Author Topic: BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked  (Read 2275 times)

0 Members and 1 Guest are viewing this topic.

Offline koray77

  • Jr. Member
  • **
  • Posts: 41
BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked
« on: December 09, 2019, 09:34:35 PM »
Good evening all,

BCFT.aero has been marked and blocked by Avast as a potential Phishing URL.

PDF's previously sent to me from the school via email have now also been blocked, flagged as a suspected Trojan.

Please could you take a quick look if possible and advise whether this is a false positive.

Many thanks,
Koray

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32693
  • malware fighter
Re: BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked
« Reply #1 on: December 09, 2019, 10:34:41 PM »
It is a GData detection: https://www.virustotal.com/gui/url/dc6c4c0c90d4b5a681d6387ced5c03d2bd95e9089a9c2f69f114f8b735baf700/detection  (20 days ago).

Recently it gives three engine's detections: https://www.virustotal.com/gui/url/dc6c4c0c90d4b5a681d6387ced5c03d2bd95e9089a9c2f69f114f8b735baf700/detection

IP detections also for website: https://www.virustotal.com/gui/ip-address/89.200.141.228/relations

Site still blacklisted https://sitecheck.sucuri.net/results/https/www.bcft.aero

F-grade scan results: https://observatory.mozilla.org/analyze/www.bcft.aero

3 vulnerable libraries flagged: https://retire.insecurity.today/#!/scan/d5f4401186c35b44e2ceb48c9ee55ca84291daf54d37a7e3d79ca6b36731c04e

Privacy Impact Score B preliminairy score -2: https://webcookies.org/cookies/www.bcft.aero/28736386?735362
The page loads 16 third-party JavaScript files and 24 CSS but does not employ Sub-Resource Integrity to prevent breach if a third-party CDN is compromised  also consider: https://www.shodan.io/host/89.200.141.228

Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Abuse CC: OK
Dshield Blocklist: OK
Cisco Talos Blacklist: O

Wait for an avast team member to either confirm detection or unblock.
We here are just volunteers with relative knowledge in the field of website security analysis.
Avast Team Members are the only ones to come and unblock or remove detection.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2189
Re: BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked
« Reply #2 on: December 10, 2019, 02:34:03 PM »
Hello,
use https://www.avast.com/false-positive-file-form.php for reporting False Positives, please.

Milos

Offline koray77

  • Jr. Member
  • **
  • Posts: 41
Re: BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked
« Reply #3 on: December 10, 2019, 11:29:04 PM »
Thanks for the responses Polonus and Milos.

I have submitted a form on the 'report a false-positive' site linked.

Much appreciated.

Offline koray77

  • Jr. Member
  • **
  • Posts: 41
Re: BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked
« Reply #4 on: December 14, 2019, 04:00:04 PM »
Hi all,

BCFT.aero is still being flagged as a phishing scam.

I have submitted the URL to false-positives as suggested, but no change seems to have taken affect for me as of yet.

Please could you advise!

Thanks!

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2189
Re: BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked
« Reply #5 on: December 16, 2019, 01:30:20 PM »
Hello,
bcft.aero was unblocked o 11.12.2019. Can you send the whole URL which is blocked, please?

Milos

Offline koray77

  • Jr. Member
  • **
  • Posts: 41
Re: BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked
« Reply #6 on: December 30, 2019, 08:47:35 PM »
It seems this could be related to the extension, as BCFT's website is accessible when it is disabled..

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32693
  • malware fighter
Re: BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked
« Reply #7 on: December 30, 2019, 10:59:07 PM »
Hi ko_ray77,

Indeed it is still being blocked as a PHISHING site by Avast browser plug-in.
See the detections from 14-12 last: https://www.virustotal.com/gui/ip-address/89.200.141.228/relations
with 4 engines detecting (Bitdefender's and G-Data a.o.).

Here it was scanned as safe
Quote
Checking: -https://www.bcft.aero/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.0.9
File size: 260.02 KB
File MD5: 11d0906a32177c622b72862340e6eb29

-https://www.bcft.aero/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.0.9 - Ok

Checking: -https://www.bcft.aero/wp-content/plugins/the-grid/frontend/assets/js/the-grid.min.js?ver=2.7.3
File size: 95.11 KB
File MD5: 6f8c4f8b6addd2436b8d27cfa384f202

-https://www.bcft.aero/wp-content/plugins/the-grid/frontend/assets/js/the-grid.min.js?ver=2.7.3 - Ok

Checking: -https://www.bcft.aero/wp-includes/js/jquery/ui/effect.min.js?ver=1.11.4
File size: 13.11 KB
File MD5: 3f7161cf139d5a2c5e6d34e1c0026f9d

-https://www.bcft.aero/wp-includes/js/jquery/ui/effect.min.js?ver=1.11.4 - Ok

Checking: -https://www.bcft.aero/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
File size: 10056 bytes
File MD5: 7121994eec5320fbe6586463bf9651c2

-https://www.bcft.aero/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 - Ok

Checking: -https://www.bcft.aero/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
File size: 94.60 KB
File MD5: 49edccea2e7ba985cadc9ba0531cbed1

-https://www.bcft.aero/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp - archive JS-HTML
>-https://www.bcft.aero/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp/JSTag_1[c844][b225] - Ok
-https://www.bcft.aero/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp - Ok

Checking: -https://www.googletagmanager.com/gtag/js?id=UA-129154433-13
File size: 73.15 KB
File MD5: ef924133388724e7eb20a2f3ff4df74e

-https://www.googletagmanager.com/gtag/js?id=UA-129154433-13 - Ok

Checking: -https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
File size: 84.89 KB
File MD5: a09e13ee94d51c524b7e2a728c7d4039

-https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js - archive JS-HTML
>-https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js/JSTag_1[b3b0][9fdf] - Ok
>-https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js/JSTag_2[bc2a][9765] - Ok
>-https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js/JSTag_3[13c2a][1765] - Ok
-https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js - Ok

Checking: -https://www.bcft.aero/wp-content/plugins/elfsight-instagram-feed-cc/assets/elfsight-instagram-feed.js?ver=3.8.4
File size: 314.38 KB
File MD5: 6db464fded0c668d28fd675d9ceab9ad

-https://www.bcft.aero/wp-content/plugins/elfsight-instagram-feed-cc/assets/elfsight-instagram-feed.js?ver=3.8.4 - archive JS-HTML
>-https://www.bcft.aero/wp-content/plugins/elfsight-instagram-feed-cc/assets/elfsight-instagram-feed.js?ver=3.8.4/JSTAG_1[178af][6c6] - archive BASE64
>>-https://www.bcft.aero/wp-content/plugins/elfsight-instagram-feed-cc/assets/elfsight-instagram-feed.js?ver=3.8.4/JSTAG_1[178af][6c6]/0.part - Ok
>-https://www.bcft.aero/wp-content/plugins/elfsight-instagram-feed-cc/assets/elfsight-instagram-feed.js?ver=3.8.4/JSTAG_1[178af][6c6] - Ok
>-https://www.bcft.aero/wp-content/plugins/elfsight-instagram-feed-cc/assets/elfsight-instagram-feed.js?ver=3.8.4/JSTAG_2[37f2f][2b3] - Ok
>-https://www.bcft.aero/wp-content/plugins/elfsight-instagram-feed-cc/assets/elfsight-instagram-feed.js?ver=3.8.4/JSTAG_3[38289][429] - Ok
>-https://www.bcft.aero/wp-content/plugins/elfsight-instagram-feed-cc/assets/elfsight-instagram-feed.js?ver=3.8.4/JSTAG_4[3e7d5][2b3] - Ok
>-https://www.bcft.aero/wp-content/plugins/elfsight-instagram-feed-cc/assets/elfsight-instagram-feed.js?ver=3.8.4/JSTAG_5[3eb2f][429] - Ok
>-https://www.bcft.aero/wp-content/plugins/elfsight-instagram-feed-cc/assets/elfsight-instagram-feed.js?ver=3.8.4/JSTag_6[7d95][46beb] - Ok
-https://www.bcft.aero/wp-content/plugins/elfsight-instagram-feed-cc/assets/elfsight-instagram-feed.js?ver=3.8.4 - Ok

Checking: -https://www.bcft.aero/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0
File size: 146.91 KB
File MD5: ebd0333ce098728f0fdb1ba98e8ee078

-https://www.bcft.aero/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0 - Ok

Checking: -https://www.bcft.aero/wp-includes/js/wp-embed.min.js?ver=7b32162f44ff9769e178914280941712
File size: 1403 bytes
File MD5: 2dce40d16f9ff6332d3cbb7ae488a2b9

-https://www.bcft.aero/wp-includes/js/wp-embed.min.js?ver=7b32162f44ff9769e178914280941712 - archive JS-HTML
>-https://www.bcft.aero/wp-includes/js/wp-embed.min.js?ver=7b32162f44ff9769e178914280941712/JSFile_1[0][57b] - Ok
-https://www.bcft.aero/wp-includes/js/wp-embed.min.js?ver=7b32162f44ff9769e178914280941712 - Ok

Checking: -https://www.bcft.aero/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9
File size: 17.24 KB
File MD5: 8391e8089560b253140f7ea746be476a

-https://www.bcft.aero/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9 packed by JSPACK
>-https://www.bcft.aero/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9 - archive JS-HTML
>>-https://www.bcft.aero/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9/JSTAG_1[9][5e3d] - Ok
>-https://www.bcft.aero/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9 - Ok

Checking: -https://www.bcft.aero/
Engine version: 7.0.42.9300
Total virus-finding records: 8562217
File size: 91.49 KB
File MD5: 650dd62d98db36b1181ed095c350d15e

-https://www.bcft.aero/ - archive JS-HTML
>-https://www.bcft.aero//JSTAG_1[545][99] - Ok
>-https://www.bcft.aero//JSTAG_2[d9c][40e] - Ok
>-https://www.bcft.aero//JSTAG_3[135c][897] - Ok
>-https://www.bcft.aero//JSTAG_4[2daf][4d] - Ok
>-https://www.bcft.aero//JSTAG_5[2e24][2c] - Ok
>-https://www.bcft.aero//JSTAG_6[30d2][5c0] - Ok
>-https://www.bcft.aero//JSTAG_7[45df][3fe] - Ok
>-https://www.bcft.aero//JSTAG_8[4ab3][bb] - Ok
>-https://www.bcft.aero//JSTAG_9[c732][468] - Ok
>-https://www.bcft.aero//JSTAG_10[cbb6][1df] - Ok
>-https://www.bcft.aero//JSTAG_11[cdb1][4a3] - Ok
>-https://www.bcft.aero//JSTAG_12[147af][3a2] - Ok
>-https://www.bcft.aero//JSTAG_13[14b68][3bf] - Ok
>-https://www.bcft.aero//JSTAG_14[14f58][36c] - Ok
>-https://www.bcft.aero//JSTAG_15[152f0][3d3] - Ok
>-https://www.bcft.aero//JSTAG_16[1571d][8a9] - Ok
>-https://www.bcft.aero//JSTAG_17[1607a][2d8] - Ok
>-https://www.bcft.aero//JSTAG_18[163f3][4d5] - Ok
>-https://www.bcft.aero//JSTAG_19[16b3b][29f] - Ok
-https://www.bcft.aero/ - Ok

Wait for an avast team member to make the right adjustments.

polonus

« Last Edit: December 30, 2019, 11:04:14 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked
« Reply #8 on: January 13, 2020, 11:18:41 PM »
It seems this could be related to the extension, as BCFT's website is accessible when it is disabled..

Detection was removed in 13.01.2020 at 10:02 AM from Anti-phishing on Avast Secure Browser and Avast Online Security is no longer flagged.

Quote from: Avast
Our virus specialists are working on this issue and it will be resolved in the next update.The submitted site will no longer be detected by Avast.We are sorry for the inconvenience.
« Last Edit: January 14, 2020, 03:40:51 AM by jefferson sant »

Offline koray77

  • Jr. Member
  • **
  • Posts: 41
Re: BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked
« Reply #9 on: January 18, 2020, 10:29:21 PM »
Great, thanks for your help!  :D

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: BCFT Website Marked Unsafe - URL Phishing // PDF's Blocked
« Reply #10 on: January 20, 2020, 10:33:15 PM »
Great, thanks for your help!  :D

You're welcome  : )