Site Blocked - URL:Phishing

[omayab@hotmail.com]

Hola,

esta url:  hxtps://app.clinic-cloud.com/ me la marca como phising cuando no es así, también he contactado con los administradores y me dicen que todo está bien. Por favor, arreglad este error, ya que es un falso positivo.

Gracias.

[Asyn]

Please post English here, else use the forum section for your language.
-> https://forum.avast.com/index.php?board=21.0

[amir@opusvo.com]

Hi,
Our client portal hxtps://www.opusvirtualoffices.com/portal is being incorrectly identified as phishing, can you check this and advise?

Thanks

[Asyn]

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

[polonus]

Submitting your site to phishcheck.me I get an affirmative response: "{"sid": 134080, "is_success": true}".

Well, your Word Press version does not seem to be the latest, Version does not appear to be latest 4.9.8 - update now.
See the redirect here: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ll1wdXN2W310dXxsXWZmW157cy5eXW1gcF19dHxs~enc

2 vulnerable libraries detected: https://retire.insecurity.today/#!/scan/1e6ca5b7c2c1903f3150cf291d9e7ac73761acf0dbd91cf4a7951569fb2edb4e

security hints: https://webhint.io/scanner/b83394ed-e3f2-4931-9c25-99b81c5cdd38

F-grade security status: https://observatory.mozilla.org/analyze/www.opusvirtualoffices.com

See recent detections for your domain: https://www.virustotal.com/#/domain/www.opusvirtualoffices.com
with generic trojans, like Trojan-Downloader.JS.Iframe
and a PHISHING detection on -https://www.youtube.com/paypal

No longer detected or IDS flagged here: https://urlquery.net/report/31ab48af-d6b6-4f30-837b-a11968c5c988

Wait for an avast team member to give the final verdict, as we are just volunteers with relevant knowledge
as only avast team members can come and unblock detections.

polonus (volunteer website security analyst and website error-hunter)

[houstonreal2000@yahoo.com]

OK - I excluded chinesewatchwiki.net to stop the erroneous url:phishing block, only to have Avast Online Security pop up a warning that the site could have already harmed my computer.  Bullpucky! There doesn't seem to be a way to dismiss or exclude the pop-up rendering the site unusable.

I have visited this site before with no problems, but now that I have been granted an editors account and login, Avast blocks me from using the website.

How do we get this problem corrected?

[polonus]

Nothing to do with avast however, site cannot be scanned as it has an issue: https://sitecheck.sucuri.net/results/chinesewatchwiki.net
and serves up a redirect to: -http://chinesewatchwiki.net/Main_Page
and then you get an avast alert like "The site you are about to enter contains malicious content".

Re: traceroute to -chinesewatchwiki.net (-167.88.115.174), 30 hops max, 28 byte packets

1  hosted-by.2is.nl (62.221.192.2)  0.249 ms  0.233 ms  0.225 ms
 2  ae0-cr01.ams04.astralus.net (185.187.12.64)  5.265 ms ae0-cr02.ams05.astralus.net (185.187.12.66)  0.541 ms  0.543 ms
 3  ae0-cr02.ams05.astralus.net (185.187.12.35)  0.670 ms xe-3-3-0.cr0-ams6.ip4.gtt.net (46.33.81.81)  19.943 ms ae0-cr02.ams05.astralus.net (185.187.12.38)  0.594 ms
 4  ae-8.r25.amstnl02.nl.bb.gin.ntt.net (129.250.3.229)  0.721 ms xe-3-3-0.cr0-ams6.ip4.gtt.net (46.33.81.81)  19.934 ms  19.928 ms
 5  ae-5.r23.asbnva02.us.bb.gin.ntt.net (129.250.6.162)  85.464 ms ae-8.r25.amstnl02.nl.bb.gin.ntt.net (129.250.3.229)  0.699 ms  0.849 ms
 6  * ae-10.r22.snjsca04.us.bb.gin.ntt.net (129.250.6.237)  164.131 ms ae-5.r23.asbnva02.us.bb.gin.ntt.net (129.250.6.162)  93.749 ms
 7  * * *
 8  * * ae-3.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.125)  177.602 ms
 9  * ae-3.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.125)  176.261 ms  176.464 ms
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *

Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Xmhbbntze3d8dF5od1trWy5ue3Q%3D~enc

Wait for a final verdict by an avast team member as they are the only ones to come and eventually unblock,
we here are just volunteers with relevant knowledge.

polonus (volunteer website security analyst and website error-hunter)

[Asyn]

-> https://sitecheck.sucuri.net/results/chinesewatchwiki.net
-> https://zulu.zscaler.com/submission/37cf2e8c-3928-4ca0-a53e-7209a3b82d88
-> https://www.virustotal.com/#/url/fceacd58081b227d773f05684f2e619fbcdac95bdaf266c452649183b0490199/detection

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

[Sirmer]

Hello,

detection will be turned off in next stream update.

[Hennaboy]

Just had this reported by a customer.

www.henna-boy.co.uk

URL:Phishing

Where? On my logo apparently, as it points to www.henna-boy.co.uk and the customer is using henna-boy.co.uk

Is this some kind of joke? I expect more from a company such as Avast.

Have they started employing children with no idea what they are doing?

[Pondus]

Just had this reported by a customer.

www.henna-boy.co.uk

URL:Phishing

Where? On my logo apparently, as it points to www.henna-boy.co.uk and the customer is using henna-boy.co.uk

Is this some kind of joke? I expect more from a company such as Avast.

Have they started employing children with no idea what they are doing?

Sucuri site check  >>  https://sitecheck.sucuri.net/results/www.henna-boy.co.uk

Norton SafeWeb  >>  https://safeweb.norton.com/report/show?url=henna-boy.co.uk


if you think it is wrong, report it  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

[Hennaboy]

Yes, I had already looked at those sites. However, I should have had too as its pretty damn clear that this is a mistake. Do they just use badly written bots to determine what should be listed or not?

Absolute joke.

I have reported it and I doubt I will get any kind of reply or apology. Meanwhile, I am having to contact customers to inform them of incompetence.

How long does it take for it to be evaluated?

[Pondus]

Do they just use badly written bots to determine what should be listed or not?

If you know how to detect/block this amount of malware/URLs evry day with no False Positives then evry security vendor in the world would like to know how

No security program have 100% detection or zero false positives

https://www.webarxsecurity.com/website-hacking-statistics-2018-february/

https://www.av-test.org/en/statistics/malware/

[polonus]

Well this is making some frown at that code, maybe it was responsible for that detection, being a FP or not. :

587:  < /body> < /html> Content after the < /html> tag should be considered suspicious.

589:  < !-- WITHOUT CACHE: 0.10239195823669 -->
590:  < !-- WITH CACHE: 0.00049901008605957 -->

see: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lmh7bm58LWJdeS5eXS51aw%3D%3D~enc

See also 27 security recommendations here: https://webhint.io/scanner/dcc05974-b44e-4994-8c92-7e7780738957#Security

But where the URL=PHISHING is concerned I am at the end of my thether finding that out.
So wait for a final verdict from an avast team member,
as they are the ones to eventually come & unblock,
as we are just volunteers with relative knowledge about general website security.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

[bauerj]

Hi,
I disabled detection causing your site not being accessible. It should be OK after next streaming update. We are sorry for your inconvenience.
Jirka