Author Topic: Site Blocked - URL:Phishing (Read 1724 times)

paul910 · « **on:** June 16, 2019, 10:45:01 PM »

I'm having problems with my website, lessons.com. Visitors using Avast are receiving a notice that lessons.com is "infected with URL:Phishing"

We have no idea why this is happening and have no idea what we can do about it.

Any feedback would be extremely appreciated.

paul910 · « **Reply #1 on:** June 16, 2019, 11:21:29 PM »

Just a follow up....I have checked the following tools and Lessons.com is marked safe across the board:

https://www.urlvoid.com
https://www.virustotal.com
https://transparencyreport.google.com/safe-browsing/search

Users are still getting "URL:Phishing" warning. What's am I missing?

Asyn · « **Reply #2 on:** June 17, 2019, 05:58:37 AM »

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

polonus · « **Reply #3 on:** June 17, 2019, 09:07:46 AM »

Hi paul910,

Quote

The scan found some terms that are commonly used in spam hacks.
Suggest you check through the content listed out below for anything suspicious.
(site:lessons.com (adobe|autocad|essay|poker);
Next, this link will do another scan with the User Agent Googlebot to check for inserted spam content.

- Google Chrome returned code 301 to -https://lessons.com/
GoogleBot returned code 301 to -https://lessons.com/ moved -https://cdn.lessons.com/
TLS Recommendations
HTTPS mixed content found. Your HTTPS website is referring to an HTTP resource:
-http://cdn.lessons.com/assets/images/tmp/no_pic.png on -https://lessons.com/pro (not secured).
Flagged probably because of: https://otx.alienvault.com/indicator/ip/94.31.29.248
see detections on related - https://www.virustotal.com/gui/ip-address/94.31.29.248/relations
dom-xss issue: Results from scanning URL: -https://cdn.polyfill.io/v3/js.4869cd5a.js
Number of sources found: 44
Number of sinks found: 8
Re: https://retire.insecurity.today/#!/scan/1625570c081cda051073b3078f5a92391b8a2ac608242ec1b93bfc18bed354ac

see: https://urlquery.net/report/c5c300d3-4018-4f39-a30a-fd96805aafd0

https://webhint.io/scanner/8e77cf8b-4189-4562-bc78-a36614f021e2 improvement & security related recommendations.

Wait for an avast team member to give a final verdict, as they are the only ones to come and un(b)lock,

polonus (volunteer website security analyst & website error-hunter)

jefferson sant · « **Reply #4 on:** June 19, 2019, 02:32:38 AM »

Quote from: paul910 on June 16, 2019, 11:21:29 PM

Just a follow up....I have checked the following tools and Lessons.com is marked safe across the board:

https://www.urlvoid.com
https://www.virustotal.com
https://transparencyreport.google.com/safe-browsing/search

Users are still getting "URL:Phishing" warning. What's am I missing?

I did not see the detection since posted the topic at least link that this user is receiving may not be the home page.Post a screenshot of the alert.

https://support.avast.com/en-us/article/Create-screenshot/

HonzaZ · « **Reply #5 on:** June 19, 2019, 09:54:51 AM »

I can confirm that lessons[.]com was indeed briefly blocked, it was a false positive and I apologize for the inconvenience caused.

Author Topic: Site Blocked - URL:Phishing (Read 1724 times)

paul910

Site Blocked - URL:Phishing

paul910

Re: Site Blocked - URL:Phishing

Asyn

Re: Site Blocked - URL:Phishing

polonus

Re: Site Blocked - URL:Phishing

jefferson sant

Re: Site Blocked - URL:Phishing

HonzaZ

Re: Site Blocked - URL:Phishing