Author Topic: False positive is hampering access to the sites of our company. (Read 2602 times)

REDACTED · « **on:** February 26, 2016, 06:07:11 PM »

Our main domain - valuegaia.com.br (which is not present in any blacklist) is being classified by the filter browsers as SPAM.
We have more than 30 000 users where everyone is with difficult access because of this blockade.
What is the forecast for this to be normalized?
Contact me urgently if they need more information.
Caio Arcanjo -> caio.arcanjo@i-value.com.br
+55 19 3303 6301 (Brazil) - I-Value -

Eddy · « **Reply #1 on:** February 26, 2016, 07:19:44 PM »

The problem is very likely the links to pdf files that have a blacklisted domain/ip in them.
http://www.web-malware-removal.com/website-malware-virus-scanner/?url=www.valuegaia.com.br

polonus · « **Reply #2 on:** February 26, 2016, 07:46:16 PM »

Report to Avast so they could contemplate an exclusion.
By the way you have retirable jQuery library to be mitigated: -http://www.valuegaia.com.br
Detected libraries:
jquery - 1.11.2 : (active1) -http://code.jquery.com/jquery-1.11.2.min.js
jquery-migrate - 1.2.1 : -http://www.valuegaia.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery-ui-dialog - 1.11.2 : (active1) -http://www.valuegaia.com.br
jquery-ui-autocomplete - 1.11.2 : (active1) -http://www.valuegaia.com.br
jquery-ui-tooltip - 1.11.2 : (active1) -http://www.valuegaia.com.br
(active) - the library was also found to be active by running code
1 vulnerable library detected
5 issues here: https://mxtoolbox.com/domain/www.valuegaia.com.br%20/

ValueGaia - Software n°1 do mercado imobiliário padlock icon
-www.valuegaia.com.br
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://www.valuegaia.com.br/
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted

WordPress WordPress Version
4.2.7
Version does not appear to be latest 4.4.2 - update now.
No other WP vulnerabilities.

polonus

Pondus · « **Reply #3 on:** February 26, 2016, 07:47:30 PM »

html scan
https://www.virustotal.com/nb/file/6f8a3e9cee7c035a492cda2e87760e0c4c619d973e7410634fd3417ee4841e92/analysis/1456515179/

polonus · « **Reply #4 on:** February 26, 2016, 08:11:20 PM »

Hi Pondus,

Probably the blocking is IP related, AOS only flags website as "unsafe site".
We find Cloudfront net abuse here on a Symantec Certified website.
Re: https://www.virustotal.com/en/ip-address/54.240.160.175/information/
also https://otx.alienvault.com/indicator/ip/54.240.160.175/
and see: https://www.threatcrowd.org/ip.php?ip=54.240.160.175
ads-user lists from google dot no....use unescaped click macro!

polonus

HonzaZ · « **Reply #5 on:** February 29, 2016, 09:44:24 AM »

Hi,
This was most likely a FP, and was unblocked 27.02., 13:20 CET.
If you still have the same problem, restart your PC/Avast shields and try again.

Author Topic: False positive is hampering access to the sites of our company. (Read 2602 times)

REDACTED

False positive is hampering access to the sites of our company.

Eddy

Re: False positive is hampering access to the sites of our company.

polonus

Re: False positive is hampering access to the sites of our company.

Pondus

Re: False positive is hampering access to the sites of our company.

polonus

Re: False positive is hampering access to the sites of our company.

HonzaZ

Re: False positive is hampering access to the sites of our company.