Avast WEBforum

Other => Viruses and worms => Topic started by: matthewh16 on June 23, 2014, 03:53:43 AM

Title: Website reported as blocked for URL:Mal, report false infection?
Post by: matthewh16 on June 23, 2014, 03:53:43 AM
Avast keeps reporting my church's podcast site as having a URL:MAL Infection. Their main site: connectioncc.org loads just fine, but their podcasts are hosted on connectioncc.com/podcast/files/. If I try to go here with webshield on, it says its infected by URL:MAL. Turning off webshield if's just an index of MP3 Files, so I don't see there being any malware. Can I tell avast to ignore this site (Exceptions TAB isn't working), without disabling malware url checking entirely or get Avast to remove the site from their database?

Thanks!!

--Matt
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: jefferson sant on June 23, 2014, 04:29:49 AM
hello

use virus@avast.com with "False positive" in email subject.

or http://www.avast.com/contact-form.php

Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Pondus on June 23, 2014, 06:43:20 AM
Quote
Avast keeps reporting my church's podcast site as having a URL:MAL Infection
URL.mal is not a infection ..... it means the URL and/or IP is on a blacklist for whatever reason ..... does not have to be infected

Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: jefferson sant on August 07, 2014, 11:43:43 PM
sorry for the delay but that I can do it
we will unblocked now

Quote
Hello Matt,
This is a false positive, it should be fixed in the new update.
Best Regards
 
Richard Šrank
avast! Technical Support Specialist

Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Gary149 on April 13, 2016, 07:09:00 AM
Please help me,

I have the same problem, when I access the my site:
http://www.publiguiaperu.com/

I am thinking that is a FP.

Thanks.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Eddy on April 13, 2016, 11:39:23 AM
JQuery vulnerable libraries (need to be fixed) :
http://retire.insecurity.today/#!/scan/5078b0779e8607a81190aaaf34449fbc909bf19e9d07c864d31ce830c731e0e3

Blacklisted :
http://urlquery.net/report.php?id=1460540143143

Browser difference :
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=www.publiguiaperu.com

The problem is likely the use of shared hosting.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on April 13, 2016, 12:32:30 PM
I removed publiguiaperu.com from our blacklist ;)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: s.s.nishanthanrock on July 22, 2016, 06:31:32 AM
Please help me,

I have the same problem, when I access the my site:
https://www.myshop.lk/

i have cleaned the files now and its still showing "URL.mal"
it means the URL and/or IP is on a blacklist, can you please remove it now


Thanks.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on July 22, 2016, 06:40:25 AM
-> https://sitecheck.sucuri.net/results/www.myshop.lk/
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: s.s.nishanthanrock on July 22, 2016, 07:17:16 AM
Yes, i have checked securi site, but i have scanned the whole site by eset and avast virus guard, its showing its all are clear, but i am confused now. What should i do now?
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Eddy on July 22, 2016, 07:29:13 AM
Guess you haven't read the Sucuri results :
Quote
How to get my site removed from their blacklist?
 If you are a Sucuri customer, just fill a malware removal request in your support dashboard. Our team will double check your site (and clean whatever needs to be cleaned) and contact ESET about it.

 If you are not a Sucuri customer (and using our free sitecheck), you will need to make sure your site is cleaned first. Once you do that, email samples@eset.com and they will re-check the site.

Here are more scan results :
http://zulu.zscaler.com/submission/show/90e08d4502b32f4a3dcc5be2e20e88c9-1469165407
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=www.myshop.lk
https://www.virustotal.com/en/url/5fcbcf42c33ab23c15670c439cc9f206c0f12d39f5a6372248c1c83416bbd016/analysis/1469165422/
http://www.urlvoid.com/scan/myshop.lk/
http://urlquery.net/report.php?id=1469164450793
https://www.virustotal.com/en/ip-address/166.62.10.227/information/
http://urlquery.net/report.php?id=1469164607118
http://multirbl.valli.org/lookup/166.62.10.227.html
Quote
What should i do now?
- Step away from GoDaddy and get yourself dedicated hosting at a reliable host that takes security seriously
- Contact Sucuri and have them fix the problems
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: s.s.nishanthanrock on July 22, 2016, 07:36:17 AM
OK, thank you sir, i will send a mail to 'samples@eset.com' and update you, but avast also blocking my website? its showing URL:Mal??
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on July 22, 2016, 07:38:17 AM
You can report a URL here: https://www.avast.com/report-a-url.php
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on July 22, 2016, 10:09:57 AM
I have removed "myshop.lk" from our blacklist ;)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Pouya on August 21, 2016, 06:56:11 PM
Hello,

It seems my website has the same problem: http://pouyas.com/
Could you please remove it from the blacklist?

Thanks
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Eddy on August 21, 2016, 07:08:57 PM
Blacklisted IP :
http://zulu.zscaler.com/submission/show/d79772dfd3540950ed0d759372ab38d9-1471798737

Outdated software :
https://sitecheck.sucuri.net/results/pouyas.com

Problems on that ASN :
http://urlquery.net/report.php?id=1471799039616
http://urlquery.net/report.php?id=1471799061736

Vulnerable libraries :
http://retire.insecurity.today/#!/scan/799ab1b9714b9603c97bfdaf9eeeccde2b1f8717888e557814454b80152b5006
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: jefferson sant on August 22, 2016, 01:41:54 PM
Hello,

It seems my website has the same problem: hxxp://pouyas.com/
Could you please remove it from the blacklist?

Thanks

(http://i.imgur.com/B1Kaa95.png)

Hello.

IP compromised

http://www.ipvoid.com/scan/67.23.226.139/
http://www.urlvoid.com/ip/67.23.226.139/


I will Report to virus analyst
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on August 22, 2016, 01:58:54 PM
The IP was infected with Locky ransomware 20 days ago. I have unblocked it for now, but I strongly advise using a different hosting.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: polonus on August 22, 2016, 02:08:58 PM
HonzaZ is right and the more so,
because the IP there functions as a Locky distribution site,
re: https://ransomwaretracker.abuse.ch/host/67.23.226.139/

Confirmed here for that  sample MS5 dc9db417c58c2c1e9615b6c0e0aed913
See: https://tracker.h3x.eu/corpus/400

Latest 100 files (malware samples) dropped by this distribution site.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: fernandes.tt on September 24, 2016, 02:55:48 AM
Hi Avast Team.

I have the same issue (false infection). I need your help to take my site out of your black list.

espanholparaviagem[.]com

Thanks a lot.
Regards,
Tarcisio.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Eddy on September 24, 2016, 09:33:09 AM
Wat message is avast giving you ? (screenshot)

Suspicious (possibly malicious) :
https://quttera.com/detailed_report/www.espanholparaviagem.com

Issues on that ASN :
http://urlquery.net/report.php?id=1474702349281

Vulnerable library used :
http://retire.insecurity.today/#!/scan/c44362f50116f6ee223f0c0fb4fc4f79977b64ca5ae5acacacfeec6c06237db1

Wordpress issues :
WordPress Version 4.5.4
Version does not appear to be latest 4.6 - update now.

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User    Login
1   None   admin
2   None   dx2brasil
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Pondus on September 24, 2016, 11:38:18 AM
Suspicious > http://www.UnmaskParasites.com/security-report/?page=www.espanholparaviagem.com/oferta3/

Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on September 26, 2016, 01:19:54 PM
IP 198.199.66[.]75 (which espanholparaviagem[.]com points to) was blocked in March due to CSRF attack coming from it.
I have now unblocked it.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: polonus on September 26, 2016, 04:36:53 PM
Being on SSL via CloudFlare with a Let's Encrypt Authority 3 Certificate is no reason for not implementing security headers,
see the meagre F-Status found here: https://securityheaders.io/?q=www.espanholparaviagem.com&followRedirects=on

Relying simply on a cdn solely for keeping your website secure, is not enough.

Also tackle the following issues. see: https://mxtoolbox.com/domain/www.espanholparaviagem.com/

polonus (volunteer website security analyst and website error-hunter)

Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: toky chen on June 21, 2017, 03:22:12 PM
need help ASAP .

One year , our company purchased the domain yyw[.]com as our company page .

but too many custermers  repokrted as blocked for  URL : Mal .

pls check and process for us .

my email :  admin@yyw.com  or  1398630@qq.com
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Eddy on June 21, 2017, 03:31:10 PM
- Remove the links to the blacklisted site (beads)
https://www.virustotal.com/en/ip-address/50.23.125.205/information/

- Retire the vulnerable library
http://retire.insecurity.today/#!/scan/d3aa5aa3c5e07d7f41b9f8fbc89c482fd5de37bfef2f07dde9ec9f0e93c8a0c1

- Fix the security issues
https://www.ssllabs.com/ssltest/analyze.html?d=www.yyw.com
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: toky chen on June 21, 2017, 03:33:04 PM
thanks !

i will check now
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Milos on June 21, 2017, 04:03:48 PM
Hello,
detection of yyw.com was disabled.

Milos
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: adan6 on June 22, 2017, 04:56:40 PM
We are having this issue also.  Our company purchased allegiantcare.com a few years ago and avast users report our domain gets blocked for blacklisting.  Can you please remove allegiantcare.com from your blacklist?
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Eddy on June 22, 2017, 05:02:25 PM
Site is not even loading and avast doesn't give a alert when trying to load the site.

Blacklisted :
https://www.virustotal.com/en/url/fedaa175143a03d4493bf8721b4515610f51141453ce3ed2e96ca35977839b11/analysis/1498143939/
http://www.urlvoid.com/scan/allegiantcare.com/
https://sitecheck.sucuri.net/results/allegiantcare.com
https://www.virustotal.com/en/ip-address/71.245.183.172/information/

Wordpress issues :
Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
ID   User    Login
1   sjunker   sjunker
2            None

Warning Directory Indexing Enabled

Certificate issue :
https://www.ssllabs.com/ssltest/analyze.html?d=allegiantcare.com

Very likely also vulnerable libraries are used.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Pondus on June 22, 2017, 05:08:10 PM
allegiantcare.com >> BLACKLISTED X 3
https://virustotal.com/en/url/fedaa175143a03d4493bf8721b4515610f51141453ce3ed2e96ca35977839b11/analysis/1498143939/


and as said, site does not load, see screenshot  http://urlquery.net/report.php?id=1498142085520

Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: mchain on June 22, 2017, 05:18:12 PM
https://yandex.com/infected?l10n=en&url=allegiantcare.com&redircnt=1498144545.1 (https://yandex.com/infected?l10n=en&url=allegiantcare.com&redircnt=1498144545.1)
Issues for more than 24 hours.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: adan6 on June 22, 2017, 08:55:27 PM
Strange that it is not loading because we have customers on it all day and it is working for me off site. 
I have contacted yandex and they have cleared my site but I guess it's not updated. 
I contacted the other too but have not heard back from them expect for sucuri, they want money to remove me.  That doesn't seem right.  Is there anything else I can do?
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Eddy on June 22, 2017, 09:11:53 PM
You could start with fixing the Wordpress issues and the certificate issue.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on June 23, 2017, 12:18:52 PM
allegiantcare[.]com is unblocked since yesterday, 17:42 CEST, but I strongly suggest following advice of other people commenting on this issue.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: polonus on June 23, 2017, 01:26:25 PM
No direct threat coming from website, so it was unblocked by Avast Team: http://urlquery.net/report.php?id=1498213066446

However for the Word Press settings User Enumeration and Directory Listing should be set disabled.

The server at Verizon's is set to speak too loudly Server: Apache/2.4.23 (Win64) OpenSSL/1.0.2j PHP/7.1.2
X-Powered-By: PHP/7.1.2 (excessive server info proliferation, we call this issue). PHP also can be' a can of worms' (vuln.).

For this external link we see a secure cookies warning, clickjacking warning and a http to https warning: https://asafaweb.com/Scan?Url=go.microsoft.com%2Ffwlink%2F%3Flinkid%3D66138%26clcid%3D0x409 - was on: https://aw-snap.info/file-viewer/?protocol=secure&tgt=accreditnet2.urac.org&ref_sel=GSP2&ua_sel=ff&fs=1 (hhtp blocked for shared hosting)!

Suspicious urls with this external link: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.surveymonkey.com&ref_sel=GSP2&ua_sel=ff&fs=1  with particular issues and warnings here: https://asafaweb.com/Scan?Url=https%3A%2F%2Fwww.surveymonkey.com

So you have issues for the website and you have to take up certain proliferation issues with provider Verizon's (not maintaining best policies because of incompetence, not being interested to tackle issues or other factors, which is not offering you the best of infrastructure, a shame really but what can we do when regulators turn a blind eye and commerce rules big time  ;).

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: bruno.felipe on November 08, 2017, 01:52:59 PM
Hi, i need help please!!

My website is block with URL:Mal by avast, how i resolve it?

Thansk
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on November 08, 2017, 02:02:52 PM
which website? Post a link here or at least a printscreen of the detection ;)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: tim.owens on November 14, 2017, 04:29:03 AM
We are in the same boat - I have numerous clients reporting our site is unsafe, but as the IT Director, of app.espace.cool - I can guarantee we are safe and behind a secure firewall at LiquidWeb.  It's really starting to impact our business.  We serve many large churches in the US and they are soon going to be moving to other anti-virus software if we can't get someone from Avast to answer our false detection report.  I've seen in 3 separate emails and even called.  Was told someone would call me right back.. that was 3 days ago.. still waiting.  PLEASE HELP!
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on November 14, 2017, 05:05:46 AM
We are in the same boat - I have numerous clients reporting our site is unsafe, but as the IT Director, of app.espace.cool - I can guarantee we are safe and behind a secure firewall at LiquidWeb.  It's really starting to impact our business.  We serve many large churches in the US and they are soon going to be moving to other anti-virus software if we can't get someone from Avast to answer our false detection report.  I've seen in 3 separate emails and even called.  Was told someone would call me right back.. that was 3 days ago.. still waiting.  PLEASE HELP!
You can report a URL here: https://www.avast.com/report-a-url.php
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on November 14, 2017, 07:47:07 AM
I have removed app.espace[.]cool/account/login from our blacklist ;)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: tim.owens on November 14, 2017, 12:45:54 PM
 ;D ;D ;D ;D - Thank you!
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: zapappa on January 24, 2018, 04:34:30 AM
If Avast is reporting MAL:URL on the basis of the domain name being on a blacklist would you PLEASE, PLEASE display the name of the blacklist on which it was found?

When the Avast popup says "...because it was infected with URL:Mal", if it is really just reporting that the target website is being blocked because it is listed on a blacklist, then why not display "...because it is listed on the Barracuda blacklist" (or whatever blacklist)? 

Or display "...because it is listed on the one or more blacklists" and list the blacklists in the "details" section.

If I have not understood URL:Mal then I apologize but it seems to get a lot of people running around wondering how to remove the "URL:Mal infection".  Again, if URL:Mal is simply indicating a blacklist entry then calling it an infection causes a waste of time and effort.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: mchain on January 29, 2018, 06:36:17 PM
Blacklisted infection entries are there for your protection.  Sometimes, but not often, these blocks are false positives, but these can occur when a known blacklisted site shares an IP address with many websites and is itself not infected with malware.

Some real-time security websites are listed below to verify an URL:Mal block:
https://www.virustotal.com/#/home/url (https://www.virustotal.com/#/home/url)
https://sitecheck.sucuri.net/ (https://sitecheck.sucuri.net/)
http://urlquery.net/ (http://urlquery.net/)

Please treat blacklisted sites with due care and caution, always.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Pondus on January 29, 2018, 08:33:27 PM
Quote
If Avast is reporting MAL:URL on the basis of the domain name being on a blacklist would you PLEASE, PLEASE display the name of the blacklist on which it was found?
   
Avast is using there own Blacklist


Quote
If I have not understood URL:Mal then I apologize but it seems to get a lot of people running around wondering how to remove the "URL:Mal infection".  Again, if URL:Mal is simply indicating a blacklist entry then calling it an infection causes a waste of time and effort.   
You can only remove it if you own the website, and there are many reasons why a website is blacklisted, it does not have to be infected


Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: polonus on January 29, 2018, 10:01:20 PM
Domain probably blocked by avast because of malware on that particular IP: https://www.threatcrowd.org/ip.php?ip=64.37.52.189
Also in attack archive: http://overflowzone.com/archive/geoip/64.37.52.189/

Only avast team members can unblock or exclude your domain from a general IP block,
wait for one to appear and give the final verdict.

We here are just volunteers with relevant knowledge, but cannot unblock,

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: zapappa on February 21, 2018, 04:42:15 AM
mchain, I get a clean report for my daughter's web site, www.katinaarnott[.]com, from your suggested web sites:

  - https://www.virustotal.com/#/home/url
  - https://sitecheck.sucuri.net/
  - http://urlquery.net/

I have also run tests on several other sites like pentest-tools.com and webinspector.com with no issues.   Also I have a blacklist monitor at mxtoolbox.com and it shows no entries on 103 blacklists. But still Avast insists on aborting connections to www.katinaarnott.com "because it is infected with URL:Mal".

Now, of course I want get a clean bill of health for this website but I'm also concerned as to why Avast calls it an infection (URL:Mal) and just leaves it at that.  I have googled URL:Mal extensively and cannot find a definition of a virus/infection of this name. I do, however, see posts like these:

  - What is URL:MAL and How to remove URL:mal virus from Windows
  - Remove URL:Mal Virus Infection (Uninstall Guide)

Both of these posts just give a generic description of how to clean up a pc.

So, if we can agree that "because it is infected with URL:Mal" means that Avast has detected an issue on the target website, then for goodness sake, Avast, tell us what the issue is.

As for my specific web site, the only issue of which I'm aware is the lack of SPF/DKIM/DMARC.  This is a problem I'm having with GoDaddy because they used to be set up ok.  I still have absolutely no idea what Avast thinks is wrong at my website.



Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on February 21, 2018, 04:46:20 AM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on February 21, 2018, 12:03:16 PM
Hi, this was caused because the IP (50.116.55.30) was blocked due to Blackhole EK.
I hope the IP is clean now, and I am unblocking it.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: zapappa on February 23, 2018, 12:34:27 AM
Hi HonzaZ, I am very grateful for your input.  Can you please tell me how you found out that my site was blocked due to Blackhole EK?  Like I've been saying, the Avast warning just says the site is blocked (URL:Mal) but doesn't say why.  More importantly, how can I determine what the cause was?

And thank you for unblocking.  I also "hope the IP is clean now" but I have run checks from just about every web site I can find plus I have installed and run the AntiVirus and ExploitScanner WordPress plugins. No problems reported.

Again,many thanks and I look forward to your response.

Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Pondus on February 23, 2018, 07:40:20 AM
IP history  >>  https://www.virustotal.com/#/ip-address/50.116.55.30
click on items for details

https://en.wikipedia.org/wiki/Blackhole_exploit_kit


Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on February 23, 2018, 09:04:58 AM
Cannot add much more than what Pondus already said/linked, but if you have other questions, feel free to ask :)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: zapappa on February 24, 2018, 11:00:56 PM
HonzaZ,

There is still my main point, which is that the Avast warning just says the site is blocked (URL:Mal) but doesn't say why.  If it is Avast that has determined there is a problem then Avast knows what the problem is (e.g. Blackhole EK) so why not display that information?  It would save people like me (and many others) from having to bother you guys by asking over and over "what caused the URL:Mal".

In other words, just displaying the cause of the issue would save everybody time and effort.

But again, thanks for all your help.

Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: polonus on February 25, 2018, 12:31:20 PM
Hi zapappa,

Little old me was abroad and away for a week without my regular laptop and only on android, so when I saw this thread, I performed a few third part scans to make you feel more comfortable with the avast alert and to help and amend issues.

In addition to what has been said in the thread above, which of course is right, I add the following:

First a retirable and vulnerable jQuery script running: http://retire.insecurity.today/#!/scan/c807bedbcf04aa0acd86b08811f455bbabb6ebc4433266431625a22828d30b5a

See that the site has been banned here: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.katinaarnott.com&ref_sel=GSP2&ua_sel=ff&fs=1

Reason:
Quote
Your IP address has been automatically flagged as abusive. You are currently banned from viewing this site. To remove the ban, please < a href="https://app.getflywheel.com/unban?name=fw071912&error=481"> visit the un-ban page< /a> .< /p>

The ban should be lifted here
Quote
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
nginx/1.12.1 + Phusion Passenger 5.1.8
X-Powered-By:
Phusion Passenger 5.1.8
IP Address:
-54.243.154.12
Hosting Provider:
Amazon.com   
Shared Hosting:
2 sites found on -54.243.154.12

Also consider:
Quote
Loaded Resources

Compromised sites will often be linked to malicious javascript or iframes in an attempt to attack users of your WordPress installation. Look over the listed resources, you should be familiar with all scripts and investigate ones you are not sure. In addition removal of unneeded javascript will speed up your website.

-https://app.getflywheel.com/unban?name=fw071912
GoogleSafe:
OK   Load:
111ms   Server: -54.225.179.161
nginx/1.12.1 + Phusion Passenger 5.1.8   ASN: 14618 United-States
Amazon.com, Inc.   Reverse DNS:
-ec2-54-225-179-161.compute-1.amazonaws.com
-http://fonts.googleapis.com/css?family=Source+Sans+Pro:200,300,700,900
GoogleSafe:
OK   Load:
20ms   Server: -172.217.7.138
ESF   ASN: 15169 United-States
Google Inc.   Reverse DNS:
iad30s08-in-f10.1e100.net
-https://js-agent.newrelic.com/nr-1071.min.js
GoogleSafe:
OK   Load:
25ms   Server: -151.101.34.110
AmazonS3   ASN: 54113 United-States
Fastly   Reverse DNS:
-http://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdo.woff
GoogleSafe:
OK   Load:
17ms   Server: -172.217.7.131
sffe   ASN: 15169 United-States
Google Inc.   Reverse DNS:
iad30s08-in-f3.1e100.net
-http://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlxdo.woff
GoogleSafe:
OK   Load:
17ms   Server: -172.217.7.131
sffe   ASN: 15169 United-States
Google Inc.   Reverse DNS:
-iad30s08-in-f3.1e100.net
h-ttp://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdo.woff
GoogleSafe:
OK   Load:
18ms   Server: -172.217.7.131
sffe   ASN: 15169 United-States
Google Inc.   Reverse DNS:
-iad30s08-in-f3.1e100.net
-http://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdo.woff
GoogleSafe:
OK   Load:
19ms   Server: 172.217.7.131
sffe   ASN: 15169 United-States
Google Inc.   Reverse DNS:
-iad30s08-in-f3.1e100.net
-https://bam.nr-data.net/1/d31ab27ce7?a=23297107&v=1071.385e752&to=Jg1YQBRcCVpdS0taUwwMGUEIUQRYF0wKVVML&rst=190&ref=-https://app.getflywheel.com/unban&qt=1&ap=5&be=108&fe=160&dc=159&af=err,xhr,ins&perf=%7B%22timing%22:%7B%22of%22:1519556150832,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22ce%22:0,%22rq%22:0,%22rp%22:0,%22rpe%22:111,%22dl%22:102,%22di%22:159,%22ds%22:159,%22de%22:160,%22dc%22:160,%22l%22:160,%22le%22:161%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
GoogleSafe:
OK   Load:
194ms   Server: 162.247.242.20
ASN: 23467 United-States
New Relic   Reverse DNS:
-bam-8.nr-data.net
 Login for

To fix it you can:
    1. In the Slider Settings -> Troubleshooting set option: Put JS Includes To Body option to true.
    2. Find the double jquery.js include and remove it.   Your client address was checked by-> https://toolbar.netcraft.com/site_report?url=https://l2.io

More issues and recommendation: https://observatory.mozilla.org/analyze.html?host=www.katinaarnott.com

Issue should be taken up with the AS - Net Access Corporation e.q. Flywheel, comsider Linode abuse.
Re: https://urlquery.net/report/51cf5840-4139-456a-b321-93773bccf4c1

Netcraft risk score 9 red out of 10: https://toolbar.netcraft.com/site_report?url=http://50.116.55.30

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on February 27, 2018, 07:16:56 AM
There is still my main point, which is that the Avast warning just says the site is blocked (URL:Mal) but doesn't say why.  If it is Avast that has determined there is a problem then Avast knows what the problem is (e.g. Blackhole EK) so why not display that information?  It would save people like me (and many others) from having to bother you guys by asking over and over "what caused the URL:Mal".

In other words, just displaying the cause of the issue would save everybody time and effort.

You are a very rare user though. We block thousands of URLs a day and you are one of the few who cares, and even of those who care and want their website without any warnings, most people don't know or care what happened earlier. They will just wipe it, update it, change passwords, and that's it. I am literally talking about one person a week who wants to know what happened and knows what "being infected by an exploit kit" means.

And even if there were many people who cared, it would be difficult to change the GUI, and I am not even talking about all the trouble with localization...

All in all, I understand, but I feel like it is too much effort for too little gain.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: zapappa on March 08, 2018, 05:01:02 PM
Hi polonus,  that was some very useful input.  Thanks very much!


HonzaZ, fair comment, thanks for your help.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: [GR]ToxicShock on May 28, 2018, 09:19:50 PM
My web site www.gamereplays[.]org is experiencing the same problem.    Many users that have been able to contact me through other means are reporting that they are being presented with the same message and are unable to access the site.     They say they are unable to over-ride the block.

We are a respectable site.   Please fix this obviously spurious problem and unblock our site.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Pondus on May 28, 2018, 10:08:19 PM
My web site www.gamereplays.org is experiencing the same problem.    Many users that have been able to contact me through other means are reporting that they are being presented with the same message and are unable to access the site.     They say they are unable to over-ride the block.

We are a respectable site.   Please fix this obviously spurious problem and unblock our site.
Well according to Sucuri your website containe spam  >>  https://sitecheck.sucuri.net/results/www.gamereplays.org

Malware entry: spam-seo.spammy_keywords
http://labs.sucuri.net/db/malware/spam-seo.spammy_keywords?3.14




Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: polonus on May 29, 2018, 12:40:41 AM
Hi [GR]ToxicShock,

Nothing flagged: http://isithacked.com/check/http%3A%2F%2Fwww.gamereplays.org%2F
& https://urlquery.net/report/ec516cc4-4ecb-4803-a193-29b062e0b26f

What can be flagged is a second redirect via http - https -> to: hxtp://www.gamereplays.org/portals.php -> htxps://www.gamereplays.org/portals.php
See sources and sinks here: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.gamereplays.org%2Fportals.php
uMatrix blocks: -http://cdn.assets.craveonline.com/comscore_branding/cr-branding.js?useDarkLogo=true
(bug-hunter's) script error on site
Quote
-cdn.assets.craveonline.com/branding/cr-branding.js?useDarkLogo=true
     info: [decodingLevel=0] found JavaScript
     error: undefined variable clearTimeout
     error: undefined function d[m]
     error: undefined variable d
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!DOCTYPE html PUBLIC "-/W3C/DTD XHTML 1.0 Transitional/EN"
          error: line:3: ...............^
Also see here: https://www.scamadviser.com/check-website/gamereplays.org
Last update of your website -> 2017-11-27 16:36:03 (6 months & 1 day ago)  according to your WHOIS data
- Cxxxs Dxxxk, : Array, London, W1G8RJ, GB , hosted by GoDaddy on wXw.pir.org server

We are just volunteers with relevant knowledge, unblocking can only be performed by avast team members.
Wait for one to arrive here in this thread and give the final verdict on your website.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Char# on May 29, 2018, 02:37:47 AM
Today have been getting URL:Mal threat detection alerts from Web Shield for all attachments, images or links in emails on Shaw webmail:

wm-so.glb.shawcable.net

Sucuri site checker doesn't show any problems. I added the site to exclusions in Avast settings so I can access my email, but wondering why it has been blocked?
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: [GR]ToxicShock on May 29, 2018, 10:31:48 AM
Will we be waiting long?   It seems a rather obvious false positive to me.   
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on May 29, 2018, 11:30:14 AM
Will we be waiting long?   It seems a rather obvious false positive to me.   
Did you fix your spam issues..!? (See Reply #57 from Pondus)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: [GR]ToxicShock on May 29, 2018, 11:47:52 AM
There is no spam issue and never was  :D
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on May 29, 2018, 11:51:30 AM
There is no spam issue and never was  :D
Just rescanned your site, according to Sucuri it's still there.
-> https://sitecheck.sucuri.net/results/www.gamereplays.org
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: [GR]ToxicShock on May 29, 2018, 12:54:43 PM
With respect,

(1) That shows no issues

(2) There are no issues (unsurprisingly).
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on May 29, 2018, 03:25:36 PM
Hi,
gamereplays[.]org really looks like a false positive and should be fixed in a couple of minutes.
wm-so.glb.shawcable[.]net also looks like a false positive and will also be fixed soon.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Pondus on May 29, 2018, 04:10:59 PM
gamereplays[.]org  >>  something to fix  >>  https://retire.insecurity.today/#!/scan/ee3caaec4312e212efc319235ca6c21eac91a75909f87d5eaae2aa7d1d1bbe2c

Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: [GR]ToxicShock on May 30, 2018, 05:29:59 AM
Hi,
gamereplays[.]org really looks like a false positive and should be fixed in a couple of minutes.
wm-so.glb.shawcable[.]net also looks like a false positive and will also be fixed soon.

Apparently, the site is still blocked.     
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: gazelleclub on May 30, 2018, 11:20:54 AM
Hi, i need help please!!

My website gazelleclub.ru/forum/index.php is block with URL:Mal by avast, how i resolve it?


Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on May 30, 2018, 11:23:35 AM
Hi, i need help please!!
My website gazelleclub.ru/forum/index.php is block with URL:Mal by avast, how i resolve it?
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: gazelleclub on May 30, 2018, 11:45:28 AM
Hi, i need help please!!
My website gazelleclub.ru/forum/index.php is block with URL:Mal by avast, how i resolve it?
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
I already wrote there two days ago, not what result
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Milos on May 30, 2018, 03:13:51 PM
Hello,
the domain was unblocked.

Milos
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: dyang on September 11, 2018, 07:39:58 AM
Hi, i need help please!!

My website https://www.vova.com is block with URL:Mal by avast, how i resolve it?
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on September 11, 2018, 07:53:52 AM
https://sitecheck.sucuri.net/results/www.vova.com/
https://zulu.zscaler.com/report/20db9a2f-79b9-4945-8a7c-c5787c2a1690
https://www.virustotal.com/#/url/1fba29f27c7d07d3e1cf5b1ce26c2a52aced9d6b0ec51ac0aecbe275c08afc95/detection

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: dyang on September 11, 2018, 08:18:06 AM
Thank you for your reply. We have submited the FP report through the website you provided. How long does it take usually for Avast to process our report and unblock our website?

Thank you again!
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on September 11, 2018, 08:27:35 AM
You're welcome. (Usually rather quick, few hours at most)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: dyang on September 11, 2018, 08:30:12 AM
You're welcome. (Usually rather quick, few hours at most)
Thank you!
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on September 11, 2018, 08:31:16 AM
No problem.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: polonus on September 11, 2018, 11:50:11 PM
Hi dyang,

You're probably flagged because your on a google amp.site as image, but I am not sure about that.

Some remarks on the code your run on that page and some glitches there flagged:
error 3rd party cold reconnaissance tested vulnerable uri: -https://www.vova.com/faqs.html?service=1
error
Quote
(script) -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/main.js?eb94dfeb
     status: (referer=-www.vova.com/faqs.html?service=1)saved 268918 bytes 255c4412dbc3c4d4033276fb9fecc7feb85b97b4
     info: [img] -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/
     info: [iframe] -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 second
&
-www.vova.com/public/a/images/footer-accept.jpg?eb94dfeb
     info: [decodingLevel=0] found JavaScript
     error: undefined variable f
pervasive criteo tracking detected, but that is ad-tracking and not malicious per se.

Security 1 error detected: -https://www.vova.com
'jQuery@1.11.3' has 1 known vulnerability (1 medium). See 'https://snyk.io/vuln/npm:jquery' for more information.
No vulnerable libraries found on the image when scanned with Erlend Oftedal's scanner: https://retire.insecurity.today/#!/scan/a6fdbd952cfe8c2cdffd06ca0debb848219ecd952582f72915db2d7ad9c391bc

Wait for an avast team member to give a final verdict on your site. Avast Team Members are the only ones to unblock,
we are just volunteers with relevant knowledge.

polonus (volunteer website security analyst and website error-hunter)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: dyang on September 12, 2018, 09:35:16 AM
Hi dyang,

You're probably flagged because your on a google amp.site as image, but I am not sure about that.

Some remarks on the code your run on that page and some glitches there flagged:
error 3rd party cold reconnaissance tested vulnerable uri: -https://www.vova.com/faqs.html?service=1
error
Quote
(script) -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/main.js?eb94dfeb
     status: (referer=-www.vova.com/faqs.html?service=1)saved 268918 bytes 255c4412dbc3c4d4033276fb9fecc7feb85b97b4
     info: [img] -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/
     info: [iframe] -image.vova.com/webres/vova/webresource/4dcde543544bc3ecef78bf247cae5a32/public/a/js/
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 second
&
-www.vova.com/public/a/images/footer-accept.jpg?eb94dfeb
     info: [decodingLevel=0] found JavaScript
     error: undefined variable f
pervasive criteo tracking detected, but that is ad-tracking and not malicious per se.

Security 1 error detected: -https://www.vova.com
'jQuery@1.11.3' has 1 known vulnerability (1 medium). See 'https://snyk.io/vuln/npm:jquery' for more information.
No vulnerable libraries found on the image when scanned with Erlend Oftedal's scanner: https://retire.insecurity.today/#!/scan/a6fdbd952cfe8c2cdffd06ca0debb848219ecd952582f72915db2d7ad9c391bc

Wait for an avast team member to give a final verdict on your site. Avast Team Members are the only ones to unblock,
we are just volunteers with relevant knowledge.

polonus (volunteer website security analyst and website error-hunter)
Hi polonus,

Thank you for your reply!

If possible, could you please tell me how you can scan our website to find the problem?

Thanks again!
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: HonzaZ on September 12, 2018, 10:09:50 AM
Hi, vova[.]com was unblocked yesterday, 09:25 CEST.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: dyang on September 12, 2018, 10:52:43 AM
Hi, vova[.]com was unblocked yesterday, 09:25 CEST.
Hi HonzaZ,

Thank you very much!
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: polonus on September 12, 2018, 11:56:47 PM
Hi dyang,

Anyone can do it, when you're careful enough to make the right combinations and deductions.

My website scanning is performed through normal third party cold reconnaissance public website scanners online.
I never actually visit the website to be evaluated.

Recently I use sonarwahl or now known as webhint where I use: https://snyk.io/vuln/npm:jquery to verify
retirable jQuery libraries, another is Redleg\'s file viewer for the code checks and Google alerts.
Also checked retirable jQuery from Erlend Oftedal's scanner - retire.insecurity.today/#
But I also make use of other scanners as seem appropriate.

The script errors that are found, come from a javascript unpacker service run on any particular uri or piece of javascript code.
Going beyond expected runtime is a give away of suspicion and so are scripting errors, I check them at Stack-Overflows.
This is helpful for developers where they missed something while dealing with the scriptcode (undefined this or undefined that etc.).

Another thing that counts is me doing this for 14 years here in the Virus and Worms now, to be short it is called "experience".

Important is that webmasters, hosters, web-developers, etc. learn to code with security at heart,
update and patch en configure according to best practices.

To bring this nearer in practice is also part of my motivation and constant "preaching to the choir".

Also I like avast av and like to give them a helping hand from time to time.
I owe them this platform as a place to post at least and all I learnt here with the help of colleagues.

polonus (3rd party cold reconnaissance website security analyst and website error-hunter)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: xacajeh352 on February 09, 2020, 05:54:27 AM
I have the same problem, when I access the my site:
https://beautyloungelk.com/
 :-[https://beautyloungelk.com/ (https://beautyloungelk.com/)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on February 09, 2020, 06:30:50 AM
-> https://sitecheck.sucuri.net/results/https/beautyloungelk.com
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: polonus on February 09, 2020, 03:35:58 PM
Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK
Web Server:
cloudflare
X-Powered-By:
PHP/7.3.11 Outdated Software Detected
7.5
CVE-2019-11049
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
7.5
CVE-2019-11047
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
6.4
CVE-2019-11050
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
6.4
CVE-2019-11044
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
5
CVE-2019-11046
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
5
CVE-2019-19246
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
5
CVE-2019-11045
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
4.3
IP Address:
104.31.91.246
Hosting Provider:
Cloudflare.
Shared Hosting:
500 sites found on 104.31.91.246

Configuration OK - external links Google Safebrowsing approved.

Javascript errors related to script blocker action
Quote
ReferenceError: jQuery is not defined
 /:1194

ReferenceError: jQuery is not defined
 /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=2.8.5:2

TypeError: a.extend is not a function
 /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.7.3:3

TypeError: Cannot read property 'each' of undefined
 /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2:1

ReferenceError: elementorModules is not defined
 /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=2.8.5:2

Also consider: https://webcookies.org/cookies/beautyloungelk.com/28957248?678928
Privacy Impact Score = D -> The page loads 39 third-party JavaScript files and 37 CSS but does not employ Sub-Resource Integrity to prevent breach if a third-party CDN is compromised

Wait for a final verdict from an avast team member as they are the only ones to come and unblock.
As we here are just volunteers with relative knowledge in the field of website security and website error-hunting.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: jefferson sant on February 13, 2020, 03:33:49 AM
I have the same problem, when I access the my site:
hxxps://beautyloungelk.com/
 :-[ hxxpsbeautyloungelk.com/hxxps://beautyloungelk.com/

Detection was removed in 11.02.2020

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: geigev on February 18, 2020, 04:59:07 AM
Hello,

My site https://streamyard.com has been incorrectly flagged for phishing. The same thing has happened twice in the past and avast/avg removed the warning and said it was a false positive. Please help.

https://sitecheck.sucuri.net/results/streamyard.com
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: Asyn on February 18, 2020, 05:05:29 AM
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: polonus on February 19, 2020, 05:31:30 PM
Probably flagged for a hidden iFrame, see code line 65 here:
https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c3R9e3xteXx9Iy5eXW1g~enc
Web Firewall blocks -https://www.googletagmanager.com/ns.html?id=GTM-5KG4PZD  as "Ads".
Quote
<iframe src="htxps://www.googletagmanager.com/ns.html?id=GTM-5KG4PZD" height="0" width="0" style="display:none;visibility:hidden"></iframe>

Not being flagged at VT here: https://www.virustotal.com/gui/ip-address/35.227.212.162/relations

Wait for an avast team member to give a final verdict as they are the only ones to come and unblock.

polonus
Title: Re: Website reported as blocked for URL:Mal, report false infection?
Post by: jefferson sant on February 21, 2020, 01:51:14 AM
Hello,

My site hxxps://streamyard.com has been incorrectly flagged for phishing. The same thing has happened twice in the past and avast/avg removed the warning and said it was a false positive. Please help.

https://sitecheck.sucuri.net/results/streamyard.com

Detection has already been removed.

Quote from: Avast
Our virus specialists have been working on this problem and it has now been resolved. The provided website isn't detected by Avast anymore.