Author Topic: False positive for our website  (Read 332 times)

0 Members and 1 Guest are viewing this topic.

Offline TrungNguyen

  • Newbie
  • *
  • Posts: 1
False positive for our website
« on: September 06, 2019, 02:55:52 PM »
Hi,
Our website is being blocked by Avast for URL:Phishing.  Here is our website.  https://api.linkedinexport.com and http://www.linkedinexport.com
We are sure our website is clean and would like you to have it removed from your blacklist.  Thank you for your time and consideration.

Thanks,
Trung
https://forum.avast.com/index.php?action=verificationcode;vid=post;rand=222381bec79719823536566261de9eaa

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36059
Re: False positive for our website
« Reply #1 on: September 06, 2019, 03:35:11 PM »
« Last Edit: September 06, 2019, 03:41:07 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60727
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.8.2393.BUC - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Online Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2580
Re: False positive for our website
« Reply #3 on: September 06, 2019, 04:25:13 PM »
Suspicious >> https://checkphish.ai/insights/url/1567779552187/1a51777adc9bd899d74065311fda3f25f2e1cd00719e56c1d9bdfdd6b22b62e0
404'd >> https://urlscan.io/result/947d422d-e82b-4afb-a37c-dfc9b5723890
Hostname mismatch >> https://zulu.zscaler.com/submission/c5c0ae3f-6d18-4f9d-be26-cec82bebd152
X-Force can't ID it (:/)

Why is your website very similar to "LinkedIn"? LinkedIn is a major networking website for professionals to connect with each other. Your website is blocked by Fortigate's Firewall FYI. Additionally, your website has outdated software installed.
4th Year BCS Student (Specializing in Security)
Tier I SOC Analyst (BSI)

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31666
  • malware fighter
Re: False positive for our website
« Reply #4 on: September 07, 2019, 09:09:19 PM »
See it in the website code:
Quote
Content that was returned by your request for the URL: -http://www.linkedinexport.com/

1:  < html>
2:  < head> < title> 404 Not Found< /title> < /head>
3:  < body bgcolor="white">
4:  < center> < h1> 404 Not Found< /h1> < /center>
5:  < hr> < center> nginx/1.14.0 (Ubuntu)< /center>
6:  < /body>
7:  < /html> Content after the < /html> tag should be considered suspicious.

8:  < !-- a padding to disable MSIE and Chrome friendly error page -->
9:  < !-- a padding to disable MSIE and Chrome friendly error page -->
10:  < !-- a padding to disable MSIE and Chrome friendly error page -->
11:  < !-- a padding to disable MSIE and Chrome friendly error page -->
12:  < !-- a padding to disable MSIE and Chrome friendly error page -->
13:  < !-- a padding to disable MSIE and Chrome friendly error page -->
See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lmxbbmt7I1tue3hwXX10Ll5dbWA%3D~enc
Not malicious as rated here: https://zulu.zscaler.com/report/c5c0ae3f-6d18-4f9d-be26-cec82bebd152

Take it up with your hoster. Consider: https://webhint.io/scanner/d773b980-7e70-4dfd-868d-b362eb41f21c
Consider also: https://www.immuniweb.com/websec/?id=yIl14OI8

For the other URI you provided: Results from scanning URL: -https://api.linkedinexport.com/
Number of sources found: 0
Number of sinks found: 0
source found:
Quote
{"status":"success","message":"Data API Server","data":{"version_number":"v1.0.0"}}

polonus (volunteer website security analyst and website error-huntrer)
« Last Edit: September 07, 2019, 09:19:19 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6241
  • volunteer
Re: False positive for our website
« Reply #5 on: September 11, 2019, 01:32:38 AM »
Hi,
Our website is being blocked by Avast for URL:Phishing.  Here is our website.  hxxps://api.linkedinexport.com and hxxp://www.linkedinexport.com. 
We are sure our website is clean and would like you to have it removed from your blacklist.  Thank you for your time and consideration.

Thanks,
Trung
https://forum.avast.com/index.php?action=verificationcode;vid=post;rand=222381bec79719823536566261de9eaa

Detection was removed in 10.09.2019 13:14 PM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.