Site blacklist removal request

[bloke]

Hi Guys, I have taken over as the webmaster of wxw.hotline40.com.au and it was on a server riddled with issues. It now has a new server and completely new site and is fine but I think the domain is black listed. Keeps coming up as a phishing site, which I am sure it was a while ago. Can you please assist?

Cheers
Mark

[Asyn]

-> https://sitecheck.sucuri.net/results/www.hotline40.com.au

[polonus]

Your site kicks up a 403 error on Nginx 1.14.1 at Bluehost; take tis up with them and Google's DB.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Consider: https://urlquery.net/report/d9651faf-c1c8-494f-bb90-27b60c567f42

This flagged: https://www.virustotal.com/#/url/499648716ab24d7e5448d867d434453aea621564b6239af97eca79ff19675a05/detection

Note! The scan has detected URL(s) from your site and/or IP in Phishing DBs -
This link Flagged URL(s)? will open a utility that will list out any URL(s) from your domain that are listed in Phishing DBs and tell you if Google is currently flagging the URL. null -> The URL -http://www.hotline40.com.au/ is NOT currently flagged.

This utility has found some URL(s) from your site and/or IP in Phishing DBs -

URLs from other DB(s) listed below
URL     Is Flagged?   HTTP Status
-http://hotline40.com.au/admin/upload/3714imageForTag8286960138769913803.image.jpeg     flagged SOCIAL_ENGINEERING      403 Forbidden
-http://www.hotline40.com.au/admin/upload/3714imageForTag8286960138769913803.image.jpeg     flagged SOCIAL_ENGINEERING      403 Forbidden

For some tips on clearing a Phishing hack and getting the Google warning removed see: Remove a phishing or web forgery warning

Note: Google's flagging and review process is independent of the data contained in these DBs, sometimes you will find a URL marked NOT flagged now, will be flagged in a few hours, sometimes URL(s) get added to the DBs, so check back! You will also find once you get your site cleared by Google the URL(s) may linger in these DBs.

on IP - Forbidden
You don't have permission to access / on this server.
Server unable to read htaccess file, denying access to be safe

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Apache Server at -67-20-88-101.unifiedlayer.com Port 80

Status OK http://www.isithacked.com/check/www.hotline40.com.au

11 recommendations here: https://webhint.io/scanner/3523beae-7de9-4619-ae4b-308023ed84f0

Also to be considered: https://gtmetrix.com/reports/www.hotline40.com.au/Gux43WX9

polonus (volunteer website security analyst and website error-hunter0

[bloke]

HI Guys,

So I am now in the middle of an upgrade/migration that is taking ages, I will repost if the issue is still present when the sites come back up.

[bloke]

Migration is finished and site is back up and functional. Ready to be re assessesd for threats.

[Asyn]

-> https://sitecheck.sucuri.net/results/www.hotline40.com.au

[bloke]

yep it comes up clear

[polonus]

Still get a phishing alert via an avast aos-warning,
Note! The scan has detected URL(s) from your site and/or IP in Phishing DBs -
This link Flagged URL(s)? will open a utility that will list out any URL(s) from your domain that are listed in Phishing DBs and tell you if Google is currently flagging the URL.
For some tips on clearing a Phishing hack see: https://aw-snap.info/articles/phishing.php

Also consider retirable jQuery libraries

Retire.js
bootstrap   3.3.1   Found in -https://www.hotline40.com.au/wp-content/themes/motors/assets/js/bootstrap.min.js?ver=4.2.5
Vulnerability info:
High   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   1
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   1
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   1
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   1
jquery-migrate   1.2.1.min   Found in -https://www.hotline40.com.au/wp-content/themes/motors/assets/js/jquery-migrate-1.2.1.min.js?ver=4.2.5
Vulnerability info:
Medium   11290 Selector interpreted as HTML   12
jquery   1.12.4   Found in -https://www.hotline40.com.au/wp-includes/js/jquery/jquery.js?ver=1.12.4
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   1234
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   123
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

Various security issues -> https://app.upguard.com/#/https://www.hotline40.com.au
given as benign here now: https://zulu.zscaler.com/submission/08d4fa03-8382-4e90-b6f8-f2b5cbfcc85c
Re: https://securityheaders.com/?q=https%3A%2F%2Fwww.hotline40.com.au%2F&followRedirects=on
and https://gtmetrix.com/reports/www.hotline40.com.au/Gux43WX9

polonus (volunteer 3rd party cold reconnaissance website analyst & website error-hunter)

[jefferson sant]

Detection was removed on 22.05.2019

Our virus specialists have been working on this problem and it has now been resolved. The provided URL is not detected by Avast anymore.