Author Topic: False Positive: Site Blocked - URL:Phishing  (Read 45606 times)

0 Members and 1 Guest are viewing this topic.

Offline Bogdan Schimbischi

  • Newbie
  • *
  • Posts: 2
Re: False Positive: Site Blocked - URL:Phishing
« Reply #45 on: August 26, 2022, 11:35:06 AM »
@DavidR thank you for reply.

I've report it about 40 minutes ago.

Who will cover the cost of losses for this ?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: False Positive: Site Blocked - URL:Phishing
« Reply #46 on: August 26, 2022, 12:27:02 PM »
As an Avast User, I have no input on this.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #47 on: September 17, 2022, 05:50:15 PM »
Hi Schimbischi,

Good news as avast online does no longer flag this website.

However there are some...
Issues to look into: as retirable code was found on that website:
Quote
bootstrap   3.3.4   Found in
-https://www.companisto.com/code/bootstrap/dist/js/bootstrap.min.js _____Vulnerability info:
Medium   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   
Medium   XSS is possible in the data-target attribute. CVE-2016-10735   
jquery   1.11.2.min   Found in
-https://cdn.companisto.com/code/scripts/jquery-1.11.2.min.js _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   

Files not found as blocked by browser: File not found:
-https://bat.bing.com/bat.js

File not found: -https://www.googletagmanager.com/gtm.js?id=GTM-KHVZHHS

File not found: -https://www.googletagmanager.com/gtm.js?id=GTM-PC9BJK

File not found: -https://cdn.scarabresearch.com/js/1CEA86B5EC4A5E84/scarab-v2.js

Tracker SSL warns:
Quote
Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell
-companisto.com to fix it.

Identifiers | All Trackers
 Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

-companisto_6325ea5d4a274 wXw.companisto.comctx_id
Legend

 Tracking IDs could be sent safely if this site was secure.

 Tracking IDs do not support secure transmission.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: September 17, 2022, 06:01:18 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Volkv

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #48 on: October 11, 2022, 11:04:32 AM »
Hello. Can you please check why https://cq.ru is blocked with URL:phishing error. Thanks!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: False Positive: Site Blocked - URL:Phishing
« Reply #49 on: October 11, 2022, 12:04:06 PM »
Hello. Can you please check why cq.ru is blocked with URL:phishing error. Thanks!

Please break active link (as I have in the quote) to avoid accidental exposure.
See https://www.virustotal.com/gui/url/ebca93c04b2dd41d52eb955563d5a225a6b79bace30427b5609c40a0dac5277f only one there.
Nothing here - https://sitecheck.sucuri.net/results/cq.ru

Also see - https://en.internet.nl/site/cq.ru/1733507/

Also - Webpage Security Score F - https://snyk.io/test/website-scanner/?test=221011_AiDcJN_7MH&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner - these weaknesses could make it more liable to abuse.


Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: False Positive: Site Blocked - URL:Phishing
« Reply #51 on: January 10, 2023, 12:16:27 PM »
You can use the - Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #52 on: January 12, 2023, 01:32:57 PM »
Hi Wira,

VT gives it as clean. Could have been the http/https redirect, the Bitdefender p*rn alert,
or an issue with the zimbra redirect found.

Just wait for a final verdict by avast team.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Francesco35

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #53 on: May 05, 2023, 01:07:33 PM »
Our website (https://www.erasmustrainingcourses.com)  is blocked since more than 2 weeks. We've reported at https://www.avast.com/false-positive-file-form.php already since more than 2 weeks and we've reported again today. We had to disinstall Avast from all our devices but still many customers cannot access. We're very upset, please fix this problem as soon as possible

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: False Positive: Site Blocked - URL:Phishing
« Reply #54 on: May 05, 2023, 01:44:08 PM »
Our website (erasmustrainingcourses.com)  is blocked since more than 2 weeks. We've reported at https://www.avast.com/false-positive-file-form.php already since more than 2 weeks and we've reported again today. We had to disinstall Avast from all our devices but still many customers cannot access. We're very upset, please fix this problem as soon as possible

Please break the active link in your post (as I have in the quoted text) or change the https to hXXps:// to avoid accidental exposure.
You should have had an email response on your submission.

That said - nothing found on this check - https://www.virustotal.com/gui/url/98c421809c64c6806df31620d61a030478692c35fbd71b041ffb87d4ded36e55?nocache=1
However there are external links on your site which could be the reason - this one in particular - hXXps://drive.google.com/open?id=XXXXXXX  and hXXps://drive.google.com/file/d/1-XXXXXXX not sure why these would be needed or if they could be the reason.

There are security notifications reported in this check - https://en.internet.nl/site/erasmustrainingcourses.com/2074409/
Low risk, but some recommendations reported here - https://sitecheck.sucuri.net/results/erasmustrainingcourses.com
Considered benign here - https://zulu.zscaler.com/submission/ca16121f-23de-4b76-aa9d-c5db9f4c4d7d

Note I'm an Avast user and not employed by Avast.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #55 on: May 07, 2023, 10:36:52 PM »
As DavidR says, no direct flags elsewhere, so wait for a final verdict from avast team.

But consider: https://www.shodan.io/domain/cmp.osano.com (one of the javascript finds there).

See website's hardening proposals: https://sitecheck.sucuri.net/results/www.erasmustrainingcourses.com

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Jeffrey S

  • Newbie
  • *
  • Posts: 1
Re: False Positive: Site Blocked - URL:Phishing
« Reply #56 on: June 01, 2023, 03:35:32 PM »
The Avast software is saying that www.google.com.mcas.ms is infected with URL: Phishing.

I currently have 4364 instances of this notification. The Avast popup is constant and interrupts productivity. I have scanned the PC numerous times to no avail. HELP!

Best regards,

Jeffrey

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: False Positive: Site Blocked - URL:Phishing
« Reply #57 on: June 01, 2023, 10:38:10 PM »
The Avast software is saying that xxx .google.com.mcas.ms is infected with URL: Phishing.

I currently have 4364 instances of this notification. The Avast popup is constant and interrupts productivity. I have scanned the PC numerous times to no avail. HELP!

Best regards,

Jeffrey
Please do not post live suspected links in the forum. Follow the instructions already posted in this thread.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False Positive: Site Blocked - URL:Phishing
« Reply #58 on: June 01, 2023, 11:04:01 PM »
Hi Jeffrey S,

Bob3160 is right here, on the site report by Netcraft that link has a 7 out of 10 risk status.

See: https://urlscan.io/ip/40.81.121.140  on this OpenResty Server ->
https://vulmon.com/searchpage?q=openresty

Consider -http://mcasproxy.azureedge.net/proxyweb/1.33.32/js/session-context-store-helper.min.js
and https://urlscan.io/result/755b3a08-b4ff-4e64-9273-f986814c5906/

Wait for a final on this from avast team,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline StreamHD

  • Newbie
  • *
  • Posts: 2
Re: False Positive: Site Blocked - URL:Phishing
« Reply #59 on: October 28, 2023, 06:59:57 PM »
Avast multiple times false detect my website streamhd247.info. It happens after every 4 to 5 days. I have no extrenal links on my website just a pop-up from popular ad network. I report false detect to avast and they clear in a day or two but it affect my traffic. Kindly resolve this issue permanently.

Thank You