Why is my site on your blacklist and how can I remove it?

Viruses and worms
1

[b]Good morning,

My website appears to be getting blocked by avast for “URL:Phishing”

Can anybody tell me what would be a possible cause of this warning and how to verify it? Because the site is a website of a private university and can be found at sansebastian.edu.py

I would be very grateful if someone could help me with this since all users are prevented from accessing the web.

Cheers,[/b]

2

sansebastian.edu.py/ is Blacklisted
https://www.virustotal.com/gui/url/de7e1480e6f0362e38e6be6322803933f57433abb742243f6c7435fcfb4ec3d7/detection

How to report >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

3

https://sitecheck.sucuri.net/results/sansebastian.edu.py

Some other things you might wish to address https://webhint.io/scanner/dc0ea162-12fc-45c3-8cb5-18e7c367cb51.

4

Hola fmoreno,

Just wait for a final verdict from avast team members after reporting the potential FP.
Remember, they are the only ones to come and unblock, but from what Pondus has posted you have seen they were not the only engines to flag the site as a PHISH.

This link from there and this site does not seem to be blocked:
-http://turadio.com.py/sansebastianfm/
Retirable jQuery library: Retire.js
jquery 1.12.4 Found in -http://turadio.com.py/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution 123
Medium Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

Website is insecure: Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell -turadio.com.py to fix it.

All trackers
At least 6 third parties know you are on this webpage.

-Google
-turadio.com.py
-cdn.jsdelivr.net
-Google
-Zopim
-www.camaronhosting.net -www.camaronhosting.net

Tracker could be tracking safely if this site was secure.

However this website is still being blocked by avast’s: -http://sansebastian.edu.py/
Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c3xuc3tifHN0W3xuLnsjdS5weWA%3D~enc

As DavidR has reported, see the security section there and
see the 18 recommendations towards improved security from this linting scan:
https://webhint.io/scanner/dc0ea162-12fc-45c3-8cb5-18e7c367cb51

Also consider these results here: https://webcookies.org/cookies/sansebastian.edu.py/30575670?254630

Con Dios,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

5

[b]Thanks for the help and suggestions, I have already contacted avast and they are helping me with the problem.

Cheers![/b]

6

You’re welcome.