Author Topic: Site Blocked - URL:Phishing  (Read 166007 times)

0 Members and 3 Guests are viewing this topic.

Offline jayson.arcayna

  • Newbie
  • *
  • Posts: 3
Re: Site Blocked - URL:Phishing
« Reply #645 on: April 25, 2021, 03:16:18 AM »
With malzilla I get
Code: [Select]
HTTP/1.0 301 Moved Permanently
Connection: close
Content-Type: text/html; charset=UTF-8
X-Redirect-By: WordPress
Location: -https://applemclinic.com/
Content-Length: 0
Date: Sat, 24 Apr 2021 20:35:47 GMT
Server: LiteSpeed

=========================
Server IP(s):
0.0.0.0

=========================
HTTP headers:

GET / HTTP/1.0
Host: -applemclinic.com:443
User-Agent: Mozilla/7.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.2) Gecko/20010726 Netscape/7.0
Referer: -http://applemclinic.com
Accept-Encoding: gzip


Various Word Press issues: core version isn not the latest.

User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.

Username   Name
ID: 1   admin   @admin
ID: 2   not found   
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

Path Tested   Status
/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Scan issue, scan will not materialize. Take this up with the hosting party in LA.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Hi,

Thanks for your reply.

I already fixed the directory indexing. Thanks

Re: Site Blocked - URL:Phishing
« Reply #646 on: May 02, 2021, 06:10:50 AM »
Hola.
mi URL http://sincro.iesap.edu.pe aparece bloqueada es una aplicación web  académica para un instituto

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71056
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #647 on: May 02, 2021, 10:17:57 AM »
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Win 8.1 [x64] - Avast PremSec 21.6.6435.BCi [UI.653] - EEK - Firefox ESR 78.12 [NS/uBO/PB] - TB 78.12
Avast-Tools: Secure Browser 91.1 - Cleanup 21.2 - SecureLine 5.12 - Driver Updater 21.2 - CCleaner 5.83
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33232
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #648 on: May 02, 2021, 02:09:49 PM »
See: -https://sincro.iesap.edu.pe/iniciar-sesion  (redirect from the main website)
Detected libraries:
jquery - 3.4.1 : (active1) -https://sincro.iesap.edu.pe/resources/plugins/jquery/jquery.min.js
Info: Severity: medium
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Info: Severity: medium
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
bootstrap - 4.3.1 : -https://sincro.iesap.edu.pe/resources/plugins/bootstrap/js/bootstrap.bundle.min.js
(active) - the library was also found to be active by running code
1 vulnerable library detected

Website flagged because of spam, wait for a final verdict from an avast team member,
as they are the only ones to come and unblock,

Comodo flags IP: https://www.virustotal.com/gui/ip-address/157.230.94.208/detection

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline RABLightcloud

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #649 on: May 04, 2021, 04:46:05 PM »
Our website https://control.lightcloud.com/ shows up as an infected website on Avast. Could someone help in removing this website from the list?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33232
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #650 on: May 04, 2021, 05:15:55 PM »
Flagged here: https://www.virustotal.com/gui/url/eb8c12ee43de8c5751b7262bb37578f5e22e539a33636dff82ec9f5606355f1f/detection
Also outdated software: https://sitecheck.sucuri.net/results/https/control.lightcloud.com

Wait for a final verdict from an avast team member, the only ones to come and unblock.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline RABLightcloud

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #651 on: May 04, 2021, 05:39:02 PM »
Thanks. Do they post here?

Offline p.morales

  • Newbie
  • *
  • Posts: 5
Re: Site Blocked - URL:Phishing
« Reply #652 on: May 04, 2021, 06:20:11 PM »
Hello. My URL torreon.cl appears blocked would be a false positive. Please check.
« Last Edit: May 04, 2021, 11:32:47 PM by p.morales »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85335
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #653 on: May 04, 2021, 08:53:29 PM »
Hello. My URL torreon.cl appears blocked would be a false positive. Please check.

Please 'modify' your post change the URL removing the http and // www elements (as I have done in the quoted text above), to break the link and avoid accidental exposure to suspect sites, thanks.

Posting only a isolated image doesn't tell whole the story, the site is considered a Medium Security Risk - https://sitecheck.sucuri.net/results/www.torreon.cl
And
Quote from: Extract
No redirect from HTTP to HTTPS found. You should redirect your website visitors to the HTTPS version to avoid the "Not Secure" browser warning.

G-Data also gives a  Malware detection - https://www.virustotal.com/gui/url/10ba46722d82c22c7f96b51409a1f2a9a647c9fa9040bcec110f5c6fe21e1092/detection

These may or may not be the reason why Avast is blocking it.

Posting twice about this won't change its status, so the duplicate has been removed.

Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline contatomgv

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #654 on: May 04, 2021, 09:58:26 PM »
Hi guys!

I also had my website blocked  :'(

I believe that this block is a mistake, because we didn't anything wrong.

I am concerned because our platform is losing some customers because of this error.

Can you help me?

my website is https://meugrupo.vip

We are clean:
https://www.virustotal.com/gui/url/646d428694d41b6dea172f9ab64279408d72eb49c6d0144fa306f26d67ea17d3/detection
https://sitecheck.sucuri.net/results/meugrupo.vip



Thanks

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33232
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #655 on: May 04, 2021, 10:02:41 PM »
Apart from what DavidR reports, see also these recommendations:
https://webhint.io/scanner/66be931a-e684-4f65-8d13-1291c8322262

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33232
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #656 on: May 04, 2021, 10:14:08 PM »
Hi comtatomvg,

What about redirects like:
-https://nups.com.br/termos-grupovip/

-https://nups.com.br/meu-grupo-vip

final: -https://meugrupovip.com.br/?utm_source=site_nups

Consider some 610 recommendations here: https://webhint.io/scanner/bfba6c7f-235c-4a62-b40c-44d8cb5f108a

Report to avast, and wait for a final verdict by an avast team member, as they are the only ones to come and unblock,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline p.morales

  • Newbie
  • *
  • Posts: 5
Re: Site Blocked - URL:Phishing
« Reply #657 on: May 05, 2021, 06:33:30 PM »
Thanks for the help, do you know more or less when the unlocking can be ready?

Hello. My URL torreon.cl appears blocked would be a false positive. Please check.

Please 'modify' your post change the URL removing the http and // www elements (as I have done in the quoted text above), to break the link and avoid accidental exposure to suspect sites, thanks.

Posting only a isolated image doesn't tell whole the story, the site is considered a Medium Security Risk - https://sitecheck.sucuri.net/results/www.torreon.cl
And
Quote from: Extract
No redirect from HTTP to HTTPS found. You should redirect your website visitors to the HTTPS version to avoid the "Not Secure" browser warning.

G-Data also gives a  Malware detection - https://www.virustotal.com/gui/url/10ba46722d82c22c7f96b51409a1f2a9a647c9fa9040bcec110f5c6fe21e1092/detection

These may or may not be the reason why Avast is blocking it.

Posting twice about this won't change its status, so the duplicate has been removed.

Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85335
  • No support PMs thanks
Re: Site Blocked - URL:Phishing
« Reply #658 on: May 05, 2021, 08:56:07 PM »
Thanks for the help, do you know more or less when the unlocking can be ready?

You're welcome.

Normally you should get a response in a day or two, assuming that the analysis is clean then it should be released.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline p.morales

  • Newbie
  • *
  • Posts: 5
Re: Site Blocked - URL:Phishing
« Reply #659 on: May 06, 2021, 05:23:35 PM »
Hello friends, make the report that it is a positive failure torreo.cl and it has not yet been removed.
Please review, I appreciate your help.


Thanks for the help, do you know more or less when the unlocking can be ready?

You're welcome.

Normally you should get a response in a day or two, assuming that the analysis is clean then it should be released.