Author Topic: False Positive: WWW.FREELANCER.COM  (Read 1120 times)

0 Members and 1 Guest are viewing this topic.

Offline M131

  • Newbie
  • *
  • Posts: 1
False Positive: WWW.FREELANCER.COM
« on: July 29, 2019, 11:01:57 AM »
Hi there,

This was not the case before. All attachments on website freelancer.com are considered as Malware by avast web shield. I have noticed that another user has shared a similar experience 5 days ago.

I have already reported this to avast as a false positive, reporting just the following URL, as the portal allows only 1 url at a time:
https://www.freelancer.com/contest/Create-a-Thumbnail-for-Me-1547549

However, I am unable to copy the exact match URL of the attachment as avast does not let me neither the attachment url opens in a new window for me to copy the link and paste here.

Please check this screenshot instead:
https://snag.gy/nlLrVE.jpg

What do I do?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False Positive: WWW.FREELANCER.COM
« Reply #1 on: July 29, 2019, 12:46:36 PM »
Wait for an avast team member to give a final verdict on the detection.
It's their webshield so their definitions as well.

This is being detected considering relations for that IP":
https://www.virustotal.com/gui/ip-address/107.23.79.224/relations
a PHISHING detection: https://www.virustotal.com/gui/url/b9bb6cc57052ce5f4bbe0f5afbcc8ab120f4154767f14d933c1e33f51273b3af/detection

Only issue I can see flagged is for a hidden iframe.
Quote
Any hidden iframes? Yep.

<iframe src="//wXw.googletagmanager.com/ns.html?id=GTM-G7FX" height="0" width="0" style="display:none;visibility:hidden"></iframe>
Just a note, social media buttons often show up here. Then these are probably OK.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!