.br

[fumachi1]

Tks for you reply.
In details we can see that is not my site is a link that wa removed today from

www.fohatlux.com.br (who developed my site)

We already removed this link.

I do not know what to do anymore.

[polonus]

It is not only avast detecting: https://www.virustotal.com/gui/url/6ebccdcfc5551982eec80b07cd466ac38cc29c47738219daed42182c3365586b/detection

Consider: https://retire.insecurity.today/#!/scan/50f3b9254356eb7341d3d30df5beac0bb0031cdc4efb7eeed5ddc5d8a8b38d0f
and
https://webhint.io/scanner/b7c27f14-f02e-43f7-ab2b-f090a3564222

Or wait for a final verdict from avast team, as they are the only ones to come and unblock,

polonus