Author Topic: Site Blocked - URL:Phishing  (Read 219022 times)

0 Members and 1 Guest are viewing this topic.

Offline keithmoon2000

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #705 on: October 12, 2021, 07:41:32 PM »

You should get a reply within 48 hours.


Ok, thanks !

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 75444
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing
« Reply #706 on: October 13, 2021, 09:38:54 AM »
You're welcome.
W8.1 [x64] - Avast PremSec 22.5.7216.B [UI.706] - Firefox ESR 91.9.1 [NS/uBO/PB] - Thunderbird 91.9.1
Avast-Tools: Secure Browser 101.0 - Cleanup 22.2 - SecureLine 5.18 - Driver Updater 22.2 - CCleaner 6.0
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33589
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #707 on: October 14, 2021, 10:38:30 PM »
Flagged probably because of this report on IP: https://ip-46.com/146.59.209.152

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline info2834

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #708 on: December 08, 2021, 09:15:36 AM »
My site is also blocked as URL:techscam. It is clean as you can see: https://www.virustotal.com/gui/url/a1bb2d293b6b4992e7fde598900295d40b3189bf4487fb7577040eaf8ded6b61?nocache=1
I reported it as false positive yesterday and the day before it. Still no response from Avast.
Please unblock it or say if we should do something.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33589
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #709 on: December 08, 2021, 11:24:52 AM »
Probably blocked because of following redirects:
Detected 1 HTTP redirects (Raw HTTP-headers)

Required URL:   -http://www.regnews.net/
Required IP:   104.21.50.158
Redirected URL:   -https://www.regnews.net/
Redirected IP:   104.21.50.158
HTTP Method:   GET
HTTP status code:   301
Required URL:   -https://www.regnews.net/
Required IP:   172.67.164.34 United States
HTTP Method:   GET
HTTP status code:   200
Required URL:   -https://www.regnews.net/css/style.css
Required IP:   172.67.164.34 United States
HTTP Method:   GET
HTTP status code:   200

Canonical tags refer to another page -https://www.regnews.net/nachalo

But wait for a final verdict from avast team.
We here are just volunteers with expertise in 3rd party website security and website error-hunting,
but only avast team members can come and unblock.

Also see: https://tools.tracemyip.org/website-http-headers-check/
Quote
HTTP/1.1 301 Moved Permanently
Date: Wed, 08 Dec 2021 16:37:09 GMT
Content-Type: text/html
Connection: keep-alive
location: -https://www.regnews.net/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"-https:\/\/a.nel.cloudflare.com\/report\/v3?s=VpI4HsY7dBAOASLwlXkODbVp73QYm8iIcemyiayBKyePho0oIHnEQanRYypl0tJEsp4y%2BJ%2BxtEjA9k5pPwV%2BmjDR5mTGZPwf1Gu%2BJqCRCPp5QBKw1KvlpAfUoiJB%2B5s9BmYeNfHCy%2BwhML%2FFT0c%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6ba76aa9cca702b6-MIA
alt-svc: h2=":443"; ma=60
HTTP/2 200
date: Wed, 08 Dec 2021 16:37:09 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.26
x-powered-by: PleskLin
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="-https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"-https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFU6OzCUlfkhT2fcxBKa%2Bq%2BDcqbxskuQxhjjDhCVeZlK3N%2FJzcfsSd1l8yNFsF%2BrYMr83KnfpQRMmQit4mQx%2BuhRkw4JdK%2BzqR%2BMrBLst%2FfejYxGIbWS94d%2F71%2BKiLqTbf9sfxekQT%2F6UhXYYoY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6ba76aabc90609ea-MIA
content-encoding: gzip

polonus

« Last Edit: December 08, 2021, 05:40:25 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline info2834

  • Newbie
  • *
  • Posts: 2
Re: Site Blocked - URL:Phishing
« Reply #710 on: December 09, 2021, 09:15:01 AM »
Probably blocked because of following redirects:
Detected 1 HTTP redirects (Raw HTTP-headers)

Required URL:   -http://www.regnews.net/
Required IP:   104.21.50.158
Redirected URL:   -https://www.regnews.net/
Redirected IP:   104.21.50.158
HTTP Method:   GET
HTTP status code:   301
Required URL:   -https://www.regnews.net/
Required IP:   172.67.164.34 United States
HTTP Method:   GET
HTTP status code:   200
Required URL:   -https://www.regnews.net/css/style.css
Required IP:   172.67.164.34 United States
HTTP Method:   GET
HTTP status code:   200

Canonical tags refer to another page -https://www.regnews.net/nachalo

But wait for a final verdict from avast team.
We here are just volunteers with expertise in 3rd party website security and website error-hunting,
but only avast team members can come and unblock.

Also see: https://tools.tracemyip.org/website-http-headers-check/
Quote
HTTP/1.1 301 Moved Permanently
Date: Wed, 08 Dec 2021 16:37:09 GMT
Content-Type: text/html
Connection: keep-alive
location: -https://www.regnews.net/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"-https:\/\/a.nel.cloudflare.com\/report\/v3?s=VpI4HsY7dBAOASLwlXkODbVp73QYm8iIcemyiayBKyePho0oIHnEQanRYypl0tJEsp4y%2BJ%2BxtEjA9k5pPwV%2BmjDR5mTGZPwf1Gu%2BJqCRCPp5QBKw1KvlpAfUoiJB%2B5s9BmYeNfHCy%2BwhML%2FFT0c%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6ba76aa9cca702b6-MIA
alt-svc: h2=":443"; ma=60
HTTP/2 200
date: Wed, 08 Dec 2021 16:37:09 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.26
x-powered-by: PleskLin
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="-https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"-https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFU6OzCUlfkhT2fcxBKa%2Bq%2BDcqbxskuQxhjjDhCVeZlK3N%2FJzcfsSd1l8yNFsF%2BrYMr83KnfpQRMmQit4mQx%2BuhRkw4JdK%2BzqR%2BMrBLst%2FfejYxGIbWS94d%2F71%2BKiLqTbf9sfxekQT%2F6UhXYYoY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6ba76aabc90609ea-MIA
content-encoding: gzip

polonus

Thank you polonus for your time. My site is using Cloudflare, which is where redirects come from. It's strange if this is the reason to get my site blocked. Anyway, it's unblocked now. I hope this woudn't happen again.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33589
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #711 on: December 11, 2021, 01:29:25 PM »
We had some CloudFlare hick-ups in the recent past,
that were being interpreted by avast and flagged to later found to be False Positives.

As you now can establish for yourself, reporting here and 'keeping a finger unto the avast pulse' will help.

We here are just volunteers, but we always try to assist avast team in order to see that such issues become sorted eventually.  ;)

Have a nice week, ye all.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline ghismart01

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #712 on: January 04, 2022, 09:50:44 PM »
I'm having a problem with avast blocking valid links and pages from emails from Mailingboss.net.

Since, the site appears to have no record either in any blacklist website, I find it annoying and bad business !

Could you please check this out ?

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 47032
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Site Blocked - URL:Phishing
« Reply #713 on: January 04, 2022, 10:16:57 PM »
I'm having a problem with avast blocking valid links and pages from emails from Mailingboss.net.

Since, the site appears to have no record either in any blacklist website, I find it annoying and bad business !

Could you please check this out ?
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, Avast One 21.11, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bi

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33589
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #714 on: January 05, 2022, 04:24:56 PM »
Status codes
These should normally all be the same.

Google Chrome returned code 301 to -https://mailingboss.net/
GoogleBot returned code 301 to -https://mailingboss.net/

Wait for a final verdict by avast team, as they are the ony ones to come and unblock.

VT has one vendor reporting spam for that domain.
Could also be through other domains sharing that same IP. Re: https://site-stats.org/ip/64.251.1.115/
IP blacklist check: https://hetrixtools.com/blacklist-check/64.251.1.115
64.251.1.115 is listed on 3 out of 91 checked blacklists (report generated in 10 seconds)
A public report has been generated, you can find it here: Blacklist Monitor Report - 64.251.1.115
= https://hetrixtools.com/report/blacklist/dc490492c289414e38d1e9a4f6023014/

polonus
« Last Edit: January 05, 2022, 07:35:31 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33589
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #715 on: January 05, 2022, 04:30:17 PM »
Errors at this builderall site:
Quote
TypeError: Illegal invocation
 /static/jquery-1.12.4.min.js:2 i()
 /static/jquery-1.12.4.min.js:2 Object.fireWith [as resolveWith]()
 /static/jquery-1.12.4.min.js:2 Function.ready()
 /static/jquery-1.12.4.min.js:2 HTMLDocument.K()
  :4:80()
  HTMLDocument.t. (eval at exec_fn (:2:115), :38:453)()
  :4:80()
  t (:3:191)()
  :4:80()
  t (eval at exec_fn (:2:115), :38:472)()

SyntaxError: Unexpected identifier
  eval ()()
  :4:80()
  Object.t [as F_c] (:3:191)()
  Object.E_u (:4:244)()
  eval (eval at exec_fn (:2:115), :67:477)()
  Object.create (eval at exec_fn (:2:115), :69:193)()
  c (eval at exec_fn (:2:115), :7:231)()
  :4:80()
  i (eval at exec_fn (:2:115), :5:165)()
  eval (eval at exec_fn (:2:115), :5:292)()

SyntaxError: Invalid regular expression flags
  eval ()()
  :4:80()
  Object.t [as F_c] (:3:191)()
  Object.E_u (:4:244)()
  eval (eval at exec_fn (:2:115), :67:477)()
  Object.create (eval at exec_fn (:2:115), :69:193)()
  c (eval at exec_fn (:2:115), :7:231)()
  :4:80()
  i (eval at exec_fn (:2:115), :5:165)()
  eval (eval at exec_fn (:2:115), :5:292)()

Vulnerability
Quote
jquery   1.12.4.min   Found in -https://mailingboss.net/static/jquery-1.12.4.min.js _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Nakuul

  • Newbie
  • *
  • Posts: 1
Re: Site Blocked - URL:Phishing
« Reply #716 on: January 17, 2022, 09:53:24 PM »
Hello, I've recently run into an issue while watching a Twitch stream.  In the middle of the stream I got the alert "We've safely aborted connection on video-edge-827414.ord02.abs.hls.ttvnw.net because it was infected with URL:Phishing."  I am no longer able to watch that stream.  I am able to watch other streams.

Is this a possible false positive, or is there something else I can do to get this looked into?

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 47032
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Site Blocked - URL:Phishing
« Reply #717 on: January 18, 2022, 02:29:23 PM »
Hello, I've recently run into an issue while watching a Twitch stream.  In the middle of the stream I got the alert "We've safely aborted connection on video-edge-827414.ord02.abs.hls.ttvnw.net because it was infected with URL:Phishing."  I am no longer able to watch that stream.  I am able to watch other streams.

Is this a possible false positive, or is there something else I can do to get this looked into?
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, Avast One 21.11, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bi

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33589
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #718 on: January 18, 2022, 08:54:54 PM »
Family Protection could be a must: https://www.netnanny.com/blog/the-hidden-dangers-of-twitch/
I get a 400 bad request: https://sitecheck.sucuri.net/results/video-edge-827414.ord02.abs.hls.ttvnw.net
See: https://www.shodan.io/host/52.223.226.88
Unable to report on this hostname as it does not resolve to an IP address. Amazon hick-up?
See: -https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fredirect_uri%3Dhttps%253A%252F%252Fisengard.amazon.com%253A443%252Faccount%252F848744099708%26client_id%3Dhttps%253A%252F%252Fisengard.amazon.com%253A443%26scope%3Dopenid%26response_type%3Did_token%26nonce%3De4a5d9c6c9be23fa409b298685eb354299f8223b75252e5790556acd11432933%26sentry_handler_version%3DMidwayNginxModule-1.6-1&noauth=1&require_digital_identity=false (content security = htxps://d3s096xoykcjlq.cloudfront.net)
Error from Cloudfront
Quote
Headers
x-amz-cf-pop   EWR53-C2
via   1.1 0f37773e2cce4ff7a5301ebabb04538a.cloudfront.net (CloudFront)
x-cache   Error from cloudfront
transfer-encoding   chunked
server   AmazonS3
connection   keep-alive
x-amz-cf-id   _gMJAsflG075OgT1hfdXlkEFAvtw-ukDcpECk2PMKhSDTY9gLAEs5w==
date   Tue, 18 Jan 2022 21:03:12 GMT
content-type   application/xml
4 malware reports as community reports, see:
https://www.virustotal.com/gui/domain/midway-auth.amazon.com/community  Win32 EXE mwinit.exe detections (3, resp. 4).

polonus
« Last Edit: January 18, 2022, 10:09:39 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33589
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #719 on: January 19, 2022, 09:04:44 PM »
What is alo playing at the background of such issues with connection problems can be summarized under buzzword "DNS" (here with Amazon).
Read: https://www.theregister.com/2022/01/18/if_you_dont_have_anycast/
(Global DDos protection/Anycast etc.).

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!