Author Topic: False Positive: Site Blocked - URL:Phishing  (Read 46339 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #15 on: January 07, 2021, 01:50:24 PM »
Wait for a final verdict from avast team as it has been given as clean here:
Quote
Checking: -https://bictf.org//assets/js/front/popper.min.js
File size: 18.59 KB
File MD5: b18556921e79d50bc26a3f42f33f1c16

-https://bictf.org//assets/js/front/popper.min.js - Ok

Checking: -https://bictf.org//assets/js/front/theme.js
File size: 6772 bytes
File MD5: 2c8d617570437d559ef7aa76a804b399

-https://bictf.org//assets/js/front/theme.js - archive JS-HTML
>-https://bictf.org//assets/js/front/theme.js/JSFile_1[0][1a74] - Ok
-https://bictf.org//assets/js/front/theme.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery-3.3.1.min.js
File size: 84.89 KB
File MD5: 4b57cf46dc8cb95c4cca54afc85e9540

-https://bictf.org//assets/js/front/jquery-3.3.1.min.js - archive JS-HTML
>-https://bictf.org//assets/js/front/jquery-3.3.1.min.js/JSTag_1[b3b0][9fde] - Ok
>-https://bictf.org//assets/js/front/jquery-3.3.1.min.js/JSTag_2[bc2a][9764] - Ok
>-https://bictf.org//assets/js/front/jquery-3.3.1.min.js/JSTag_3[13c2a][1764] - Ok
-https://bictf.org//assets/js/front/jquery-3.3.1.min.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery.scrollUp.js
File size: 5338 bytes
File MD5: c752b61fcdae6d71e36ce1f8a378cce2

-https://bictf.org//assets/js/front/jquery.scrollUp.js - Ok

Checking: -https://bictf.org//assets/js/front/owl.carousel.min.js
File size: 41.76 KB
File MD5: b7b9c97cd68ec336d01a79d5be48c58d

-https://bictf.org//assets/js/front/owl.carousel.min.js - Ok

Checking: -https://bictf.org//assets/js/jquery.validate.js
File size: 47.54 KB
File MD5: ed399222edd6d6afc491bc82ac5e5051

-https://bictf.org//assets/js/jquery.validate.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery.meanmenu.js
File size: 11.45 KB
File MD5: ed22b2eea8f7a1f9e0fe9c024f4ad76f

-https://bictf.org//assets/js/front/jquery.meanmenu.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery.counterup.min.js
File size: 1331 bytes
File MD5: 44f141aed0c0804f9f17b6a85e1991b7

-https://bictf.org//assets/js/front/jquery.counterup.min.js - archive JS-HTML
>-https://bictf.org//assets/js/front/jquery.counterup.min.js/JSFile_1[0][533] - Ok
-https://bictf.org//assets/js/front/jquery.counterup.min.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery.waypoints.min.js
File size: 9028 bytes
File MD5: 7d05f92297dede9ecfe3706efb95677a

-https://bictf.org//assets/js/front/jquery.waypoints.min.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery.fancybox.min.js
File size: 44.44 KB
File MD5: 5b87ba747cef3c648f3a574425266d65

-https://bictf.org//assets/js/front/jquery.fancybox.min.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery-ui.js
File size: 526.78 KB
File MD5: e0e5b130995dffab378d011fcd4f06d6

-https://bictf.org//assets/js/front/jquery-ui.js - Ok

Checking: -https://bictf.org//assets/js/front/bootstrap.min.js
File size: 49.84 KB
File MD5: 67176c242e1bdc20603c878dee836df3

-https://bictf.org//assets/js/front/bootstrap.min.js - Ok

Checking: -https://bictf.org/
Engine version: 7.0.49.9080
Total virus-finding records: 9597100
File size: 20.55 KB
File MD5: 83e0e149a68b942d2c48e8776cf68eee

-https://bictf.org/ - archive JS-HTML
>-https://bictf.org//JSTAG_1[4c8a][587] - Ok
-https://bictf.org/ - Ok
No cloaking, no spammy looking links, no iFrames etc.
JavaScript errors - I do not see the website flagged by avast now:
Quote
File not found: //assets/js/front/theme.js

File not found: //assets/js/front/bootstrap.min.js

File not found: //assets/js/front/popper.min.js

File not found: //assets/js/front/jquery.waypoints.min.js

File not found: //assets/js/front/jquery.scrollUp.js

File not found: //assets/js/front/jquery.fancybox.min.js

File not found: //assets/js/front/jquery.meanmenu.js

File not found: //assets/js/front/jquery.counterup.min.js

File not found: //assets/js/front/owl.carousel.min.js

File not found: //assets/js/front/jquery-ui.js

File not found: //assets/js/jquery.validate.js

File not found: //assets/js/front/jquery-3.3.1.min.js

SyntaxError: Invalid regular expression flags
  :3:100()
  Object.P.safeDocument. [as dispatchEvent] (:10:55)()
  :3:100()
  la (:10:228)()
  Object.send (:11:438)()
  Object.exec_csp (:1:265)()
  Object.E_u (:3:384)()
  Ka (:59:375)()
  Object.create (:71:235)()
  L (:10:208)()

EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src ''".
 chrome-extension://dhdgffkkebhmkfjojejmpbldmpobfkfo/userscript.html?name=Userscript%252B%2520%253A%2520Show%2520Site%2520All%2520UserJS.user.js&id=deaa8e68-d0a0-47a6-a24c-c7399df11a53:71 Function.onload()
  :3:100()
  :27:113()

TypeError: Cannot read property 'apply' of undefined
  :2:506()
  :3:78()
  Object.exec_script (:1:369)()
  Object.exec_csp (:1:292)()
  Object.E_u (:3:384)()
  Ka (:59:375)()
  Object.create (:71:235)()
  L (:10:208)()
animate.css, html
Bootstrap, script Not vulnerable
jQuery, script Not vulnerable


Something with CloudFlare with the tags with disallowed characters?

As I said wait for an avast team member to comment, we here are just volunteers with relevant knowledge in the field of website security, but only avast team members can come and unblock, and as far as I can establish, they already have done so.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline niccosan

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #16 on: February 12, 2021, 09:40:53 PM »
hi avast reports the website lucedeglieventi.it as responsible for phishing but the problem was solved after a few hours the hacker attack on 25 January 2021

but now avast still reports the website as a false positive

we tried to use the form
https://www.avast.com/false-positive-file-form.php

but it does not work
the captcha with google chrome and Edge browser always gives me error

we would like to know how to have this website removed from your list

Thank you

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89033
  • No support PMs thanks
Re: False Positive: Site Blocked - URL:Phishing
« Reply #17 on: February 12, 2021, 10:26:13 PM »
@  'niccosan'
See this topic, as there appears to be a problem reporting possible false positives on that link.

https://forum.avast.com/index.php?topic=249241.0

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #18 on: February 13, 2021, 12:19:32 PM »
Additionally no spam report seen for this IP: https://cleantalk.org/blacklists/104.21.56.30
CloudFlare dot net has a low spam rate of moderate 4,7% overall.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline niccosan2

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #19 on: February 15, 2021, 08:12:06 PM »
Dear polonus
I didn't understand what you mean by your message?
do i have to check with the link you provided?

or other?

Regards
Nicola

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #20 on: February 15, 2021, 10:04:36 PM »
No, I meant it could easily be a false positive detection. Wait for a final verdict from avast team.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Danijel15

  • Newbie
  • *
  • Posts: 5
Re: False Positive: Site Blocked - URL:Phishing
« Reply #21 on: February 25, 2021, 09:41:32 PM »
The avast software is saying that domain hxtps://iradio.pro/ is blocked because of phishing URL.

This has caused huge concerns among my customers and my sales have droped down because of it. Can you please help me with this i already filled the false positive form

Thank you in advance for clarification.
« Last Edit: August 26, 2022, 12:48:49 PM by Milos »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #22 on: February 25, 2021, 10:36:31 PM »
Wait for a final verdict from avast team, as avast team members are the only ones that may come and unblock.

In the mean time here are some recommendations towards the improvement of that website, some 390 hints:
https://webhint.io/scanner/a0085652-ea58-407f-b3ae-0bf6365a3ea0

No cloaking, spammy links etc. detected. Also sucuri sitescan gives the site the all green, as will VT.

DOM-XSS issues: Results from scanning URL: -https://stream.iradio.pro/system/streaminfo.js
Number of sources found: 44
Number of sinks found: 15

3 vulnerable libraries found: https://retire.insecurity.today/#!/scan/d5f873486139103b2278072b7c16d76c21927c1569f7e41013dc8c96ebdb3c0a

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jhills818

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #23 on: March 04, 2021, 08:50:21 PM »
Hello Avast technical support. My name is Justin and my company website is experiencing the similar phishing URL problem. The Avast software is blocking the website from being viewed because it has been deemed a phishing site.

Can someone please help me get this fixed?

The company site in question is: jshaccountingservicesllc.com

Thank you.

Justin
« Last Edit: March 04, 2021, 08:54:42 PM by jhills818 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: False Positive: Site Blocked - URL:Phishing
« Reply #24 on: March 04, 2021, 09:52:06 PM »
Quote
Can someone please help me get this fixed?



Report a suspected false positive (select file or website)


Click this link >>  https://www.avast.com/false-positive-file-form.php





Offline bryan221

  • Newbie
  • *
  • Posts: 5
Re: False Positive: Site Blocked - URL:Phishing
« Reply #25 on: May 22, 2021, 10:33:06 PM »
Hello Avast technical support, Rubfy is my website hosting company, domains, cloud servers, app and website development services and was marked as a virus by avast, I use avast secure browser and I guarantee that all my customers are happy with our services, we use the Licensed Cloud Linux OS, we use the licensed WHMCS, WHM / CPANEL Licenciado, there is no reason to be marked as a website with a virus, this causes me to lose customers.

I have already sent in the form to remove the false positive, you are the only ones who accuse it as a virus and it ends up with the reputation

link: hxtps://www.rubfy.com.br
« Last Edit: August 26, 2022, 12:46:28 PM by Milos »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: False Positive: Site Blocked - URL:Phishing
« Reply #26 on: May 22, 2021, 10:50:17 PM »
Hello Avast technical support, Rubfy is my website hosting company, domains, cloud servers, app and website development services and was marked as a virus by avast, I use avast secure browser and I guarantee that all my customers are happy with our services, we use the Licensed Cloud Linux OS, we use the licensed WHMCS, WHM / CPANEL Licenciado, there is no reason to be marked as a website with a virus, this causes me to lose customers.

I have already sent in the form to remove the false positive, you are the only ones who accuse it as a virus and it ends up with the reputation

link: https://www.rubfy.com.br

https://www.virustotal.com/gui/url/1ab687270f8e3a7b8633c7ebf219a2c570ac315e96c4b16911bd1df46b954137/detection

https://www.urlvoid.com/scan/rubfy.com.br/


« Last Edit: May 22, 2021, 10:52:14 PM by Pondus »

Offline bryan221

  • Newbie
  • *
  • Posts: 5
Re: False Positive: Site Blocked - URL:Phishing
« Reply #27 on: May 22, 2021, 10:57:45 PM »
I know about the CRDF, I removed it yesterday morning (you can see that in the urlvoid but in the virustotal it shows another one, it doesn't have a sync, so I ask avast to help me), they removed it from their database and left the total virus but now the adminuslab also identified, being that they were clean yesterday, I don't know if it was because of the CRDF that it has already removed, but hey this is very sad! in anaconda everything is ok, in kaspersky, and many others

follow the crdf email link saying it was removed: hxtps://ibb.co/nspQbQf

adminuslab answered automatically that there are many cases and it will take time to respond.
« Last Edit: August 26, 2022, 12:46:16 PM by Milos »

Offline bryan221

  • Newbie
  • *
  • Posts: 5
Re: False Positive: Site Blocked - URL:Phishing
« Reply #28 on: May 22, 2021, 10:59:14 PM »
Hello Avast technical support, Rubfy is my website hosting company, domains, cloud servers, app and website development services and was marked as a virus by avast, I use avast secure browser and I guarantee that all my customers are happy with our services, we use the Licensed Cloud Linux OS, we use the licensed WHMCS, WHM / CPANEL Licenciado, there is no reason to be marked as a website with a virus, this causes me to lose customers.

I have already sent in the form to remove the false positive, you are the only ones who accuse it as a virus and it ends up with the reputation

link: hxtps://www.rubfy.com.br


I know about the CRDF, I removed it yesterday morning (you can see that in the urlvoid but in the virustotal it shows another one, it doesn't have a sync, so I ask avast to help me), they removed it from their database and left the total virus but now the adminuslab also identified, being that they were clean yesterday, I don't know if it was because of the CRDF that it has already removed, but hey this is very sad! in SUCURI everything is ok, in kaspersky ok, and many others ok

follow the crdf email link saying it was removed: hxtps://ibb.co/nspQbQf

adminuslab answered automatically that there are many cases and it will take time to respond.
https://www.virustotal.com/gui/url/1ab687270f8e3a7b8633c7ebf219a2c570ac315e96c4b16911bd1df46b954137/detection

https://www.urlvoid.com/scan/rubfy.com.br/
« Last Edit: August 26, 2022, 12:46:02 PM by Milos »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #29 on: May 22, 2021, 11:02:07 PM »
You have to wait for a final verdict from an avast team member, as avast has followed GData's detection here.
See VT url scan results.

Indicators for detection: https://urlscan.io/result/f52ddb27-a4a6-440b-bcda-29cdb36045ce/#indicators
-d26lpennugtm8s.cloudfront.net (pinterest dot com stores etc.), -va.tawk.to, -www.siteblindado.com etc.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!