Author Topic: Site Blocked - URL:Phishing (False message)  (Read 2664 times)

0 Members and 1 Guest are viewing this topic.

Offline mrmoeed

  • Newbie
  • *
  • Posts: 3
Site Blocked - URL:Phishing (False message)
« on: January 29, 2022, 05:09:32 AM »
Hi,

I am using Avastfreeantivirus, it is giving URL: Phishing message for my website. Which I believe is not correct as all scans to my website are correct. URL to my site is: shorturl.at/otBT6.

Can you please check it with threalab and let us know what causing this message.

Thanks,

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Site Blocked - URL:Phishing (False message)
« Reply #2 on: January 29, 2022, 12:05:21 PM »
Malware detected: https://quttera.com/detailed_report/shorturl.at
Threat:   M.BL.Domain.gen  (redirected to blacklisted malicious domain -httpslink.com

Wait for a final verdict from avast team, as they are the only ones to come and de-list.
Consider: https://premiumproxy.net/check-my-host-ip-information
and https://urlscan.io/result/149f914e-6484-45ea-a49f-909b949cf5e3/#indicators
2 to flag here:  https://www.virustotal.com/gui/url/765a34b782e70fb449229907600590c65e2e59532e927d57e25497f0bfe0b272
see various outgoing links...also parked links -> -https://httpslink.com/q6ps (blacklisted/malicious)
or like this one:
Quote
Host or IP Checked:    -tellihandle.com
 Hostname:    -server-13-35-101-84.lax3.r.cloudfront.net
 IPv4 Address:    -13.35.101.84
 IPv6 Address:   
 IP Type:    IPv4
 Connection Type:    Corporate
 City:    Norwalk
 State/Region:    Connecticut
 Country:    United States
 Zip Code:   
 Time Zone:    America/New_York (UTC-5)
 Geolocation Map Coordinates:    41.127101898193, -73.441596984863
 ISP/ORG:    Xerox Corporation
 (scan by me (pol) - epic browser details removed.

polonus (3rd party cold recon website security analyst and website error-hunter)
« Last Edit: January 29, 2022, 12:46:24 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 324
Re: Site Blocked - URL:Phishing (False message)
« Reply #3 on: January 29, 2022, 11:51:04 PM »
This domain is not in our blacklist, can you provide us more details such as detection dialogue or ideally detectionID from the dialogue?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Site Blocked - URL:Phishing (False message)
« Reply #4 on: January 30, 2022, 12:09:02 PM »
Interesting link to read more about M.BL. domain gen malware etc.:
https://security-soup.net/good-domains-for-bad-guys-the-riskiest-tlds-for-malware-and-phishing/

Url-shorteners in combination with parked domains can be often become abused.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mrmoeed

  • Newbie
  • *
  • Posts: 3
Re: Site Blocked - URL:Phishing (False message)
« Reply #5 on: January 31, 2022, 05:32:34 PM »
This domain is not in our blacklist, can you provide us more details such as detection dialogue or ideally detectionID from the dialogue?

Thanks for the reply. kindly check the attached screen I don't know how to get detectionID. but detection details are in the attached SS.

Image URL: https://ibb.co/ygXMfCP

« Last Edit: January 31, 2022, 05:34:38 PM by mrmoeed »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Site Blocked - URL:Phishing (False message)
« Reply #6 on: January 31, 2022, 05:42:12 PM »
This domain is not in our blacklist, can you provide us more details such as detection dialogue or ideally detectionID from the dialogue?

Thanks for the reply. kindly check the attached screen I don't know how to get detectionID. but detection details are in the attached SS.
<snip>

1.  There is no 'attached' image
As it doesn't attach in the context used, e.g. it doesn't display.

2.  Many won't visit unknown 3rd party links for obvious reasons.
Use the Attachments and other options 'text link' below the reply window.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security


Offline mrmoeed

  • Newbie
  • *
  • Posts: 3
Re: Site Blocked - URL:Phishing (False message)
« Reply #8 on: February 01, 2022, 12:41:59 PM »
This domain is not in our blacklist, can you provide us more details such as detection dialogue or ideally detectionID from the dialogue?

Thanks for the reply. kindly check the attached screen I don't know how to get detectionID. but detection details are in the attached SS.
<snip>

1.  There is no 'attached' image
As it doesn't attach in the context used, e.g. it doesn't display.

2.  Many won't visit unknown 3rd party links for obvious reasons.
Use the Attachments and other options 'text link' below the reply window.


Please check if you can view image now.


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Site Blocked - URL:Phishing (False message)
« Reply #9 on: February 01, 2022, 01:43:02 PM »
-> https://sitecheck.sucuri.net/results/ubldigital.com

503 Service Unavailable
Your web server is overloaded, down for maintenance, or down because of malware. Please check that you can access your web server in a web browser. Try to scan the website again by clicking Force a Re-scan link at the bottom of the SiteCheck results page.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Site Blocked - URL:Phishing (False message)
« Reply #10 on: February 01, 2022, 02:55:01 PM »
Here it was found to be clean: https://quttera.com/detailed_report/ubldigital.com

Retire.js issues found:
Quote
jquery-ui-dialog   1.10.4   Found in -https://ubldigital.com/Portals/_default/skins/ubldigital/NewHome/js/jquery-ui-v4.js _____Vulnerability info:
Medium   CVE-2016-7103 281 XSS Vulnerability on closeText option   
jquery   03_02_01   Found in
-https://ubldigital.com/Resources/libraries/jQuery/03_02_01/jquery.js?cdv=21 _____Vulnerability info:
Medium   CVE-2011-4969 XSS with location.hash   
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   1
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   1
jquery   1.9.1   Found in -https://ubldigital.com/ScriptResource.axd?d=mbGZm65DzNBNaMI79R6DOtZs2-WF0s1ZTaPhd1XxlGeKoXX13DXNo95DScDOIAOfRwLz9mH52Da7BriM_Y6K1w-LHgoosGmZqoL7eQvS5Csspgya0&t=ffffffff9e0cf75b _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   1234
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   123
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   1
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
External domain request: -https://ubldigital.com links to the following External Domains: ==>googletagmanager.com Tracker found: google.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!