Author Topic: False Positive: Site Blocked - URL:Phishing  (Read 46135 times)

0 Members and 1 Guest are viewing this topic.

Offline BitrueExchange

  • Newbie
  • *
  • Posts: 1
False Positive: Site Blocked - URL:Phishing
« on: April 03, 2019, 04:05:05 AM »


The avast software is saying that our company domain wxw.bitrue.com is blocked because of phishing URL.

This has caused huge concerns among our customers who had your software on their laptops. Can we understand what happened here and what had triggered the false positive??

Thank you in advance for clarification.

Kind regards

Bitrue
« Last Edit: August 26, 2022, 12:46:51 PM by Milos »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False Positive: Site Blocked - URL:Phishing
« Reply #1 on: April 03, 2019, 07:38:12 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: False Positive: Site Blocked - URL:Phishing
« Reply #2 on: April 03, 2019, 07:42:08 AM »
Hi,
it was fixed 25 minutes ago.

Offline Iris33

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #3 on: May 29, 2019, 12:44:42 PM »
Hey there, this is happening to us again. We'd really be grateful if you could help us understand what had trigger this false positive again in such a short time period. wxw.bitrue.com

It affecting our reputation as a company, please help fix it. Thank you.
_______
"The requested webbadress contains sabotage software that can harm your computer. If you want to go in to the webpage, close avast web protection and try again
Infection type: URL:Phishing"
« Last Edit: August 26, 2022, 12:47:02 PM by Milos »

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: False Positive: Site Blocked - URL:Phishing
« Reply #4 on: May 29, 2019, 12:57:24 PM »
Sorry for the inconvenience, I added bitrue[.]com to our cleanset so it wouldn't happen again.
« Last Edit: August 26, 2022, 12:47:14 PM by Milos »

Offline me48

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #5 on: August 12, 2019, 05:24:38 PM »
After entering my login info in sos.secureserver.net (the site, hostingdude.com, where my domains are hosted) and clicking "enter," I am taken to hxtps://register-cheap-domain-names-cheap-web-hosting.hostingdude.com/sso/custom-domain-set?target=ggrdqjoeueticgeabbdidgihwjveubahphvarfyfyfreginbgcwdmglchifbkiphsigasiwhdgpjjdieneyckfhjxeqhicnc&sid=yfvghcsidcphubmdqgzefiwgahrikejh, where I get the warning: "URL:Phishing."  I am unable to access my account, and would appreciate advise - should I proceed -- disable Avast -- and go into the site?
« Last Edit: August 26, 2022, 12:47:24 PM by Milos »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37526
  • Not a avast user
Re: False Positive: Site Blocked - URL:Phishing
« Reply #6 on: August 12, 2019, 05:30:34 PM »
Quote
I am unable to access my account, and would appreciate advise - should I proceed -- disable Avast -- and go into the site?
See reply #1



Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6677
  • volunteer
Re: False Positive: Site Blocked - URL:Phishing
« Reply #7 on: August 15, 2019, 04:09:57 AM »
After entering my login info in sos.secureserver.net (the site, hostingdude.com, where my domains are hosted) and clicking "enter," I am taken to hxxps://register-cheap-domain-names-cheap-web-hosting.hostingdude.com/sso/custom-domain-set?target=ggrdqjoeueticgeabbdidgihwjveubahphvarfyfyfreginbgcwdmglchifbkiphsigasiwhdgpjjdieneyckfhjxeqhicnc&sid=yfvghcsidcphubmdqgzefiwgahrikejh, where I get the warning: "URL:Phishing."  I am unable to access my account, and would appreciate advise - should I proceed -- disable Avast -- and go into the site?

Detection has been removed in 14.08.2019 09:40 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #8 on: September 24, 2020, 06:10:18 PM »
6 reports found on scumware for that IP: https://www.scumware.org/report/103.86.176.10.html
Not flagged here: https://sitecheck.sucuri.net/results/www.artreenepal.com

49 recommendations towards improvement of website: https://webhint.io/scanner/a9656bc7-7043-49c1-b4a8-5712081a5ef7
Especially mark the security tips!

Wait for a final verdict from avast team, as they are the only ones to come and unblock.

polonus (volunteer 3rd party cold recon website security analysis and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline acusticaneuquen

  • Newbie
  • *
  • Posts: 2
Re: False Positive: Site Blocked - URL:Phishing
« Reply #9 on: September 26, 2020, 04:17:23 PM »
Buenas tardes, avast muestra la URL de mi sitio como un sitio de spam o malware, por favor podrían revisar mi sitio y eliminarlo de su lista negra. hxtps://www.sonarcts.com.ar/ https://sitecheck.sucuri.net/results/sonarcts.com.ar


Good afternoon avast shows my site url as spam or malware site, could you please check my site and remove it from your blacklist
https://www.sonarcts.com.ar/ https://sitecheck.sucuri.net/results/sonarcts.com.ar
« Last Edit: August 26, 2022, 12:47:48 PM by Milos »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False Positive: Site Blocked - URL:Phishing
« Reply #10 on: September 27, 2020, 07:35:43 AM »
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #11 on: September 28, 2020, 11:10:01 AM »
Wait for a final verdict from an avast team member as they are the only ones to come and unblock.

Here your links seem clean:
Quote
Checking: -https://static.parastorage.com/unpkg/whatwg-fetch@3.0.0/dist/fetch.umd.js
File size: 14.46 KB
File MD5: 456c02ee2a496580a24e5aee614ba9b3

-https://static.parastorage.com/unpkg/whatwg-fetch@3.0.0/dist/fetch.umd.js - Ok

Checking: -https://static.parastorage.com/services/wix-perf-measure/1.238.0/wix-perf-measure.bundle.min.js
File size: 22.98 KB
File MD5: f5934c142b480054f08ac792a2ef0f6f

-https://static.parastorage.com/services/wix-perf-measure/1.238.0/wix-perf-measure.bundle.min.js - Ok

Checking: -https://static.parastorage.com/unpkg/requirejs-bolt@2.3.6/requirejs.min.js
File size: 17.08 KB
File MD5: 18823f6a6d208ee1e361bb266ab794d5

-https://static.parastorage.com/unpkg/requirejs-bolt@2.3.6/requirejs.min.js - Ok

Checking: -https://static.parastorage.com/services/tag-manager-client/1.186.0/siteTags.bundle.min.js
File size: 9969 bytes
File MD5: 69058c409a71528fa4be8ab659d4cc24

-https://static.parastorage.com/services/tag-manager-client/1.186.0/siteTags.bundle.min.js - Ok

Checking: -https://static.parastorage.com/services/wix-bolt/1.6656.0/bolt-main/app/bolt-custom-elements.min.js
File size: 139.00 KB
File MD5: 609b23cb79281b5db163d9bba440a9b1

-https://static.parastorage.com/services/wix-bolt/1.6656.0/bolt-main/app/bolt-custom-elements.min.js - archive JS-HTML
-https://static.parastorage.com/services/wix-bolt/1.6656.0/bolt-main/app/bolt-custom-elements.min.js - Ok

Checking:- https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js
File size: 134.54 KB
File MD5: 18eb21e8d1074fd7a594d3748ba0cb33

-https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js - archive JS-HTML
>-https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js/JSTag_1[3588][1e4a3] - Ok
-https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js - Ok

Checking:
-https://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js
File size: 11.94 KB
File MD5: 07cfd255c2196aee3348d61240568187

-https://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js - archive JS-HTML
>-
-hXtps://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js/JSFile_1[0][2fc4] - Ok
-https://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js - Ok

Checking: -https://www.sonarcts.com.ar/
Engine version: 7.0.49.9080
Total virus-finding records: 9278294
File size: 483.13 KB
File MD5: 6f9fe1ad495ce2f3ed1380441887492a

-https://www.sonarcts.com.ar/ - archive JS-HTML
>-https://www.sonarcts.com.ar//JSTAG_1[544][10b1b] - Ok
>-https://www.sonarcts.com.ar//JSTAG_2[11095][3d] - Ok
>-https://www.sonarcts.com.ar//JSTAG_3[11112][172b] - Ok
>-https://www.sonarcts.com.ar//JSTAG_4[12866][2251] - Ok
>-https://www.sonarcts.com.ar//JSTAG_5[14af2][285] - Ok
>-https://www.sonarcts.com.ar//JSTAG_6[14def][87] - Ok
>-https://www.sonarcts.com.ar//JSTAG_7[14f75][c5] - Ok
>-https://www.sonarcts.com.ar//JSTAG_8[1506c][1e2] - Ok
>-https://www.sonarcts.com.ar//JSTAG_9[1526c][b2] - Ok
>-https://www.sonarcts.com.ar//JSTAG_10[15346][702] - Ok
>-https://www.sonarcts.com.ar//JSTAG_11[15c01][160] - Ok
>-https://www.sonarcts.com.ar//JSTAG_12[453c1][d6] - Ok
>-https://www.sonarcts.com.ar//JSTAG_13[45c32][e6] - Ok
>-https://www.sonarcts.com.ar//JSTAG_14[45dbf][33e] - Ok
>-https://www.sonarcts.com.ar//JSTAG_15[657ea][18a] - Ok
>-https://www.sonarcts.com.ar//JSTAG_16[66d5c][11bc8] - Ok
>-https://www.sonarcts.com.ar//JSTAG_17[78ac5][1e] - Ok
>-https://www.sonarcts.com.ar//JSTAG_18[78b21][139] - Ok
-https://www.sonarcts.com.ar/ - Ok
  check by DrWeb's.

31 recommendations towards improvement given here: https://webhint.io/scanner/e43e6761-b286-4db3-9cfd-59d329472979
1500! idem given here: https://webhint.io/scanner/dd07a5bc-d313-4fb3-baab-c7d81211eac3

polonus (volunteer 3rd party coldd recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline acusticaneuquen

  • Newbie
  • *
  • Posts: 2
Re: False Positive: Site Blocked - URL:Phishing
« Reply #12 on: September 28, 2020, 02:11:45 PM »
Gracias por tu disposición, espero aun miembro avast resuelva.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #13 on: October 07, 2020, 12:25:56 PM »
Hi contacto38,

Report here: https://www.avast.com/false-positive-file-form.php
The only ones that can give a final verdict and possibly unblock your website are avast team members.
We here are not. Just volunteers with relative knowledge of website security intelligence.

At the moment avast detects certain issues with sites on CloudFlare and it's anti-bot obfuscated code,
combined with clickfunnels' proximanova code.

Hopefully this issue will be sorted out soon between avast, clickfunnels & CloudFlare.  :P

Your website is redirecting here: -https://www.fernandarestrepo.com/inscribeteparalarepeticionn1601675656060
I see no cloaking, no spammy links, normal status codes, no iframes and no further blacklists mentioned.
-> https://sitecheck.sucuri.net/results/www.fernandarestrepo.com
VT: no engines detect: https://www.virustotal.com/gui/url/0a555b780be78cc52705ed16415ac6f839abaf779e6a415d63bac0b7f93ad4a1/detection
 
DOM-XSS issues: Results from scanning URL: -https://www.fernandarestrepo.com/inscribeteparalarepeticionn1601675656060
Number of sources found: 33
Number of sinks found: 364

Recommendations: https://webhint.io/scanner/c1674c98-a5f2-4620-8a3b-b654f1d34e08
Only Trustwave to flag that CloudFlare IP: https://www.virustotal.com/gui/ip-address/104.16.16.194/detection
See also: https://www.virustotal.com/gui/ip-address/104.16.16.194/relations

polonus (3rd party cold recon website security analyst and website error-hunter)
« Last Edit: October 07, 2020, 12:30:36 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89006
  • No support PMs thanks
Re: False Positive: Site Blocked - URL:Phishing
« Reply #14 on: January 06, 2021, 07:09:09 PM »
Hello sir. I can not visit my website. Avast call website has been infected with URL: Phishing. Please check my website and solved this.
hxtp://bictf.org and hxtps://bictf.org

Use the link in Reply #11 https://forum.avast.com/index.php?topic=226334.msg1562447#msg1562447

Whilst not blacklisted in that check, https://sitecheck.sucuri.net/results/bictf.org there are some other issues.

Also this check https://webhint.io/scanner/21c4cbc6-e159-426b-a684-0c8aeba65ad7 especially security based issues.

I don't know if these would result in avasts detection (possibly not) or make it more likely that the site could be hacked.  Which is why you should report it directly to avast using the link in Reply #11 that I mentioned above.
« Last Edit: August 26, 2022, 12:48:24 PM by Milos »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security