Avast WEBforum

Consumer Products => Avast Online Security (browser extension) => Topic started by: e17area-fedup on April 08, 2021, 07:06:26 AM

Title: false positive
Post by: e17area-fedup on April 08, 2021, 07:06:26 AM
Avast is wrongly blocking my site, my site has nothing wrong with it, please remove the block on my site, and while you are doing that, please also sort out the means by which you use to check sites, because it is hugely inapropriete and harmful to ligetimate sites like mine, am having to write this at 6:00am after spending agies looking for how to write this and where to write this when i should be sleeping, you seriously have a responsibilities which you must take very seriously, you claim to be protecting people, but you are failing very badly,  i've spent time and money trying to find something that does not exist apart from in your own minds, i've already removed your browser adon and all software of yours from my computer, will be removing them also from my laptops too, because i've had it with you,  if you are going to claim you protect people, at least do it right, google webmast finds nothing, online scanners finds nothing, THERE IS NOTHING WRONG WITH THE SITE, THE ONLY THING THAT IS WRONG IS WHAT YOU CLAIM TO DO, check cochranemarket and show what it is that you think is wrong and makes you put a block on my site, if i haven't gone to the site directly i would not have found out
Title: Re: false positive
Post by: e17area-fedup on April 08, 2021, 07:08:02 AM
cochranemarket.com
Title: Re: false positive
Post by: Asyn on April 08, 2021, 07:18:12 AM
-> https://www.virustotal.com/gui/url/7b62c06f13df8a9ba5af7d48066036d8b321a07e66a36f21578b3788ce362216/detection
Title: Re: false positive
Post by: polonus on April 09, 2021, 05:12:01 PM
Now even 7 engines to flag it, mainly as a PHISH (but not flagged at PHISHTank):
https://www.virustotal.com/gui/url/7b62c06f13df8a9ba5af7d48066036d8b321a07e66a36f21578b3788ce362216/detection

Seen as from the other point of view, but security: https://seojuicer.com/dashboard/cochranemarket.com

-http://cochranemarket.com/ returned a 301

SERVER DETAILS
Web Server:
nginx
IP Address:
51.195.150.244
Hosting Provider:
OVH, FR
Shared Hosting:
2 sites found
Title:
Cochrane Market

Issue: The first two user ID's were tested to determine if user enumeration is possible.

Username   Name
ID: 1   test   admin
ID: 2   e17sweetmegmail-com   paul
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

   cookie-law-info 2.0.1    Current   latest release (2.0.1)
hxtps://www.webtoffee.com/product/gdpr-cookie-consent/

Not vulnerable in this sense: https://retire.insecurity.today/#!/scan/1c1b385626f3b915b7ef16c8a6ea5d8da43a85ce13e23918389fb41d52048eaa

See SRC review: HTML
-www.cochranemarket.com/
36,305 bytes, 333 nodes

Javascript 14   (external 11, inline 3)
INLINE: window._wpemojiSettings = {"baseUrl":"-https:\/\/s.w.org\/images\/core\/emoji
2,128 bytes

-www.cochranemarket.com/wp-includes/js/​wp-emoji-release.min.js?ver=5.7
-www.cochranemarket.com/wp-includes/js/jquery/​jquery.min.js?ver=3.5.1
-www.cochranemarket.com/wp-includes/js/jquery/​jquery-migrate.min.js?ver=3.3.2
INLINE: /* <![CDATA[ */ var Cli_Data = {"nn_cookie_ids":[],"cookielist":[],"non_necessa
1,870 bytes

-www.cochranemarket.com/wp-content/plugins/cookie-law-info/public/js/​cookie-law-info-public.js?ver=2.0.1
-d3uvwl4wtkgzo1.cloudfront.net/​e8af8301-45e2-41c6-9212-9421ce1b1dc7.js
-www.cochranemarket.com/wp-content/themes/wp-bootstrap-starter/inc/assets/js/​popper.min.js?ver=5.7
-www.cochranemarket.com/wp-content/themes/wp-bootstrap-starter/inc/assets/js/​bootstrap.min.js?ver=5.7
-www.cochranemarket.com/wp-content/themes/wp-bootstrap-starter/inc/assets/js/​theme-script.min.js?ver=5.7
-www.cochranemarket.com/wp-content/themes/wp-bootstrap-starter/inc/assets/js/​skip-link-focus-fix.min.js?ver=20151215
-www.cochranemarket.com/wp-includes/js/​wp-embed.min.js?ver=5.7
INLINE: /* <![CDATA[ */ var adverts_frontend_lang = {"ajaxurl":"-https:\/\/www.cochranem
194 bytes

-www.cochranemarket.com/wp-content/plugins/wpadverts/assets/js/​wpadverts-frontend.js?ver=1.3.5
CSS 15   (external 13, inline 2)
INLINE: img.wp-smiley, img.emoji { display: inline !important; border: none !importan
283 bytes INJECTED

-www.cochranemarket.com/wp-includes/css/dist/block-library/​style.min.css?ver=5.7
INJECTED

-www.cochranemarket.com/wp-content/plugins/cookie-law-info/public/css/​cookie-law-info-public.css?ver=2.0.1
INJECTED

-www.cochranemarket.com/wp-content/plugins/cookie-law-info/public/css/​cookie-law-info-gdpr.css?ver=2.0.1
INJECTED

-www.cochranemarket.com/wp-content/themes/wp-bootstrap-starter/inc/assets/css/​bootstrap.min.css?ver=5.7
INJECTED

-www.cochranemarket.com/wp-content/themes/wp-bootstrap-starter/inc/assets/css/​fontawesome.min.css?ver=5.7
INJECTED

-www.cochranemarket.com/wp-content/themes/wp-bootstrap-starter/​style.css?ver=5.7
INJECTED

-www.cochranemarket.com/wp-content/themes/wp-bootstrap-starter/inc/assets/css/presets/theme-option/​superhero.css?ver=5.7
INJECTED

-fonts.googleapis.com/​css?family=Lato:300,400,700
@IMPORT

-fonts.googleapis.com/​css?family=Lora%3A400%2C400i%2C700%2C700i%7CPoppins%3A300%2C400%2C500%2C600%2C700&ver=5.7
INJECTED

-www.cochranemarket.com/wp-content/themes/wp-bootstrap-starter/inc/assets/css/presets/typography/​poppins-lora.css?ver=5.7
INJECTED

INLINE: #page-sub-header { background: #fff; }
52 bytes INJECTED

-www.cochranemarket.com/wp-content/plugins/wpadverts/assets/css/​wpadverts-frontend.css?ver=1.5.3
INJECTED

-www.cochranemarket.com/wp-content/plugins/wpadverts/assets/css/​wpadverts-glyphs.css?ver=4.7.2
INJECTED

-www.cochranemarket.com/wp-content/plugins/cookie-law-info/public/css/​cookie-law-info-table.css?ver=2.0.1
INJECTED

Wait for a final verdict from avast team, as they are the only ones to come and unbloc,
but with 7 instances flagging at VT this not likely to be a False Positive,

polonus (volunteer 3rd party cold reconnaisaance website security analyst and website error-hunter)