Site Blocked - URL:Phishing (False message)

Hi,

I am using Avastfreeantivirus, it is giving URL: Phishing message for my website. Which I believe is not correct as all scans to my website are correct. URL to my site is: shorturl.at/otBT6.

Can you please check it with threalab and let us know what causing this message.

Thanks,

https://sitecheck.sucuri.net/results/shorturl.at/otBT6

Malware detected: https://quttera.com/detailed_report/shorturl.at
Threat: M.BL.Domain.gen (redirected to blacklisted malicious domain -httpslink.com

Wait for a final verdict from avast team, as they are the only ones to come and de-list.
Consider: https://premiumproxy.net/check-my-host-ip-information
and https://urlscan.io/result/149f914e-6484-45ea-a49f-909b949cf5e3/#indicators
2 to flag here: https://www.virustotal.com/gui/url/765a34b782e70fb449229907600590c65e2e59532e927d57e25497f0bfe0b272
see various outgoing links…also parked links → -https://httpslink.com/q6ps (blacklisted/malicious)
or like this one:

Host or IP Checked: -tellihandle.com
Hostname: -server-13-35-101-84.lax3.r.cloudfront.net
IPv4 Address: -13.35.101.84
IPv6 Address:
IP Type: IPv4
Connection Type: Corporate
City: Norwalk
State/Region: Connecticut
Country: United States
Zip Code:
Time Zone: America/New_York (UTC-5)
Geolocation Map Coordinates: 41.127101898193, -73.441596984863
ISP/ORG: Xerox Corporation
(scan by me (pol) - epic browser details removed.

polonus (3rd party cold recon website security analyst and website error-hunter)

This domain is not in our blacklist, can you provide us more details such as detection dialogue or ideally detectionID from the dialogue?

Interesting link to read more about M.BL. domain gen malware etc.:
https://security-soup.net/good-domains-for-bad-guys-the-riskiest-tlds-for-malware-and-phishing/

Url-shorteners in combination with parked domains can be often become abused.

polonus

Thanks for the reply. kindly check the attached screen I don’t know how to get detectionID. but detection details are in the attached SS.

Image URL: https://ibb.co/ygXMfCP

https://ibb.co/ygXMfCP

  1. There is no ‘attached’ image
    As it doesn’t attach in the context used, e.g. it doesn’t display.

  2. Many won’t visit unknown 3rd party links for obvious reasons.
    Use the Attachments and other options ‘text link’ below the reply window.

https://www.virustotal.com/gui/url/c255ca986a57a554eeb5a5b01d11173238f838d8d4c40d0e6ba626ae212c325b/detection

Please check if you can view image now.

https://sitecheck.sucuri.net/results/ubldigital.com

503 Service Unavailable
Your web server is overloaded, down for maintenance, or down because of malware. Please check that you can access your web server in a web browser. Try to scan the website again by clicking Force a Re-scan link at the bottom of the SiteCheck results page.

Here it was found to be clean: https://quttera.com/detailed_report/ubldigital.com

Retire.js issues found:

jquery-ui-dialog 1.10.4 Found in -https://ubldigital.com/Portals/_default/skins/ubldigital/NewHome/js/jquery-ui-v4.js _____Vulnerability info:
Medium CVE-2016-7103 281 XSS Vulnerability on closeText option
jquery 03_02_01 Found in
-https://ubldigital.com/Resources/libraries/jQuery/03_02_01/jquery.js?cdv=21 _____Vulnerability info:
Medium CVE-2011-4969 XSS with location.hash
Medium CVE-2012-6708 11290 Selector interpreted as HTML
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS 1
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS 1
jquery 1.9.1 Found in -https://ubldigital.com/ScriptResource.axd?d=mbGZm65DzNBNaMI79R6DOtZs2-WF0s1ZTaPhd1XxlGeKoXX13DXNo95DScDOIAOfRwLz9mH52Da7BriM_Y6K1w-LHgoosGmZqoL7eQvS5Csspgya0&t=ffffffff9e0cf75b _____Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251 1234
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers 123
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution 123
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS 1
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
External domain request: -https://ubldigital.com links to the following External Domains: ==>googletagmanager.com Tracker found: google.

polonus