Avast WEBforum

Other => Viruses and worms => Topic started by: TrungNguyen on September 06, 2019, 02:55:52 PM

Title: False positive for our website
Post by: TrungNguyen on September 06, 2019, 02:55:52 PM
Hi,
Our website is being blocked by Avast for URL:Phishing.  Here is our website.  https://api.linkedinexport.com and http://www.linkedinexport.com. 
We are sure our website is clean and would like you to have it removed from your blacklist.  Thank you for your time and consideration.

Thanks,
Trung
https://forum.avast.com/index.php?action=verificationcode;vid=post;rand=222381bec79719823536566261de9eaa
Title: Re: False positive for our website
Post by: Pondus on September 06, 2019, 03:35:11 PM
Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php




Site is blacklisted
https://www.virustotal.com/gui/url/424f774a88bce1bc89396476e71347074a8693dc5cdf038b8f7f0c67539d0418/detection

Site is blacklisted
https://www.virustotal.com/gui/url/1a51777adc9bd899d74065311fda3f25f2e1cd00719e56c1d9bdfdd6b22b62e0/detection

Not shown at abowe links but also blacklisted by McAfee and Trend Micro




Title: Re: False positive for our website
Post by: Asyn on September 06, 2019, 03:54:50 PM
-> https://sitecheck.sucuri.net/results/www.linkedinexport.com
Title: Re: False positive for our website
Post by: Michael (alan1998) on September 06, 2019, 04:25:13 PM
Suspicious >> https://checkphish.ai/insights/url/1567779552187/1a51777adc9bd899d74065311fda3f25f2e1cd00719e56c1d9bdfdd6b22b62e0
404'd >> https://urlscan.io/result/947d422d-e82b-4afb-a37c-dfc9b5723890
Hostname mismatch >> https://zulu.zscaler.com/submission/c5c0ae3f-6d18-4f9d-be26-cec82bebd152
X-Force can't ID it (:/)

Why is your website very similar to "LinkedIn"? LinkedIn is a major networking website for professionals to connect with each other. Your website is blocked by Fortigate's Firewall FYI. Additionally, your website has outdated software installed.
Title: Re: False positive for our website
Post by: polonus on September 07, 2019, 09:09:19 PM
See it in the website code:
Quote
Content that was returned by your request for the URL: -http://www.linkedinexport.com/

1:  < html>
2:  < head> < title> 404 Not Found< /title> < /head>
3:  < body bgcolor="white">
4:  < center> < h1> 404 Not Found< /h1> < /center>
5:  < hr> < center> nginx/1.14.0 (Ubuntu)< /center>
6:  < /body>
7:  < /html> Content after the < /html> tag should be considered suspicious.

8:  < !-- a padding to disable MSIE and Chrome friendly error page -->
9:  < !-- a padding to disable MSIE and Chrome friendly error page -->
10:  < !-- a padding to disable MSIE and Chrome friendly error page -->
11:  < !-- a padding to disable MSIE and Chrome friendly error page -->
12:  < !-- a padding to disable MSIE and Chrome friendly error page -->
13:  < !-- a padding to disable MSIE and Chrome friendly error page -->
See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lmxbbmt7I1tue3hwXX10Ll5dbWA%3D~enc
Not malicious as rated here: https://zulu.zscaler.com/report/c5c0ae3f-6d18-4f9d-be26-cec82bebd152

Take it up with your hoster. Consider: https://webhint.io/scanner/d773b980-7e70-4dfd-868d-b362eb41f21c
Consider also: https://www.immuniweb.com/websec/?id=yIl14OI8

For the other URI you provided: Results from scanning URL: -https://api.linkedinexport.com/
Number of sources found: 0
Number of sinks found: 0
source found:
Quote
{"status":"success","message":"Data API Server","data":{"version_number":"v1.0.0"}}

polonus (volunteer website security analyst and website error-huntrer)
Title: Re: False positive for our website
Post by: jefferson sant on September 11, 2019, 01:32:38 AM
Hi,
Our website is being blocked by Avast for URL:Phishing.  Here is our website.  hxxps://api.linkedinexport.com and hxxp://www.linkedinexport.com. 
We are sure our website is clean and would like you to have it removed from your blacklist.  Thank you for your time and consideration.

Thanks,
Trung
https://forum.avast.com/index.php?action=verificationcode;vid=post;rand=222381bec79719823536566261de9eaa

Detection was removed in 10.09.2019 13:14 PM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.