Request for Removal of False Positive Phishing Block

[cipher.clien]

Hello,

I am the owner of https://www.clien.net
Today, I discovered that Avast has flagged my website as a phishing site, which has caused significant inconvenience for my users and myself. However, upon thorough checks with multiple security tools, including VirusTotal, no issues were found. This strongly suggests that the Avast detection is a false positive.

I have already submitted a false positive report through the [Avast False Positive Form](https://www.avast.com/false-positive-file-form.php), but I am seeking a more expedited resolution due to the urgency of the situation. This incorrect flagging is affecting our website’s accessibility and credibility.

id : 29fded7be1c9/2024-07-30T03:40:38.707Z


Could you please assist in reviewing this case as a matter of priority? Below are the steps and results of our security checks:
- VirusTotal Scan: [Clean](https://www.virustotal.com/gui/url/ad1792f9258c5c8e70bc724f7546c6af87186e5ac9fb35a25358e0b57ab3c2ab?nocache=1)
- Google transparencyreport : [Clean](https://transparencyreport.google.com/safe-browsing/search?url=www.clien.net)
- Sucuri Sitecheck : [Clean](https://sitecheck.sucuri.net/results/www.clien.net)
- URLAvoid : [Clean](https://www.urlvoid.com/scan/clien.net/)
- Zuru URL Analyzer : [Benign](https://zulu.zscaler.com/submission/55c9f36a-da53-48f8-ac39-18c65efc3acd)


Attached are the screenshots of the VirusTotal results and other relevant scans. I appreciate your prompt attention to this matter and look forward to a swift resolution.

Thank you for your assistance.

Best regards, 

[rocksteady]

First can you please edit to deactivate the website URL link, by using hxxps......

Then report suspected False Positive to Avast from here: https://www.avast.com/submit-a-sample#pc

[polonus]

I do not see the site htxps://www.clien.net/service/ no longer detected by Avast's.

But this needs your attention: findings by Retire.Js (script libraries vulnerable and so to be retired)

jquery-ui   1.12.1   Found in -https://www.clien.net/service/js/lib/jquery-ui.min.js _____Vulnerability info:
medium   XSS when refreshing checkboxes if usercontrolled data in labels 2101 CVE-2022-31160 GHSA-h6gj-6jjq-h8g9   
medium   CVE-2021-41184 XSS in the `of` option of the `.position()` util GHSA-gpqq-952q-5327   
medium   CVE-2021-41183 15284 XSS Vulnerability on text options of jQuery UI datepicker GHSA-j7qv-pgf6-hvh4   
medium   CVE-2021-41182 XSS in the `altField` option of the Datepicker widget GHSA-9gj3-hwp5-pmwc   
medium   CVE-2022-31160 XSS when refreshing a checkboxradio with an HTML-like initial text label GHSA-h6gj-6jjq-h8g9   

jquery   1.11.1.min   Found in -https://www.clien.net/service/js/lib/jquery-1.11.1.min.js _____Vulnerability info:
medium   2432 3rd party CORS request may execute CVE-2015-9251 GHSA-rmxg-73gg-4p98   
medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers GHSA-rmxg-73gg-4p98   
medium   CVE-2019-11358 4333 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution GHSA-6c3j-c64m-qhgq   
medium   CVE-2020-11022 4642 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS GHSA-gxr4-xjj5-5px2   
medium   CVE-2020-11023 CVE-2020-23064 4647 passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. GHSA-jpcq-cgw6-v4j6   1
low   73 jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates   

No cloaking detected - Given the all clean here: https://quttera.com/detailed_report/www.clien.net

Blocked for me was hxtps://clcommunications-d.openx.net/w/1.0/jstag?nc=44950606-www.clien.net because of -||openx.net^
Dr.Web strongly advises you against visiting this website
Dr.Web Link Checker prevents you from following the advertising link to ensure your privacy.
If you still want to open the page, select Use Incognito mode

Hints Security found up: Disallowed HTTP header - 73 warnings; vulners libraries (see earlier) 1 error - 2 warnings;
Use subresource integrity - 2 errors; vald- "Set Cookie-header"1 error, 1, warning; Use X-Control-Type-Options - 11 errors.


polonus (volunteer 3rd-party cold-reconnaissance website security-analyst and website error-hunter)

[polonus]

Additional information: HTTP Transactions Summary
Total Transactions: 81 HTTP transactions were recorded.
all of which were GET requests, with a couple of POST requests for analytics.

Data Transactions: There were 0 data transactions, indicating
that this analysis primarily comprised requests for resources
and not for sending user data (though there are POST requests for analytics purposes).

Main Use Cases: The most significant resource categories are:

Documents: The primary request for the HTML document is at /service/.
Stylesheets: Multiple CSS files, which contribute to the visual styling of the page.
Scripts: Various JavaScript files for functionality, including jQuery and custom scripts.
Fonts: A considerable number of requests for font files, specifically from Google Fonts,.
Performance Insights
Redirects:

The initial request to -www.clien.net resulted in a 302 redirect to -www.clien.net/service/.
This could add unnecessary latency if not managed well.
Resource Load Times and Sizes:

The largest single resource was clien.css at 390 KB, which took 505 ms to load.
Multiple scripts, like jquery-ui.min.js (248 KB), had relatively higher load times (>700 ms).
Several font files, particularly from Google Fonts,
ranged between 15 and 75 KB and appeared to have varied latency, with some over 800 ms for larger files.
HTTP/2 Utilisation:

The presence of HTTP/2 requests is a positive indication.
as it allows multiple requests to be sent for loading resources simultaneously, reducing overall load times compared to HTTP/1.1.
Most fonts and scripts are served over HTTP/2, which optimises delivery speed.
Latency Variability:

Several requests, particularly those to Google Tag Manager and OpenX, showed significant latency (up to 3710 ms).
which can affect perceived performance. These resources should be monitored or optimised to improve loading times.
Latency for font and Javascript files was observed in the 200–1000 ms range, indicating possible areas for optimisation.
External Resources:

Multiple resources (like scripts from Google, Twitter widgets, and font services) are loaded from third-party sites.
which can impact performance depending on those external servers' response times.
Recommendations for Improvement
Optimise Resource Loading:

Consider minimising the size of the largest CSS and JavaScript files through minification
or by bundling resources to reduce the number of requests.
Evaluate if all fonts are necessary or if some can be removed or substituted to decrease load time.
Reduce Redirects:

If feasible, avoid unnecessary redirects. If moving to a new URL is not essential,
consider configuring the server to serve content directly without additional steps.
Asynchronous Loading:

Implement asynchronous loading for non-critical JS/CSS files to improve overall page speed.
especially for those that do not need to block rendering.
Caching Strategies:

Implement suitable caching strategies for frequently accessed resources to minimise load times for returning users.
Monitor Third-Party Dependencies:

Regularly check the performance of third-party scripts and services.
If they introduce too much latency, explore options to replace them with more efficient alternatives.
Use Compression:

Enable GZIP or Brotli compression on server responses to decrease the size of transmitted resources;
this would help with the overall load time.

Conclusion

The transaction log for -www.clien.net reveals a functional site operating with a mixture of resources that contribute to the user experience. While the site utilises modern protocols like HTTP/2, there are opportunities to enhance performance and accessibility through optimisations. Regular performance monitoring and adjustments can significantly improve the user experience on the website.

polonus (aided by AI)