Author Topic: Site Blocked - URL:Phishing (Read 232550 times)

paolorossi15 · « **Reply #735 on:** April 16, 2022, 03:37:51 PM »

Hi, thank you very much DavidR, I wrote, what could be the times for them to remove the block?

polonus · « **Reply #736 on:** April 16, 2022, 05:06:38 PM »

Hi paolorossi15,

Wait for a final verdict from avast team, as they are the only ones to come and unblock.
No issues here: https://quttera.com/detailed_report/eurekaddl.bid
But you connect out to an insecure munkhey dot com connection.
with info proliferation for the ratpacket.php file (with mail address given),
which file could be vulnerable to a Cloudflare small file download issue.
Ratpacker as a file is given as secure: https://webrate.org/site/ratpacker.com
Let them take that issue up with Cloudflare staff. That's all we know.

Bella Ciao,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

DavidR · « **Reply #737 on:** April 16, 2022, 05:40:45 PM »

Quote from: paolorossi15 on April 16, 2022, 03:37:51 PM

Hi, thank you very much DavidR, I wrote, what could be the times for them to remove the block?

You're welcome.
You should get a response in a day or two. Bearing in mind this is a (Easter) weekend, it may take a little longer.

RP Sistema · « **Reply #738 on:** May 10, 2022, 10:59:17 PM »

Hello
Am developer from a company and one of our website is blacklisted
can someone tell me why and how to unblacklist please? those websites doesnt have potential risks!
already submit a form for false positive, but not answer yet

https://agendaweb.com.ar/

Thanks in avanced!

DavidR · « **Reply #739 on:** May 10, 2022, 11:56:18 PM »

Please break active link to suspect site!

You can browse this topic and you will see many sites that you can check your site against. Those trying to help in this topic are Avast Users and we get the information from those sites.

polonus · « **Reply #740 on:** May 12, 2022, 08:01:48 PM »

Wait for a final verdict from Avast team as they are the only ones to come and unblock.
Vulnerabilities in existing webpage:

Quote

Retire.js
bootstrap   3.3.5   Found in -https://agendaweb.com.ar/artro/www/bootstrap/js/bootstrap.min.js _____Vulnerability info:
Medium   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   1
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042
Medium   XSS is possible in the data-target attribute. CVE-2016-10735
jquery   1.10.2.min   Found in -https://agendaweb.com.ar/artro/www/bootstrap/js/jquery-1.10.2.min.js _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

This could be meant as flagged: ONCLICK
/* button.btn btn-md btn-primary col-xs-12 col-sm-12 col-md-12 col-lg-12.onclick = */
ir('hxtps://agendaweb.com.ar/artro/');

polonus

fterrades · « **Reply #741 on:** May 25, 2022, 11:41:36 AM »

Hello, our site https://digitalsignage.academy is blocked by Avast. We made a new website but the url seems to rest blocked. Can you help us? Thanks!

Asyn · « **Reply #742 on:** May 25, 2022, 11:46:54 AM »

-> https://www.virustotal.com/gui/url/80591a2b4b95cc998b54bde6124a3514806ec67db5622d1464b7a916e19b3eb0?nocache=1

polonus · « **Reply #743 on:** May 25, 2022, 04:56:04 PM »

A WordPress security scan does not render major problems, all plug-ins are latest versions.
User enumeration and directory listing are disabled. Latest version of CMS used.

But the issues and vulnerabilities seem to reside at where the website is being hosted:
https://www.shodan.io/host/92.205.6.170

So take this up with the hoster, then wait for a final verdict from avast team.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter).

DavidR · « **Reply #744 on:** May 28, 2022, 12:24:31 AM »

Quote from: ismael5 on May 27, 2022, 11:53:14 PM

My website linkedup.me is getting a false positive (phishing) and my students and customers are having a lot of trouble! Why this is happening? I send a ticket via your website and I didn't have a response. I need a solution ASAP please!

Ismael.

Please break active link to suspect site!

- Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

Markus192 · « **Reply #745 on:** May 31, 2022, 11:33:01 AM »

Hi,

the url http://www.revosax.sachsen.de/Text.link?stid=30734 is blocked by avast - URL:phishing. The Website is part of the infrastructure of the federal state of Saxony, Germany, and run by the gouvernment. It most likely is not trying to phish. Could you please unblock it? Thanks!

Asyn · « **Reply #746 on:** May 31, 2022, 11:36:51 AM »

Hi, you can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

polonus · « **Reply #747 on:** June 01, 2022, 12:00:52 AM »

Some additional remark apart from the fact that the site might well be "above board" so to say.

In view of it being better to resolve directly to https-only,
certainly for "Staatsbetrieb Saechsische Informatik Dienste",
this site starts with http and it could be that redirection chain is bein flagged:

Quote

-http://www.revosax.sachsen.de/Text.link?stid=30734
-https://www.revosax.sachsen.de/Text.link?stid=30734
-http://www.revosax.sachsen.de/vorschrift/15101-EFRE-Technologiefoerderung-2014-bis-2020?follow_successor=no

VT gives the site the all green: https://www.virustotal.com/gui/url/7629ea8e80dd92079a93a4c9c533423b0c4f10fb4dba6262f05bcdac7113d4a5/details

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

rabescathedral · « **Reply #748 on:** August 08, 2022, 03:29:45 PM »

I am trying to go the site picclick.com and Avast is blocking me with the URL:phishing block like what others experience here.
I have never had trouble with this site before and it seems to work fine in Microsof Edge, yet if i try to access it in Firefox then Avast interrupts this access

DavidR · « **Reply #749 on:** August 08, 2022, 07:32:35 PM »

Quote from: rabescathedral on August 08, 2022, 03:29:45 PM

I am trying to go the site picclick.com and Avast is blocking me with the URL:phishing block like what others experience here.
I have never had trouble with this site before and it seems to work fine in Microsof Edge, yet if i try to access it in Firefox then Avast interrupts this access

Have you done as previously suggested many times in this topic and in the two posts before yours ?
Check at VirusTotal to see what is found there and or submit as a possible false positive.