Author Topic: Please Remove My Site From URL:PHISHING  (Read 4347 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Please Remove My Site From URL:PHISHING
« on: August 21, 2018, 07:56:01 AM »
Please help! I'm the webmaster of wxw.club21ids.is and avast has been alerting of URL:PHISHING on my site. I believe this issue has been rectified on my site. Would you be able to verify and remove the alert on the site please? Thanks!
« Last Edit: August 21, 2018, 01:21:49 PM by Milos »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Please Remove My Site From URL:PHISHING
« Reply #2 on: August 21, 2018, 11:23:20 PM »
A particular redirect is being flagged.
Read about proper redirects: https://www.webconfs.com/154/301-redirects-how-to-redirect-your-website/
Check 'em here: http://webconfs.com/redirect-check.php

But in this case it is malware redirect, like described here: http://labs.sucuri.net/db/malware/malware-entry-mwhta7
One should remove offending code from .htaccess and/or index.php

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: Please Remove My Site From URL:PHISHING
« Reply #3 on: August 23, 2018, 09:52:00 AM »
Hi,
The URLwas removed from our blacklist on 21.08., 13:48 CEST.

Offline Estudio6

  • Newbie
  • *
  • Posts: 1
Re: Please Remove My Site From URL:PHISHING
« Reply #4 on: September 30, 2019, 06:38:36 PM »
Hi, I have the same problem with my website: estudioagil.com I already scanned it and it is virus free,

https://sitecheck.sucuri.net/results/estudioagil.com
https://www.immuniweb.com/radar/?id=JHJAo1ux

What else can I do to get it removed from your blacklist.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Please Remove My Site From URL:PHISHING
« Reply #5 on: September 30, 2019, 06:55:15 PM »
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php




Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Please Remove My Site From URL:PHISHING
« Reply #6 on: September 30, 2019, 07:44:19 PM »
Bitdefender is the engine that detects this website with this particular uri and file:
https://www.virustotal.com/gui/url/01e63e6bb7ff375c8317a0fccf57830503065dbf6b26c3208992aa0f03e041df/detection
Various detection for this domain in relations to the IP:
https://www.virustotal.com/gui/ip-address/162.241.184.154/relations
also as a PHISH:
htxp://estudioagil.com/dd/f/cd1181924c58104eb9735cdf24c014715e2d0ed9fdffa29f2a657d8cb11420302a68f3e6f140f131d661afea1a59b38b
I now get:
Quote
Header returned by request for: hxtp://estudioagil.com/ -> -162.241.184.154

HTTP/1.1 302 Found
Date: Mon, 30 Sep 2019 17:30:05 GMT
Server: nginx/1.17.3
Content-Type: text/html; charset=UTF-8
Content-Length: 0
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
-
Content that was returned by your request for the URL: hxtp://estudioagil.com/
Note: Content displayed is from the redirect location, the URL web/

Re: https://toolbar.netcraft.com/site_report?url=estudioagil.com -> https://mxtoolbox.com/SuperTool.aspx?action=http%3a%2f%2festudioagil.com&run=toolpage

10 problems here: https://mxtoolbox.com/domain/estudioagil.com/

527 improvement recommendations found through linting here: https://webhint.io/scanner/7c5b31aa-d034-452f-bf4a-47645c6a42a7

No Cloaking, No Spammy Links, Status codes: GoogleBot returned code 302 to web/ Google Chrome returned code 302 to web/
ni iFrames, no Blacklists,

wait for an avast team member to give a final verdict on your website,
as they are the only ones that can come and unblock, we are just volunteers with expertise knowledge,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: Please Remove My Site From URL:PHISHING
« Reply #7 on: October 07, 2019, 02:17:54 PM »
Hi, I have the same problem with my website: estudioagil.com I already scanned it and it is virus free,

https://sitecheck.sucuri.net/results/estudioagil.com
https://www.immuniweb.com/radar/?id=JHJAo1ux

What else can I do to get it removed from your blacklist.

Detection was removed in 07.10.2019 at 04:58 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.