ilgonwallet.com blocked for pishing

Hello
ilgonwallet.com is blocked for pishing, it is an open-source fork of MyEtherWallet, you can check the source code here:
https://github.com/ilgon-technologies/ilgon-wallet

Re: https://awesometechstack.com/analysis/website/ilgonwallet.com/
and https://urlscan.io/result/91bf9b62-7d2b-4630-a9db-64562fa502b4/
Could be the outgoing link:
1 Outgoing link
These are links going to different origins than the main page.

URL: -https://kb.myetherwallet.com/
Title: Help Center

Wait for a final verdict of avast team, they are the only ones to come and unblock.

polonus

https://sitecheck.sucuri.net/results/ilgonwallet.com

So Avast thinks PUP is the same as pishing?

It’s been more than a month, when will the avast team respond?

Did you report it - Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.

I have just visited it and it is still blocked ‘Malware’ not Phishing.

Thanks a lot, I just reported it now.
It says “URL:pishing” at “Threat name”.

You’re welcome.

Hi hhpkoop & DavidR,

Do not see the site blocked now, but it is kicking up an error, like given here as a quote:

{ "exception": { "values": [ { "type": "SyntaxError", "value": "Invalid regular expression flags", "stacktrace": { "frames": [ { "colno": 118, "filename": "", "function": "HTMLDocument.v", "in_app": true, "lineno": 13 }, { "colno": 99, "filename": "", "function": "?", "in_app": true, "lineno": 13 }, { "colno": 115, "filename": "", "function": "eval", "in_app": true, "lineno": 2 }, { "colno": 115, "filename": "", "function": "i", "in_app": true, "lineno": 2 }, { "colno": 80, "filename": "", "function": "?", "in_app": true, "lineno": 4 }, { "colno": 115, "filename": "", "function": "c", "in_app": true, "lineno": 2 }, { "colno": 115, "filename": "", "function": "Object.create", "in_app": true, "lineno": 2 }, { "colno": 115, "filename": "", "function": "eval", "in_app": true, "lineno": 2 }, { "colno": 244, "filename": "", "function": "Object.E_u", "in_app": true, "lineno": 4 }, { "colno": 191, "filename": "", "function": "Object.t [as F_c]", "in_app": true, "lineno": 3 }, { "colno": 80, "filename": "", "function": "?", "in_app": true, "lineno": 4 }, { "filename": "", "function": "eval", "in_app": true } ] }, "mechanism": { "handled": false, "type": "onerror" } } ] }, "platform": "javascript", "event_id": "b545d375db4e4ad3a000f9d2e1e8dbd2", "timestamp": 1623358973.605, "environment": "web", "release": "5.8.0", "sdk": { "integrations": [ "InboundFilters", "FunctionToString", "TryCatch", "Breadcrumbs", "GlobalHandlers", "LinkedErrors", "UserAgent", "Vue" ] }, "request": { "url": "htxps://ilgonwallet.com/#/", "headers": { "User-Agent": "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36" } }, "tags": { "network": "ILG", "service": "ilgonexplorer dot com", "walletType": "" } }
hxttps and ilgonexplorer dot com inserted by me, pol, for obvious reasons to represent it here non-cklickable...

The server has previously indicated this domain should always be accessed via HTTPS (HSTS Policy per https://tools.ietf.org/html/rfc6797). Chrome has cached this internally, and did not connect to any server for this redirect. Chrome reports this redirect as a “307 Internal Redirect” which simply does not exist per https://tools.ietf.org/html/rfc7231#section-6.4.7 - however this probably would have been a “301 Permanent redirect” originally and the Google guys made fun of the webmaster community maybe. You can verify this by clearing your browser cache and visiting the original URL again. Please note that this is kind of a weird behavior and that Google even calls 307 redirects “a lie” in a post by John Muller titled “A search-engine guide to 301, 302, 307, & other redirects” at https://plus.google.com/+JohnMueller/posts/E4PqAhRJB2V - However server side 307 redirects do exist and we will show them. :wink:

25% of tracking was blocked for me using Zen Mate Web Firewall.

Quick source review

-ilgonwallet.com/#/
48,292 bytes, 625 nodes

Javascript 6 (external 5, inline 1)
INLINE: /* * This entire block is wrapped in an IIFE to prevent polluting the scope of
477,179 bytes

-ilgonwallet.com/js/​chunk-773d91af.3725e6c9.js
-ilgonwallet.com/js/​chunk-743f6643.3be9e4fd.js
-ilgonwallet.com/js/​chunk-ab9cb4da.4a9cfb5c.js
-ilgonwallet.com/js/​vendors.19fcadf5.js
-ilgonwallet.com/js/​app.7a3b22fe.js
CSS 11 (external 7, inline 4)
-ilgonwallet.com/​index.css
INJECTED

-ilgonwallet.com/css/​vendors.1c6a7245.css
INJECTED

-ilgonwallet.com/css/​app.41445379.css
INJECTED

INLINE: .toasted{padding:0 20px}.toasted.rounded{border-radius:24px}.toasted .primary,.t
5,276 bytes INJECTED

-ilgonwallet.com/css/​chunk-773d91af.a9ece34f.css
INJECTED

-ilgonwallet.com/css/​chunk-743f6643.fff3d513.css
INJECTED

-ilgonwallet.com/css/​chunk-ab9cb4da.b51a2e65.css
INJECTED

INLINE: -a.gootranslink:link {color: #0000FF !important; text-decoration: underline !impo
2,944 bytes INJECTED

INLINE: .BDTLL_icon_ok { background-image: url(data:image/png;base64,iVBORw0KGgoAAAA
31,825 bytes INJECTED

INLINE: .BDTLL_status { cursor: pointer; display: inline; margin-right: 3px;
595 bytes INJECTED

-fonts.googleapis.com/​css?family=Roboto:400,700&subset=cyrillic,greek,latin-ext
INJECTED

JSON 0 (external 0, inline 0)
Others 0 (external 0, inline 0)

Have a nice day ye all,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)