Avast WEBforum

Other => Viruses and worms => Topic started by: MarkoM on June 10, 2021, 04:25:08 PM

Title: False positive / Legit publisher
Post by: MarkoM on June 10, 2021, 04:25:08 PM

Hello everyone, I`m representing a Large publisher group from Europe, and we own and operate more than 15 most popular web sites in this part of Europe. One of our domains is flagged with nothing in particular, and as I`m aware there is nothing wrong with our domain. I have filed the False positive request, but would also appreciate any advice or help, event better a contact so I could escalate this on a highest level possible, as I`d like to try to avoid including our legal team to deal with this the hard and unpopular way. We strongly believe that this might be a result of our competitor`s abuse of downvoting on the extension`s thumbs down icon. We need help removing this flag as this is affecting our business badly. Please help. Than you so much!
https://www.virustotal.com/gui/url/08de44187c5c274159776781635100936167a34f86612f5a55ed8d7e99321df2/detection

Title: Re: False positive / Legit publisher
Post by: DavidR on June 10, 2021, 05:20:11 PM

You don't say what the domain is that is flagged, so it would be almost impossible to suggest a possible resolution.

Quote from: MarkoM

One of our domains is flagged with nothing in particular,

The highlighted text makes me wonder 'exactly' what is alerting, certainly not the main Avast Web Shield as that is pretty definitive, Audible and Visual Popup - see attached image of an Avast Alert (of an unrelated web site).  That certainly wouldn't fall into the "flagged with nothing in particular" category.

So given the above, I suspect you may be talking about the Avast Online Security browser extension, which is a user based Web Reputation rating, see second attached image.  If this is correct I'm not sure how you would address this as it is user based.

As an Avast User not Avast Team member I can only offer the above information.

Title: Re: False positive / Legit publisher
Post by: polonus on June 13, 2021, 11:57:17 PM

Here IP flagged as spam-harvester: https://www.projecthoneypot.org/ip_107.178.194.182

Quttera flags website. Wait for a final verdict from avast team. They are the only ones to come and unblock.
Here the x-haste-hits-stream* I have seen:[/quote] "HTTP/2 200
date: Sun, 13 Jun 2021 21:52:31 GMT
vary: Accept-Encoding
content-encoding: gzip
x-backend-server: -espreso-web1 time for request D=10296
content-length: 25501
content-type: text/html; charset=UTF-8
server: Haste
x-haste-cacheable: YES
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: 0
x-haste-perspective: desktop
age: 44
x-haste-debug-backend: -espresoTHQ
x-haste-node: -cache-us2.itplatforma.com
x-haste-cache: HIT
x-haste-hits: 4
accept-ranges: bytes
x-haste-cfg: 162.221.184.74->ha-us1a(158.69.39.235)/-http-in/be_cache_varnish/cache-us2--0"[/quote]
*=deprecated system for facebook haste module system

polonus