Author Topic: Site Blocked - URL:Phishing  (Read 2359 times)

0 Members and 1 Guest are viewing this topic.

Offline mabuitragor

  • Newbie
  • *
  • Posts: 9
Site Blocked - URL:Phishing
« on: December 23, 2018, 12:51:15 PM »
Hello,
The avast web shield has blocked our website, which does not contain malware or phishing as it is causing us numerous inconveniences.
Website: https://www.concursator.com

Please, help us to solve this.
Thanks in advance.

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35847
Re: Site Blocked - URL:Phishing
« Reply #1 on: December 23, 2018, 01:56:13 PM »
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline mabuitragor

  • Newbie
  • *
  • Posts: 9
Re: Site Blocked - URL:Phishing
« Reply #2 on: December 23, 2018, 02:02:57 PM »
Ok. I Did it.
Thank you very much for your reply. In any case, I would like you to give us information about why this has happened. Cause many users can not access the website or lose confidence in it is causing us serious problems.

Offline LukasJ

  • Avast team
  • Jr. Member
  • *
  • Posts: 73
Re: Site Blocked - URL:Phishing
« Reply #3 on: December 23, 2018, 03:17:43 PM »
Hi,
detection was disabled.

Lukas

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31534
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #4 on: December 23, 2018, 03:24:54 PM »
Additional info and security recommendations

Adblockers block scripts from htxps://s1.adform.net/ with persistent cookie.
See: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ll5dbl51fXN8dF19Ll5dbWA%3D~enc
See: https://retire.insecurity.today/#!/scan/57a2628d59993ba2092968ce5e3cf79edffab0603cd62403bc2902f77893cf00
Recommendations for improvement: 28 hints -> https://webhint.io/scanner/7d5a7619-d6b0-4f84-ae19-df9703f805da
F-grade security: https://observatory.mozilla.org/analyze/www.concursator.com
Results DOM-XSS risk: hxtps://www.concursator.com/js/validations.js
Number of sources found: 43
Number of sinks found: 19
IP is blacklisted here: 82.223.14.113 is blacklisted by 39 websites using IP Blacklist Cloud Plugin.
e.g. by Conspiracy Roundup

polonus (volunteer website security analsyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mabuitragor

  • Newbie
  • *
  • Posts: 9
Re: Site Blocked - URL:Phishing
« Reply #5 on: December 23, 2018, 05:42:02 PM »
Hi,
detection was disabled.

Lukas

Hello Lukas, thanks
I'm continue being blocked by the web shield, and I have updated the viruses database.
I'm not sure if I have to wait some time or if I have to do any other action from my part.

Offline mabuitragor

  • Newbie
  • *
  • Posts: 9
Re: Site Blocked - URL:Phishing
« Reply #6 on: December 23, 2018, 05:58:37 PM »
Additional info and security recommendations

Adblockers block scripts from htxps://s1.adform.net/ with persistent cookie.
See: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ll5dbl51fXN8dF19Ll5dbWA%3D~enc
See: https://retire.insecurity.today/#!/scan/57a2628d59993ba2092968ce5e3cf79edffab0603cd62403bc2902f77893cf00
Recommendations for improvement: 28 hints -> https://webhint.io/scanner/7d5a7619-d6b0-4f84-ae19-df9703f805da
F-grade security: https://observatory.mozilla.org/analyze/www.concursator.com
Results DOM-XSS risk: hxtps://www.concursator.com/js/validations.js
Number of sources found: 43
Number of sinks found: 19
IP is blacklisted here: 82.223.14.113 is blacklisted by 39 websites using IP Blacklist Cloud Plugin.
e.g. by Conspiracy Roundup

polonus (volunteer website security analsyst and website error-hunter)

Hello, thanks for your recommendations and work on this.
I think the points you indicate are not critical and the website has not been hacked.
In addition, I have not found the IP listed in any blacklist.

Are any of these points the reason why they have
cataloged the website as phising?


Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31534
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #7 on: December 23, 2018, 07:10:01 PM »
Hi mabuitragor,

That question can only be answered by LukasJ or one of his avast member colleages, as I am not aware for what reason the website was once originally being critically flagged.

The run of the mill malware scanners do not flag your website. That is a good thing.

What I do is scanning websites for use of best practices via third party cold reconnaissance website scanning.
It is just trying to be of assistence to the website admins. Your site isn't  in the fragment of websites with critical website security issues, but there is always room for improvement when there is a technical ability to implement it (via webserver and with assistance of the hosting parties). The relevant knowledge for this I gained constantly over time since 2004.

The hints or security recommendations will just enhance the website's security grade and harden it further against being compromised. Some PUP-scanners frown upon adform.net persistent adware and will flag it.

polonus aka Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mabuitragor

  • Newbie
  • *
  • Posts: 9
Re: Site Blocked - URL:Phishing
« Reply #8 on: December 23, 2018, 07:20:30 PM »
OK. I understand, many thanks Polonus for your help.

Hopefully Avast support can help me because the website is still blocked.
I do not know what component can load that stuff from 'adform.net'... Google Adsense? Facebook?

Offline mabuitragor

  • Newbie
  • *
  • Posts: 9
Re: Site Blocked - URL:Phishing
« Reply #9 on: January 05, 2019, 10:28:02 AM »
Hello again,

The website concursator.com is being blocked again. And nobody has given us an explanation of why it is happening.

I think the cause may be to continue appearing on the Bitdefender blacklist. But nobody answers us there although we have taken dozens of tickets. All is discouraging.

Thanks,
M.


Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35847
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline mabuitragor

  • Newbie
  • *
  • Posts: 9
Re: Site Blocked - URL:Phishing
« Reply #11 on: January 05, 2019, 01:52:41 PM »
Yes, I see.
The data must go from one list to another. But nobody explains the cause of the detection of possible phishing.
They can give a veredict but without showing anything it is a terrible help.

Thank you.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31534
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #12 on: January 05, 2019, 02:49:27 PM »
Could not imagine it is other than general IP based, as here it comes up as "not a PHISH":
https://www.phishcheck.me/164328/details

The only one that can explain what the "renewed" detection is based upon is an avast team member,
As I see -82.223.14.113/ being blocked in Avast Secure Browser.
Consider reports here: https://www.abuseipdb.com/check/82.223.14.113

Quote
document.cookie = cname & obj2CH.value = obj2CH.name;
is a source in combination with 429 sinks,
when scanned for DOM-XSS flaws.

polonus
« Last Edit: January 05, 2019, 03:14:04 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mabuitragor

  • Newbie
  • *
  • Posts: 9
Re: Site Blocked - URL:Phishing
« Reply #13 on: January 05, 2019, 08:25:37 PM »
Hello, thank you very much for the time you have dedicated.

But I do not know if I understood correctly.

In the quoted text (I think understand) appears the set value of a cookie and a part of the javascript code that we have to avoid the data injection by robots in the comment forms.

Can those code snippets cause a positive phishing? (sounds strange)

In addition to this. A few days ago, I thought that a $ .ajax call to a subdomain 'push.concursator'.com' could make the positive detection, so I made changes so that every ajax call was to the main domain 'www.concursator.com'. All of this has occur after we included the components for webpush notification. basically a serviceworker.js and other javascript file (but not sure if it is related with the detection). I don't think that code snippets are so complicated or rare for cause a positive.

Therefore, I do not know what I have to change or if I have to change something with the data we now have.

Thanks.
M.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31534
  • malware fighter
Re: Site Blocked - URL:Phishing
« Reply #14 on: January 05, 2019, 11:22:57 PM »
Ola mabuitragor,

No that is a general recommendation stemming from a DOM_XSS vulnerability scan, and does not even says that it can be explored.

As I stated before three solutions (according to VirusTotal) now do flag that particular IP that you share with others for phishing.
As far as I can establish with my 14 years of relative knowledge and experience it is not your particular domain that is actually being abused as a PHISH. So they could exclude that address and block others that share that particular IP or take it up with your hoster.

However I cannot say for sure why avast and the others that have your address on a phishing domain or IP list do this.
You can only hear that from the horse's mouth, an avast team member, as we are just volunteers here with relative knowledge but cannot come to unblock as only avast team members can,

vaya con Dios,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)


« Last Edit: January 05, 2019, 11:27:08 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!