Author Topic: False Positive: Site Blocked - URL:Phishing  (Read 3360 times)

0 Members and 1 Guest are viewing this topic.

Offline BitrueExchange

  • Newbie
  • *
  • Posts: 1
False Positive: Site Blocked - URL:Phishing
« on: April 03, 2019, 04:05:05 AM »


The avast software is saying that our company domain www.bitrue.com is blocked because of phishing URL.

This has caused huge concerns among our customers who had your software on their laptops. Can we understand what happened here and what had triggered the false positive??

Thank you in advance for clarification.

Kind regards

Bitrue

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 67394
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False Positive: Site Blocked - URL:Phishing
« Reply #1 on: April 03, 2019, 07:38:12 AM »
Win 8.1 [x64] - Avast PremSec 20.9.2434.Beta#2 [UI.573] - CC 5.72 - EEK - FF ESR 78.4 [NS/AOS/uBO/PB] - TB 78.4 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: False Positive: Site Blocked - URL:Phishing
« Reply #2 on: April 03, 2019, 07:42:08 AM »
Hi,
it was fixed 25 minutes ago.

Offline Iris33

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #3 on: May 29, 2019, 12:44:42 PM »
Hey there, this is happening to us again. We'd really be grateful if you could help us understand what had trigger this false positive again in such a short time period. www.bitrue.com

It affecting our reputation as a company, please help fix it. Thank you.
_______
"The requested webbadress contains sabotage software that can harm your computer. If you want to go in to the webpage, close avast web protection and try again
Infection type: URL:Phishing"

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1131
Re: False Positive: Site Blocked - URL:Phishing
« Reply #4 on: May 29, 2019, 12:57:24 PM »
Sorry for the inconvenience, I added bitrue[.]com to our cleanset so it wouldn't happen again.

Offline me48

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #5 on: August 12, 2019, 05:24:38 PM »
After entering my login info in sos.secureserver.net (the site, hostingdude.com, where my domains are hosted) and clicking "enter," I am taken to https://register-cheap-domain-names-cheap-web-hosting.hostingdude.com/sso/custom-domain-set?target=ggrdqjoeueticgeabbdidgihwjveubahphvarfyfyfreginbgcwdmglchifbkiphsigasiwhdgpjjdieneyckfhjxeqhicnc&sid=yfvghcsidcphubmdqgzefiwgahrikejh, where I get the warning: "URL:Phishing."  I am unable to access my account, and would appreciate advise - should I proceed -- disable Avast -- and go into the site?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36760
Re: False Positive: Site Blocked - URL:Phishing
« Reply #6 on: August 12, 2019, 05:30:34 PM »
Quote
I am unable to access my account, and would appreciate advise - should I proceed -- disable Avast -- and go into the site?
See reply #1



Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: False Positive: Site Blocked - URL:Phishing
« Reply #7 on: August 15, 2019, 04:09:57 AM »
After entering my login info in sos.secureserver.net (the site, hostingdude.com, where my domains are hosted) and clicking "enter," I am taken to hxxps://register-cheap-domain-names-cheap-web-hosting.hostingdude.com/sso/custom-domain-set?target=ggrdqjoeueticgeabbdidgihwjveubahphvarfyfyfreginbgcwdmglchifbkiphsigasiwhdgpjjdieneyckfhjxeqhicnc&sid=yfvghcsidcphubmdqgzefiwgahrikejh, where I get the warning: "URL:Phishing."  I am unable to access my account, and would appreciate advise - should I proceed -- disable Avast -- and go into the site?

Detection has been removed in 14.08.2019 09:40 AM.

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

Offline subashgrg171

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #8 on: September 24, 2020, 01:39:10 PM »
Hello sir, Avast says that my websit www.artreenepal.com has been infected with  url: phishing .  so i coulnt acces my website . could you pls look into the issue what has caused it or is it a avast mistake.
Thanks  in advance for your concern.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32770
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #9 on: September 24, 2020, 06:10:18 PM »
6 reports found on scumware for that IP: https://www.scumware.org/report/103.86.176.10.html
Not flagged here: https://sitecheck.sucuri.net/results/www.artreenepal.com

49 recommendations towards improvement of website: https://webhint.io/scanner/a9656bc7-7043-49c1-b4a8-5712081a5ef7
Especially mark the security tips!

Wait for a final verdict from avast team, as they are the only ones to come and unblock.

polonus (volunteer 3rd party cold recon website security analysis and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline acusticaneuquen

  • Newbie
  • *
  • Posts: 2
Re: False Positive: Site Blocked - URL:Phishing
« Reply #10 on: September 26, 2020, 04:17:23 PM »
Buenas tardes, avast muestra la URL de mi sitio como un sitio de spam o malware, por favor podrían revisar mi sitio y eliminarlo de su lista negra. https://www.sonarcts.com.ar/ https://sitecheck.sucuri.net/results/sonarcts.com.ar


Good afternoon avast shows my site url as spam or malware site, could you please check my site and remove it from your blacklist
https://www.sonarcts.com.ar/ https://sitecheck.sucuri.net/results/sonarcts.com.ar

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 67394
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False Positive: Site Blocked - URL:Phishing
« Reply #11 on: September 27, 2020, 07:35:43 AM »
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Win 8.1 [x64] - Avast PremSec 20.9.2434.Beta#2 [UI.573] - CC 5.72 - EEK - FF ESR 78.4 [NS/AOS/uBO/PB] - TB 78.4 - SB/CP/SL/DU.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32770
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #12 on: September 28, 2020, 11:10:01 AM »
Wait for a final verdict from an avast team member as they are the only ones to come and unblock.

Here your links seem clean:
Quote
Checking: -https://static.parastorage.com/unpkg/whatwg-fetch@3.0.0/dist/fetch.umd.js
File size: 14.46 KB
File MD5: 456c02ee2a496580a24e5aee614ba9b3

-https://static.parastorage.com/unpkg/whatwg-fetch@3.0.0/dist/fetch.umd.js - Ok

Checking: -https://static.parastorage.com/services/wix-perf-measure/1.238.0/wix-perf-measure.bundle.min.js
File size: 22.98 KB
File MD5: f5934c142b480054f08ac792a2ef0f6f

-https://static.parastorage.com/services/wix-perf-measure/1.238.0/wix-perf-measure.bundle.min.js - Ok

Checking: -https://static.parastorage.com/unpkg/requirejs-bolt@2.3.6/requirejs.min.js
File size: 17.08 KB
File MD5: 18823f6a6d208ee1e361bb266ab794d5

-https://static.parastorage.com/unpkg/requirejs-bolt@2.3.6/requirejs.min.js - Ok

Checking: -https://static.parastorage.com/services/tag-manager-client/1.186.0/siteTags.bundle.min.js
File size: 9969 bytes
File MD5: 69058c409a71528fa4be8ab659d4cc24

-https://static.parastorage.com/services/tag-manager-client/1.186.0/siteTags.bundle.min.js - Ok

Checking: -https://static.parastorage.com/services/wix-bolt/1.6656.0/bolt-main/app/bolt-custom-elements.min.js
File size: 139.00 KB
File MD5: 609b23cb79281b5db163d9bba440a9b1

-https://static.parastorage.com/services/wix-bolt/1.6656.0/bolt-main/app/bolt-custom-elements.min.js - archive JS-HTML
-https://static.parastorage.com/services/wix-bolt/1.6656.0/bolt-main/app/bolt-custom-elements.min.js - Ok

Checking:- https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js
File size: 134.54 KB
File MD5: 18eb21e8d1074fd7a594d3748ba0cb33

-https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js - archive JS-HTML
>-https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js/JSTag_1[3588][1e4a3] - Ok
-https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js - Ok

Checking:
-https://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js
File size: 11.94 KB
File MD5: 07cfd255c2196aee3348d61240568187

-https://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js - archive JS-HTML
>-
-hXtps://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js/JSFile_1[0][2fc4] - Ok
-https://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js - Ok

Checking: -https://www.sonarcts.com.ar/
Engine version: 7.0.49.9080
Total virus-finding records: 9278294
File size: 483.13 KB
File MD5: 6f9fe1ad495ce2f3ed1380441887492a

-https://www.sonarcts.com.ar/ - archive JS-HTML
>-https://www.sonarcts.com.ar//JSTAG_1[544][10b1b] - Ok
>-https://www.sonarcts.com.ar//JSTAG_2[11095][3d] - Ok
>-https://www.sonarcts.com.ar//JSTAG_3[11112][172b] - Ok
>-https://www.sonarcts.com.ar//JSTAG_4[12866][2251] - Ok
>-https://www.sonarcts.com.ar//JSTAG_5[14af2][285] - Ok
>-https://www.sonarcts.com.ar//JSTAG_6[14def][87] - Ok
>-https://www.sonarcts.com.ar//JSTAG_7[14f75][c5] - Ok
>-https://www.sonarcts.com.ar//JSTAG_8[1506c][1e2] - Ok
>-https://www.sonarcts.com.ar//JSTAG_9[1526c][b2] - Ok
>-https://www.sonarcts.com.ar//JSTAG_10[15346][702] - Ok
>-https://www.sonarcts.com.ar//JSTAG_11[15c01][160] - Ok
>-https://www.sonarcts.com.ar//JSTAG_12[453c1][d6] - Ok
>-https://www.sonarcts.com.ar//JSTAG_13[45c32][e6] - Ok
>-https://www.sonarcts.com.ar//JSTAG_14[45dbf][33e] - Ok
>-https://www.sonarcts.com.ar//JSTAG_15[657ea][18a] - Ok
>-https://www.sonarcts.com.ar//JSTAG_16[66d5c][11bc8] - Ok
>-https://www.sonarcts.com.ar//JSTAG_17[78ac5][1e] - Ok
>-https://www.sonarcts.com.ar//JSTAG_18[78b21][139] - Ok
-https://www.sonarcts.com.ar/ - Ok
  check by DrWeb's.

31 recommendations towards improvement given here: https://webhint.io/scanner/e43e6761-b286-4db3-9cfd-59d329472979
1500! idem given here: https://webhint.io/scanner/dd07a5bc-d313-4fb3-baab-c7d81211eac3

polonus (volunteer 3rd party coldd recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline acusticaneuquen

  • Newbie
  • *
  • Posts: 2
Re: False Positive: Site Blocked - URL:Phishing
« Reply #13 on: September 28, 2020, 02:11:45 PM »
Gracias por tu disposición, espero aun miembro avast resuelva.

Offline contacto38

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #14 on: October 07, 2020, 07:32:33 AM »
The avast software is saying that my domain www.fernandarestrepo.com is blocked because of phishing URL.

This has caused huge concerns among my customers and my sales have droped down because of it. Can you please help me with this i already filled the false positive form

Thank you in advance for clarification.

Kind regards

Fernanda Restrepo