« previous next »
Pages: [1]   Go Down

Author Topic: Phishing website  (Read 2242 times)

0 Members and 1 Guest are viewing this topic.

Offline Mauro108

  • Newbie
  • *
  • Posts: 2
Phishing website
« on: January 24, 2019, 11:27:45 AM »
Hi, Avast keeps on blocking this website openload.pw with an "URL:Phishing" message.

I've checked with https://sitecheck.sucuri.net/results/openload.pw and https://www.virustotal.com/it/url/88cb7284dc77a7bf834cb43cbbd48823db441c8d18250ea1f34302348b9da61d/analysis/1548325572/

Everything looks green (malware/blacklist), just there is no HTTPS encryption.

Thanks.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: Phishing website
« Reply #1 on: January 24, 2019, 11:34:30 AM »
Checked at PHISHcheck: {"sid": 172585, "is_success": true}

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5625
  • Spartan Warrior
Re: Phishing website
« Reply #2 on: January 24, 2019, 09:06:08 PM »
Quttera:  https://quttera.com/detailed_report/openload.pw

Have you implemented any of the hardening steps recommended for free by Sucuri?  (See link above posted in your OP.)
Logged
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Offline Mauro108

  • Newbie
  • *
  • Posts: 2
Re: Phishing website
« Reply #3 on: January 25, 2019, 12:06:34 AM »
Quote from: mchain on January 24, 2019, 09:06:08 PM
Quttera:  https://quttera.com/detailed_report/openload.pw

Have you implemented any of the hardening steps recommended for free by Sucuri?  (See link above posted in your OP.)

Yeah, if I go for the https version, Avast let me browse the site so I already sent an email to the administrator. Thanks.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: Phishing website
« Reply #4 on: January 25, 2019, 12:39:02 AM »
A http version should not exist next to a https or should redirect there.

File name: /assets/js/typed.min.js is the code that Sucuri's is flagging and has been abused since 2005 henceon,
Potentially malicious JavaScript contexts
And it is also flagged by SNYK and here: https://retire.insecurity.today/#!/scan/35110fca543262031700b8d0feee7070dc119cd675e9e6760ac1c4751ae536f3
DOM-XSS related issues like sources and sinks for URL: htxp://openload.pw/assets/js/jquery.min.js
Number of sources found: 43 ; number of sinks found: 19

Various (28) best policy hints given here: https://webhint.io/scanner/06db7313-1212-4f96-8f0d-d254c3d5a8e9

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: January 25, 2019, 01:04:49 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: Phishing website
« Reply #5 on: January 25, 2019, 01:03:39 AM »
L.S.

Inherent when vulnerable javascript is being used on PHP-driven CMS,
sometimes such potential insecurity could lead to malcode like crypto-PHP-malware.

See this way to remove such malware:
https://github.com/shieldfy/CryptoPHP-malware-removal/blob/master/cryptophp_removal.php

Info credits for these github contributions go to "netcode" -> shieldfy seems left since 2014,
which is quite long in  the digital time-frame as we know it,

Maybe some remover here may put this contribution to a good purpose  ;)

I just link to it for what it is worth,

Damian aka polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »