Infection Type: URL.Mal

Hello there!

I have registered a domain “theparty.org.pg” and my avast shield giving the virus message below. This is a new site and my computer has no virus. Please check if this site has been flagged and remove if any restriction has been placed on it. This is a political party website and not some scam site. Your immediate assistance will be much appreciated.

"The requested URL contains malicious code that can damage your computer. If you want to access the URL anyway, turn off the Avast web shield and try it again.

Infection type: URL:Mal"

Michael

https://sitecheck.sucuri.net/results/theparty.org.pg

URL:Mal means blacklisted URL or IP

https://virustotal.com/nb/url/22848d074367055f65ad34603d32499099b3681fb681a10d31979970b5bc0874/analysis/1489560648/

IP history https://virustotal.com/nb/ip-address/202.95.202.9/information/

if you think it is wrong, report it >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

I have reported it to Avast.

How long does it take to remove from blacklist?

its affecting traffic to our site.

Thank you.

Michael

Hi thepartyadmin,

Unblocking can only be done by Avast Team Members. Wait for one to report here.
We are just volunteers with relevant knowledge.
Mind it is not only with Avast your website has a problem because of phishing abuse,
you should also contact Google SafeBrowsing. They alert your site also.

Vulnerable library: -http://theparty.org.pg
Detected libraries:
jquery-migrate - 1.4.1 : -http://www.theparty.org.pg/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
jquery - 1.12.4 : (active1)-http://www.theparty.org.pg/wp-includes/js/jquery/jquery.js?ver=1.12.4
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery.prettyPhoto - 3.1.6 : (active1) -http://www.theparty.org.pg/wp-content/themes/campaign/inc/prettyPhoto/js/jquery.prettyPhoto.js?ver=3.1.5
jquery-mobile - 1.3.2 : -http://www.theparty.org.pg/wp-content/plugins/wd-instagram-feed/js/gallerybox/jquery.mobile.js?ver=1.1.23
(active) - the library was also found to be active by running code

WordPress issues: Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 thepartyadmin thepartyadmin
2 Media Team thepartynews
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Only the first two user ID’s were tested with this scan, use the Nmap NSE enumeration scripts (use your own Nmap installation or try the adanced membership option ) to discover additional user ID’s.

Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Google safe browse check
WARNING
Google finds the site to be potentially dangerous

Excessive server info proliferation: Server: Apache/2.4.25 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
X-Powered-By: PHP/5.4.45
IP Address: 202.95.202.9

polonus (volunteer website security analyst and website error-hunter)

I have unblocked it now ;). It was indeed blocked because chrome/firefox blocks it anyway: https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=theparty.org.pg