Author Topic: The site was falsely reported as a phishing site  (Read 1317 times)

0 Members and 1 Guest are viewing this topic.

Offline Karen

  • Newbie
  • *
  • Posts: 1
The site was falsely reported as a phishing site
« on: February 01, 2023, 06:48:55 AM »
Avast misreported my website, I contacted the security team and scanned the entire site, and found no dangerous behavior on the website

*.vtmarkets.com please remove the blacklist
Block example: www.vtmarkets.com

About Security Vendor's Mark https://www.virustotal.com/gui/url/9019ac02862484aee35c0558bcdd72872ba726e3bbda2fc25b01bdbc1f220f74

I did not find my website in the blacklist query provided by Chong Lua Dao official website

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33579
  • malware fighter
Re: The site was falsely reported as a phishing site
« Reply #1 on: February 10, 2023, 02:26:06 PM »
Scan results
Quote
-http://www.vtmarkets.com/ redirects to https://www.vtmarkets.com/

Checking: -https://www.vtmarkets.com/vttemplates/vt/js/myscript.js?v=1676034120
File size: 16.39 KB
File MD5: 9421f73ab2e9b53e4cb7e7ed29de09b7

-https://www.vtmarkets.com/vttemplates/vt/js/myscript.js?v=1676034120 - Ok

Checking: -https://www.vtmarkets.com/vtplugins/add-to-any/addtoany.min.js
File size: 129 bytes
File MD5: 5ef26b5e47e6951f43ecf2b1fc645222

-https://www.vtmarkets.com/vtplugins/add-to-any/addtoany.min.js - archive JS-HTML
>-https://www.vtmarkets.com/vtplugins/add-to-any/addtoany.min.js/JSFile_1[0][81] - Ok
-https://www.vtmarkets.com/vtplugins/add-to-any/addtoany.min.js - Ok

Checking: -https://www.googletagmanager.com/ns.html?id=GTM-TSVHKFH
File size: 266 bytes
File MD5: 503957084b1a48219ecf52a5b81ca4cd

-https://www.googletagmanager.com/ns.html?id=GTM-TSVHKFH - Ok

Checking: -https://www.vtmarkets.com/wp-content/themes/vt/js/count.js%3Fv=1676034120
File size: 3794 bytes
File MD5: 4eab5909f9376e55048a29e48d71d9b1

-https://www.vtmarkets.com/wp-content/themes/vt/js/count.js%3Fv=1676034120 - Ok

Checking: -https://www.googletagmanager.com/gtag/js?id=UA-165046318-1
File size: 110.27 KB
File MD5: bf859ae4ff09f0fbfdf20ff82621149e

-https://www.googletagmanager.com/gtag/js?id=UA-165046318-1 - Ok

Checking: -https://www.googletagmanager.com/ns.html?id=GTM-WS6M278
File size: 592 bytes
File MD5: 401248661a5bba41e1268e2afd9634e3

-https://www.googletagmanager.com/ns.html?id=GTM-WS6M278 - Ok

Checking: -https://www.vtmarkets.com/wp-content/themes/vt/js/form_public.js%3Fv=1676034120
File size: 14.36 KB
File MD5: f5f817b8a88d0fded52d04259641008b

-https://www.vtmarkets.com/wp-content/themes/vt/js/form_public.js%3Fv=1676034120 - archive JS-HTML
>-https://www.vtmarkets.com/wp-content/themes/vt/js/form_public.js%3Fv=1676034120/JSFile_1[0][396c] - Ok
-https://www.vtmarkets.com/wp-content/themes/vt/js/form_public.js%3Fv=1676034120 - Ok



Checking: -https://www.vtmarkets.com/wp-content/themes/vt/js/superfish.js%3Fv=1676034120
File size: 6985 bytes
File MD5: f2d8d0aeb67bf6d5258efd5d6018c9fe

-https://www.vtmarkets.com/wp-content/themes/vt/js/superfish.js%3Fv=1676034120 - Ok

Checking: -https://www.vtmarkets.com/wp-content/themes/vt/js/hoverIntent.js
File size: 4938 bytes
File MD5: afd5cfd89a0d06a3a3483886f073069a

-https://www.vtmarkets.com/wp-content/themes/vt/js/hoverIntent.js - Ok



Checking: -https://www.vtmarkets.com/vtincludes/js/jquery/jquery-migrate.min.js
File size: 10.96 KB
File MD5: 79b4956b7ec478ec10244b5e2d33ac7d

-https://www.vtmarkets.com/vtincludes/js/jquery/jquery-migrate.min.js - OK

Checking: -https://www.vtmarkets.com/vtincludes/js/jquery/jquery.min.js
File size: 87.42 KB
File MD5: 02dd5d04add4759122013c5ab4dc5cc2

-https://www.vtmarkets.com/vtincludes/js/jquery/jquery.min.js - archive JS-HTML
>-https://www.vtmarkets.com/vtincludes/js/jquery/jquery.min.js/JSTag_1[b86c][a545] - Ok
-https://www.vtmarkets.com/vtincludes/js/jquery/jquery.min.js - Ok



Checking: -https://www.vtmarkets.com/wp-content/themes/vt/js/home.js%3Fv=1676034120
File size: 4469 bytes
File MD5: ce675b2ac3b1a2bca431930782b10c3d

-https://www.vtmarkets.com/wp-content/themes/vt/js/home.js%3Fv=1676034120 - archive JS-HTML
>-https://www.vtmarkets.com/wp-content/themes/vt/js/home.js%3Fv=1676034120/JSFile_1[0][1175] - Ok
-https://www.vtmarkets.com/wp-content/themes/vt/js/home.js%3Fv=1676034120 - Ok



Checking: -https://www.vtmarkets.com/wp-content/themes/vt/js/cookies.js%3Fv=1676034120
File size: 6403 bytes
File MD5: da96efc6a626f0b764285db510e7600a

-https://www.vtmarkets.com/wp-content/themes/vt/js/cookies.js%3Fv=1676034120 - archive JS-HTML
>-https://www.vtmarkets.com/wp-content/themes/vt/js/cookies.js%3Fv=1676034120/JSFile_1[0][1903] - Ok
-https://www.vtmarkets.com/wp-content/themes/vt/js/cookies.js%3Fv=1676034120 - Ok



Checking: -https://www.vtmarkets.com/wp-content/themes/vt/js/swiper.min.js
File size: 137.63 KB
File MD5: 10ad6473484630a85272174de546fa21

-https://www.vtmarkets.com/wp-content/themes/vt/js/swiper.min.js - Ok



Checking: -https://www.vtmarkets.com/vtplugins/seraphinite-post-docx-source/View.js?pk=Ext
File size: 18.04 KB
File MD5: c24ad7bab668c832bb82a8205b9c7bf1

-https://www.vtmarkets.com/vtplugins/seraphinite-post-docx-source/View.js?pk=Ext - archive JS-HTML
>-https://www.vtmarkets.com/vtplugins/seraphinite-post-docx-source/View.js?pk=Ext/JSFile_1[0][4827] - Ok
-https://www.vtmarkets.com/vtplugins/seraphinite-post-docx-source/View.js?pk=Ext - Ok

Checking: -https://www.vtmarkets.com/wp-content/themes/vt/js/math.min.js
File size: 552.28 KB
File MD5: e0cd2e3e103df3693a9e67ab5055e4b2

-https://www.vtmarkets.com/wp-content/themes/vt/js/math.min.js - Ok

Checking: -https://static.zdassets.com/ekr/snippet.js?key=cc87f973-cf2c-4796-9682-21ec29cee2d4
File size: 22.87 KB
File MD5: 5cae6ce528dce0c327b2bcbaad459fdb

-https://static.zdassets.com/ekr/snippet.js?key=cc87f973-cf2c-4796-9682-21ec29cee2d4 - Ok

Checking: -https://www.vtmarkets.com/vtincludes/js/wp-embed.min.js
File size: 1426 bytes
File MD5: 905225d5711b559d3092387d5ffbedbd

-https://www.vtmarkets.com/vtincludes/js/wp-embed.min.js - archive JS-HTML
>-https://www.vtmarkets.com/vtincludes/js/wp-embed.min.js/JSFile_1[0][592] - Ok
-https://www.vtmarkets.com/vtincludes/js/wp-embed.min.js - Ok

Checking: -https://www.vtmarkets.com/
Engine version: 7.0.59.12300
Total virus-finding records: 11416931
File size: 131.68 KB
File MD5: 4a6094b587daf3d620d6cbef179a4f01

-https://www.vtmarkets.com/ - archive JS-HTML
>-https://www.vtmarkets.com//JSTAG_1[95e][5fd] - Ok
>-https://www.vtmarkets.com//JSTAG_2[f8f][83e] - Ok
>-https://www.vtmarkets.com//JSTAG_3[2719][128] - Ok
>-https://www.vtmarkets.com//JSTAG_4[2859][15d] - Ok
>-https://www.vtmarkets.com//JSTAG_5[29cc][3c] - Ok
>-https://www.vtmarkets.com//JSTAG_6[36bb][148d] - Ok
>-https://www.vtmarkets.com//JSTAG_7[4b6a][10c] - Ok
>-https://www.vtmarkets.com//JSTAG_8[4ca1][179] - Ok
>-https://www.vtmarkets.com//JSTAG_9[4f6b][aa] - Ok
>-https://www.vtmarkets.com//JSTAG_10[504f][1c2] - Ok
>-https://www.vtmarkets.com//JSTAG_11[52e5][2b7] - Ok
>-https://www.vtmarkets.com//JSTAG_12[55c3][21c] - Ok
>-https://www.vtmarkets.com//JSTAG_13[5898][318] - Ok
>-https://www.vtmarkets.com//JSTAG_14[5bce][264] - Ok
>-https://www.vtmarkets.com//JSTAG_15[10945][324] - Ok
>-https://www.vtmarkets.com//JSTAG_16[11409][d0c] - Ok
>-https://www.vtmarkets.com//JSTAG_17[145a5][2ab] - Ok
>-https://www.vtmarkets.com//JSTAG_18[1c32a][1f2] - Ok
>-https://www.vtmarkets.com//JSTAG_19[1dff5][241] - Ok
>-https://www.vtmarkets.com//JSTAG_20[209f0][27] - Ok
>-https://www.vtmarkets.com//JSTAG_21[20a34][2c4] - Ok
>-https://www.vtmarkets.com//JSTAG_22[20d15][10f] - Ok
>-https://www.vtmarkets.com//IFrame_23[4a] - Ok
>-https://www.vtmarkets.com//IFrame_24[4a] - Ok
-https://www.vtmarkets.com/ - Ok

Issue should be taken up with Cloudflare also, WP engine seems to be OK.
IP is also used by
-asia.vtmarkets.com
-eu.vtmarkets.com
-myaccount.vtmarkets.com
-pamm7.vtmarkets.com
-vtmarkets.com
-webtrader.vtmarkets.com
-zh.vtmarkets.com

Vulnerable in server of moment,js:
Quote
moment.js   2.25.3   Found in -https://pamm7.vtmarkets.com/app/main-es2015.8a66bda9ea5a2e19ed64.js _____Vulnerability info:
High   This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale. CVE-2022-24785   1
High   Regular Expression Denial of Service (ReDoS),
Affecting moment package, versions >=2.18.0 <2.29.4 CVE-2022-31129

Also  moderate vuln. found in jquery at  hxtps://www.vtmarkets.com/my-bm/%E6%B2%99%E6%BC%8F/

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: February 10, 2023, 02:40:44 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33579
  • malware fighter
Re: The site was falsely reported as a phishing site
« Reply #2 on: February 10, 2023, 03:03:47 PM »
Also consider: https://urlscan.io/result/bab74d98-9a0a-4d27-806d-af49cbe884fb/#indicators

7 red out of 10 Netcraft risk rating for -tinypic.com, -server-99-84-160-58.ord52.r.cloudfront.net, see: https://sitereport.netcraft.com/?url=http://server-99-84-160-58.ord52.r.cloudfront.net

Additional info:

Found the site to have cloaking -> https://isithacked.com/check/www.vtmarkets.com

Blocked for security reasons? Avast Web Security blocks AdRoll at website.
Adara etc. and offers opt-outs.

DNS query produces error 1905 on any other than A records.

Wait for a final verdict from avast. We here are just volunteers knowledgable in the field of website security and website error-hunting.

polonus
« Last Edit: February 10, 2023, 05:41:47 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33579
  • malware fighter
Re: The site was falsely reported as a phishing site
« Reply #3 on: February 16, 2023, 12:00:06 PM »
Hi Karen,

Solved:
Website is no longer flagged and Avast Online Security & Privacy after reloading says, that everything now is OK.

Look at your Privacy advice there (7 issues mentioned)

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)



Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33579
  • malware fighter
Re: The site was falsely reported as a phishing site
« Reply #4 on: February 24, 2023, 02:12:20 PM »
But here we see PHISHING alerts:
https://www.virustotal.com/gui/domain/operations.vtmarkets.com
and avast flags it.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!