Author Topic: False Positive: Site Blocked - URL:Phishing  (Read 45603 times)

0 Members and 1 Guest are viewing this topic.

Offline bryan221

  • Newbie
  • *
  • Posts: 5
Re: False Positive: Site Blocked - URL:Phishing
« Reply #30 on: May 22, 2021, 11:05:46 PM »
You have to wait for a final verdict from an avast team member, as avast has followed GData's detection here.
See VT url scan results.

Indicators for detection: https://urlscan.io/result/f52ddb27-a4a6-440b-bcda-29cdb36045ce/#indicators
-d26lpennugtm8s.cloudfront.net (pinterest dot com stores etc.), -va.tawk.to, -www.siteblindado.com etc.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

ok, I will wait, I have already zipped the whole site and sent it to the G data to analyze it, explained the whole situation, sent all the licensed systems I use as WHM, WHMCS, Cloud Linux and they answered automatically:

"Dear customer,

*** This message is an automatic e-mail response ***

Thank you for your sample submission.
A ticket for your submission has now been created and added to the processing queue.
Our analysts will examine your submission and you will get a reply with the solution and / or verdict for the submitted files / URLs.

Please note that we are receiving a large number of submissions per day, the processing of your ticket may take time.
Thank you for your patience.

Best Regards,
SecurityResponse Team

G DATA CyberDefense AG • G DATA Campus • Königsallee 178 "

I only have 2 options or I wait for the G-DATA to release or Avast removes and helps me.

the links are only images like cloudfront, etc., that I did not host on my server, I left on the CDN, I really have to upload it on my server, but I believe that this is not the problem because we have used it for months without any problem.
« Last Edit: May 22, 2021, 11:08:43 PM by bryan221 »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #31 on: May 22, 2021, 11:21:16 PM »
Hi bryan221,

I hope for you soon after this long weekend, you will be in for a final reply.
Hope that all ends well for you,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bryan221

  • Newbie
  • *
  • Posts: 5
Re: False Positive: Site Blocked - URL:Phishing
« Reply #32 on: May 22, 2021, 11:23:16 PM »
Hi bryan221,

I hope for you soon after this long weekend, you will be in for a final reply.
Hope that all ends well for you,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Hi polonus,

thank you very much, the support is very good, super effective, you respond very quickly and calm us down!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: False Positive: Site Blocked - URL:Phishing
« Reply #33 on: May 23, 2021, 12:57:30 AM »
@ bryan221
You might want to check this out - https://awesometechstack.com/analysis/website/rubfy.com.br/ - as it reports some of the software needs to be updated, jQuery and Bootstrap.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #34 on: May 23, 2021, 01:43:36 AM »
Good advice towards bootstrap and jQuery version updates, however....

Whenever scanning at awesometechstack dot com, better keep following inline script blocked:
-https://m.servedby-buysellads.com/monetization.js (blocked by uBlockOrigin for me) (not malicious per se, but ad-tracking)
Re: https://www.virustotal.com/gui/ip-address/108.161.189.78/relations

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline larkinsen

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #35 on: June 12, 2021, 12:07:43 PM »
Hi.I'm trying to pay a bill through hxtps://secure.euplatesc.ro/ and it says that was blocked due to phishing infection.I didn't have this problem until now.Please whitelist it or review it.Thanks
« Last Edit: August 26, 2022, 12:45:29 PM by Milos »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: False Positive: Site Blocked - URL:Phishing
« Reply #36 on: June 12, 2021, 12:09:03 PM »
Hi.I'm trying to pay a bill through https://secure.euplatesc.ro/ and it says that was blocked due to phishing infection.I didn't have this problem until now.Please whitelist it or review it.Thanks
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438



Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #37 on: June 12, 2021, 01:02:38 PM »
Scamvoid says potentially safe. But we see a link redirecting to facebook & linkedin:
Outgoing Links

-https://www.facebook.com/EuPlatesc.ro CleanMX flags this a s PHISHing link.
 
-https://www.linkedin.com/groups/eCommerce-Romania-1843035/about  CleanMX flags this a the PHISHing link

So avast's detection can be based on CleanMX's detection.

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Richard80

  • Newbie
  • *
  • Posts: 2
Re: False Positive: Site Blocked - URL:Phishing
« Reply #38 on: June 27, 2022, 02:15:27 PM »
The avast software is saying that our company domain hxtps://productmarketingalliance.com/ is blocked because of phishing..?

It's caused some concern to our members. Can we understand what happened here and what had triggered the false positive?

Thank you in advance for clarification.

Kind regards

Rich
« Last Edit: August 26, 2022, 12:45:18 PM by Milos »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False Positive: Site Blocked - URL:Phishing
« Reply #39 on: June 27, 2022, 02:24:43 PM »
Hi, you can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Richard80

  • Newbie
  • *
  • Posts: 2
Re: False Positive: Site Blocked - URL:Phishing
« Reply #40 on: June 27, 2022, 02:33:06 PM »
Hi, you can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php


Thanks - I've gone ahead and done this - does anyone know how quickly these are corrected?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False Positive: Site Blocked - URL:Phishing
« Reply #41 on: June 27, 2022, 02:34:38 PM »
You're welcome. You should get a reply within 48 hours.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #42 on: June 27, 2022, 10:35:25 PM »
It is probably the IP that is being flagged because of this:
https://www.abuseipdb.com/whois/178.128.137.126
whereas these scan results are fine: https://www.virustotal.com/gui/url/bb53362762c58f22ebb3248a4c8c3f3b255bbb521be8abdff4d2f0efcbb5c28c/details
So wait for a final verdict from avast team,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Bogdan Schimbischi

  • Newbie
  • *
  • Posts: 2
Re: False Positive: Site Blocked - URL:Phishing
« Reply #43 on: August 26, 2022, 10:55:59 AM »
Hello,
Our website is flagged as Phishing and that is not true.

Thank you in advance for clarification.

Website: hxtps://www.companisto.com
https://urlscan.io/result/e7165a1f-09bc-443f-a00c-b8a4af672197/
https://www.virustotal.com/gui/url/42c93f5ba47310032cf3c0fbc5a552a1ef2448b0d188900a44b3289c66366e59/detection

Already reported here: https://www.avast.com/false-positive-file-form.php

« Last Edit: August 26, 2022, 12:44:58 PM by Milos »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: False Positive: Site Blocked - URL:Phishing
« Reply #44 on: August 26, 2022, 11:26:27 AM »
@  Bogdan Schimbischi
When did you report it  ?
You should get a response in a day or two.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security