Site Blocked - URL:Phishing

Viruses and worms
1

I’m having problems with my website, lessons.com. Visitors using Avast are receiving a notice that lessons.com is “infected with URL:Phishing”

We have no idea why this is happening and have no idea what we can do about it.

Any feedback would be extremely appreciated.

2

Just a follow up…I have checked the following tools and Lessons.com is marked safe across the board:

https://www.urlvoid.com
https://www.virustotal.com
https://transparencyreport.google.com/safe-browsing/search

Users are still getting “URL:Phishing” warning. What’s am I missing?

3

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

4

Hi paul910,

The scan found some terms that are commonly used in spam hacks. Suggest you check through the content listed out below for anything suspicious. (site:lessons.com (adobe|autocad|essay|poker); Next, this link will do another scan with the User Agent Googlebot to check for inserted spam content.
- Google Chrome returned code 301 to -https://lessons.com/ GoogleBot returned code 301 to -https://lessons.com/ moved -https://cdn.lessons.com/ TLS Recommendations HTTPS mixed content found. Your HTTPS website is referring to an HTTP resource: -http://cdn.lessons.com/assets/images/tmp/no_pic.png on -https://lessons.com/pro (not secured). Flagged probably because of: https://otx.alienvault.com/indicator/ip/94.31.29.248 see detections on related - https://www.virustotal.com/gui/ip-address/94.31.29.248/relations dom-xss issue: Results from scanning URL: -https://cdn.polyfill.io/v3/js.4869cd5a.js Number of sources found: 44 Number of sinks found: 8 Re: https://retire.insecurity.today/#!/scan/1625570c081cda051073b3078f5a92391b8a2ac608242ec1b93bfc18bed354ac

see: https://urlquery.net/report/c5c300d3-4018-4f39-a30a-fd96805aafd0

https://webhint.io/scanner/8e77cf8b-4189-4562-bc78-a36614f021e2 improvement & security related recommendations.

Wait for an avast team member to give a final verdict, as they are the only ones to come and un(b)lock,

polonus (volunteer website security analyst & website error-hunter)

5

I did not see the detection since posted the topic at least link that this user is receiving may not be the home page.Post a screenshot of the alert.

https://support.avast.com/en-us/article/Create-screenshot/

6

I can confirm that lessons[.]com was indeed briefly blocked, it was a false positive and I apologize for the inconvenience caused.