URL: Phishing false positive - HELP?

[tym3]

One of my clients' sites is throwing what I believe is a false positive, URL:Phishing.

The site in question is emcsecurity.com. Their google ads are coming back clean, so we're at a loss if it's not a false positive.

[Asyn]

-> https://sitecheck.sucuri.net/results/emcsecurity.com
-> https://www.virustotal.com/gui/url/98d1f7e7f3418585305c9da5250e4f86775d941321c8e295b3f33f0a42d18195/detection

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

[jefferson sant]

Detection has been removed 06.08.2019 at 07:54 AM.

Our virus specialists have been working on this problem and it has been resolved. The provided website isn't detected by Avast anymore.

[Surzycki]

I am having the same issue with a website, app.coinhouse.com

How can I figure out why this is happening ?

https://www.virustotal.com/gui/url/92ea7858e27d5e06194204b66345d10e4ebad26ee4d8cd892a25389e53491b4e/detection
https://sitecheck.sucuri.net/results/app.coinhouse.com

[Pondus]

How can I figure out why this is happening ? 

Report it to avast lab

[jefferson sant]

I am having the same issue with a website, app.coinhouse.com

How can I figure out why this is happening ?

https://www.virustotal.com/gui/url/92ea7858e27d5e06194204b66345d10e4ebad26ee4d8cd892a25389e53491b4e/detection
https://sitecheck.sucuri.net/results/app.coinhouse.com

Site no longer is detected.

[Sakamoto]

Hello, I am a IT maintenance engineer. I am falsely reported as a phishing website on this website ( https://www.myhair.asia/ ), please help detect? Can I lift the ban?

https://sitecheck.sucuri.net/results/www.myhair.asia

https://www.virustotal.com/gui/url/8c1101e483cf9cb0b3a74ca76e07fb371fcf44e60ee1de1a5f5ecf6e08238ff3/detection

many thanks

[Asyn]

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

[Sakamoto]

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

Hi, I have Report a suspected false positive, but I am still waiting for reply.

many thanks

[polonus]

Website is no longer being flagged by avast's.

However check: ReferenceError: ga is not defined
 /:20  and jquery   1.12.4   Found in -https://myhair.sakacdn.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   1
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

polonus

[Sakamoto]

Website is no longer being flagged by avast's.

However check: ReferenceError: ga is not defined
 /:20  and jquery   1.12.4   Found in -https://myhair.sakacdn.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   1
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

polonus

Hi, this problem has been fixed so far, should it be ok?

https://www.virustotal.com/gui/file/8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919/detection

many thanks

[polonus]

Hi Sakamoto,

That retirable jQuery library had nothing to do with the avast FP detection, now elevated.
More with the minified js code of the regular expression in: 
https://myhair.sakacdn.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
read on that particular subject here: https://github.com/SnakeskinTpl/Snakeskin/issues/69
just meant for hardening your security there,

一切都很好  all's well that ends well, a.k.a everything is fine,

polonus (volunteer 3rd party cold recon website security analyst & website error-hunter)

unminify -code at https://unminify.com/ (pol)

[polonus]

Hi nadim221mia,

Why you attach this to a report for a site, that is not even online anymore?
Are you the developer of Unminify JS? Hope this was not intentional then?

De-minifying is only for CSS min.js script, you can detect such scripts for instance while using the SRC extension in the browser, a.k.a. Quick Source Viewer, an extension to help website developers and also those into website security analysis.
Falls in the realm of scripts like Retire.JS and the likes.

I am just looking at a newly reported suspicious PHISH: -burency.io
(something with cryptocurrency for the Middle East, USA excluded).
Re: https://www.phishtank.com/phish_detail.php?phish_id=6651116&frame=details
Checked at Zonemaster: https://www.zonemaster.net/domain_check

Just have the following script run at the unminifyer:
-> -https://cdn.jsdelivr.net/npm/vanilla-lazyload@12.4.0/dist/lazyload.min.js
lands at  -http://burency.io/js/bioPopupView.js (no DOM-XSS sources & sinks)...

polonus (volunteer 3rd party cold recon website security anlayst and website error-hunter)