Author Topic: Please release my company website. (Phishing site)  (Read 522 times)

0 Members and 1 Guest are viewing this topic.

Offline Cheuk Pong

  • Newbie
  • *
  • Posts: 3
Please release my company website. (Phishing site)
« on: October 18, 2019, 09:10:33 AM »
My company website is: hxtps://milton-exhibits.com
I am been blocked the infected url at htaccess which are found in virustotal on https://www.virustotal.com/gui/domain/milton-exhibits.com/relations.
01
hxtps://milton-exhibits.com/website/earthllnk/69a373fed4973cb3a3e7a510728e4899
02
hxtp://milton-exhibits.com/website/earthllnk/75c5c586fb642a959f79e4ae29e67572
03
hxtps://milton-exhibits.com/website/earthllnk/75c5c586fb642a959f79e4ae29e67572/CustomerBillingUpdate.htm
04
hxtp://milton-exhibits.com/website/earthllnk/69a373fed4973cb3a3e7a510728e4899
05
hxtps://milton-exhibits.com/website/earthllnk/69a373fed4973cb3a3e7a510728e4899/CustomerBillingUpdate.htm
06
hxtps://www.milton-exhibits.com/website/earthllnk/
07
hxtp://milton-exhibits.com/website/earthllnk/025cdcd368fba4d7f15ae831284c22e7/CustomerBillingUpdate.htm
08
hxtp://milton-exhibits.com/website/app_rackspace
09
hxtps://milton-exhibits.com/assets/images/home/j/nomade
10
hxtps://milton-exhibits.com/assets/images/home/h

Would you please release my company website? Thanks.
« Last Edit: October 18, 2019, 11:25:18 AM by Milos »

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36301
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31948
  • malware fighter
Re: Please release my company website. (Phishing site)
« Reply #2 on: October 18, 2019, 01:58:46 PM »
Do not see the site being blocked. Has sacn problems - https://sitecheck.sucuri.net/results/milton-exhibits.com/website/earthllnk

Retirable jQuery libfraries: Retire.js
angularjs   1.3.11   Found in -https://milton-exhibits.com/themes/milton_exhibits/js/cdn/angular.min.js
Vulnerability info:
Medium   The attribute usemap can be used as a security exploit   
Medium   Universal CSP bypass via add-on in Firefox   
Medium   DOS in $sanitize
Low   XSS in $sanitize in Safari/Firefox   
jquery   2.1.3   Found in -https://milton-exhibits.com/themes/milton_exhibits/js/cdn/jquery.min.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

10 immediate threats threatening your website: https://webscan.upguard.com/#/https://milton-exhibits.com/en/index.html

Found through linting 314 recommendations for improvement:
https://webhint.io/scanner/7924919b-d0b9-4c3b-a882-d943940d847e

polonus (3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31948
  • malware fighter
Re: Please release my company website. (Phishing site)
« Reply #3 on: October 18, 2019, 07:42:04 PM »
Error report
Quote
FATAL:  terminating connection due to conflict with recovery
DETAIL:  User query might have needed to see row versions that must be removed.
CONTEXT:  PL/pgSQL function web_apis(text,text[],text[]) line 3603 at FOR over EXECUTE statement
ERROR:  server conn crashed?
server closed the connection unexpectedly
   This probably means the server terminated abnormally
   before or while processing the request.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2704
  • Volunteer
Re: Please release my company website. (Phishing site)
« Reply #4 on: October 18, 2019, 09:20:21 PM »
Also blacklisted by Fortinet.
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.