Hello, I’m having problems with my website - wxw.forward-web.com whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears which states that the website is infected with URL:Phishing.
Please unblock this Url, thank you
DavidR
April 9, 2021, 8:36pm
2
Hello, I’m having problems with my website - wXw.forward-web.com whenever I try to access it from any computer that has Avast installed it does not allow access and the attachment popup appears which states that the website is infected with URL:Phishing.
Please unblock this Url, thank you
Please ‘modify’ your post change the URL from www to wXw (or just post the domain name), to break the link and avoid accidental exposure to suspect sites, thanks.
Considered a low security risk in this check https://sitecheck.sucuri.net/results/forward-web.com - but advices not to reveal the PHP version being used.
JQuery needs to be updated according to this check https://awesometechstack.com/analysis/website/forward-web.com/
There is a possibility that your domain is on an IP address that is used by many different domains (or has 3rd party links to other sites), if one of those is malicious you could be suffering.
See https://www.virustotal.com/gui/url/e05ecaba5f18bacc202fe8355a053f2b8e65599727c4344d6105365139878a7c/links
Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php .
Confirming what DavidR states here:
1 missing-content-security-policy
No Content Security Policy configured for this site.
1 Outdated JavaScript Library
jquery 3.5.1 Found in -https://www.forward-web.com/assets/js/bundled-script-v1.0.1.js
Outdated JavaScript libraries detected. jquery 3.5.1
No vulnerabilities detected in this version
reported by retire.js
Additionally I report:
See: https://urlscan.io/result/9eae6679-3a08-43bb-b353-58b5215fe746/
What an avast alert could be based upon: https://urlscan.io/result/9eae6679-3a08-43bb-b353-58b5215fe746/#indicators
Also Location: hxtps://www.forward-web.com/
cf-request-id: 095a3a25ac0000c775d918c000000001
Report-To: {“max_age”:604800,“group”:“cf-nel”,“endpoints”:[{“url”:“hxtps://a.nel.cloudflare.com/report?s=blSw4avP9LvZrX%2FdFW8UMu4rjyDIb5Do4jww2CA383ntDoiFx6nAho09k%2FeT0F%2FLpnB0XHUyqem%2F5eEaJZs%2FBZVvENYWzf3MoBkXsymyuLRCxbq4”}]}
NEL: {“max_age”:604800,“report_to”:“cf-nel”}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 63d6f94f7ed9c775-AMS
alt-svc: h3-27=“:443”; ma=86400, h3-28=“:443”; ma=86400, h3-29=“:443”; ma=86400
=========================
Server IP(s):
0.0.0.0
Where we will find DATA REDACTED…with bot client set-ups → https://www.virustotal.com/gui/domain/a.nel.cloudflare.com/relations
Wait for a final verdict from avast team, as they are the only ones to come and unblock.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Somehow so-called Callback Recorddata through Amazon -https://d3uvwl4wtkgzo1.cloudfront.net/e8af8301-45e2-41c6-9212-9421ce1b1dc7.js
seems being involved.
Example
/**/ console &&console.log &&console.log({"ip": [i]this part blurred for obvious reasons[/i] by me, pol. etc. etc.
});
Re: https://beta.shodan.io/search?query=https%3A%2F%2Fipinfo.io%2F
Stumbled unto this at various recent avast PHISHing detections, where this link shows up:
-https://d3uvwl4wtkgzo1.cloudfront.net/e8af8301-45e2-41c6-9212-9421ce1b1dc7.js
Let us wait for a reaction from avast team,
polonus
Site is still under downgrade attacks, as HTTPS Everywhere warns.
Avast still warns against this.
polonus