Avast WEBforum

Other => Viruses and worms => Topic started by: rocksteady on July 17, 2022, 06:44:27 PM

Title: Threat secured. ThreeUK Login
Post by: rocksteady on July 17, 2022, 06:44:27 PM
Constantly getting Threat Secured when login to ThreeUK account.
hxxxx://new.three.co.uk/account/login#/

I have submitted a FP form using the ID reference at bottom of one of the popup's that I captured.

Note. I had no problems accessing that site using FF browser earlier in the week.
Title: Re: Threat secured. ThreeUK Login
Post by: DavidR on July 17, 2022, 07:17:43 PM
I just wonder why 3's account login would need to connect to assets.adobedtm.com and why that site would need to run a .js (javascript) file.

Like me Avast considers this script action suspicious [Susp].

Hopefully the possible FP report form will respond soon.
Title: Re: Threat secured. ThreeUK Login
Post by: polonus on July 18, 2022, 02:05:46 PM
Maybe because file is unsigned. See: https://www.ipaddress.com/ipv4/108.156.107.72
Not detected here: https://www.virustotal.com/gui/url/697550e8157b71f1f4a76ee7a07acbc33aefbffdeb8c4e363f84ef7dc14cc7ce/details Error from Cloudfront?

But this however is detected with -adobe.tm dot com -> https://www.virustotal.com/gui/url/1f434e1e9014638947b1b2843355fc930289c02c0b3a27653fa596990c05f496?nocache=1
5 av-vendors flag this as fishing and malicious abuse via a parked domain.

2 to flag this as well: https://www.virustotal.com/gui/url/a9667a67428334bff0693b0c47ee1555fe1a3e415d32ad0b3c10747abfd3526d

polonus
Title: Re: Threat secured. ThreeUK Login
Post by: rocksteady on July 19, 2022, 11:08:44 AM
I have looked for the adobedtm script/url on the Three login page that gives rise to the Webshield popup.
hxxxx://assets.adobedtm.com/acccca982240/2889efaf6b3f/launch-e9ff484f5018.min.js
I submitted that url to Virustotal and shows all as Clear. But Avast/AVG not listed.
I have had no reply from Avast re my FP form  :(
I have also reported the login issue to Three.
Title: Re: Threat secured. ThreeUK Login
Post by: DavidR on July 19, 2022, 06:56:07 PM
Avast and AVG 'don't' participate on the VT on-demand scan of websites/links.

It doesn't have an on-demand scan on the same way as on-demand scans on a system, ashquick.exe etc. 
Also a live web shield on-access scan of a website doesn't just scan that site but the links it has/tries to connect.
Title: Re: Threat secured. ThreeUK Login
Post by: rocksteady on July 20, 2022, 03:48:35 PM
Avast confirmed FP and have updated their DB. I can now login without a Webshield Alert.
Title: Re: Threat secured. ThreeUK Login
Post by: rocksteady on September 29, 2022, 03:50:29 PM
Same problem has returned today. I will send another FP form to avast.
Title: Re: Threat secured. ThreeUK Login
Post by: rocksteady on September 30, 2022, 10:33:25 AM
Avast cleared it again in response to my FP report.