Author Topic: False positive for our website  (Read 402 times)

0 Members and 1 Guest are viewing this topic.

Offline TrungNguyen

  • Newbie
  • *
  • Posts: 1
False positive for our website
« on: September 06, 2019, 02:55:52 PM »
Hi,
Our website is being blocked by Avast for URL:Phishing.  Here is our website.  https://api.linkedinexport.com and http://www.linkedinexport.com
We are sure our website is clean and would like you to have it removed from your blacklist.  Thank you for your time and consideration.

Thanks,
Trung
https://forum.avast.com/index.php?action=verificationcode;vid=post;rand=222381bec79719823536566261de9eaa

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36230
Re: False positive for our website
« Reply #1 on: September 06, 2019, 03:35:11 PM »
« Last Edit: September 06, 2019, 03:41:07 PM by Pondus »
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61485
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 68.2 [NS/AOS/uBO] - TB 68.2.2 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Online Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2675
  • Volunteer
Re: False positive for our website
« Reply #3 on: September 06, 2019, 04:25:13 PM »
Suspicious >> https://checkphish.ai/insights/url/1567779552187/1a51777adc9bd899d74065311fda3f25f2e1cd00719e56c1d9bdfdd6b22b62e0
404'd >> https://urlscan.io/result/947d422d-e82b-4afb-a37c-dfc9b5723890
Hostname mismatch >> https://zulu.zscaler.com/submission/c5c0ae3f-6d18-4f9d-be26-cec82bebd152
X-Force can't ID it (:/)

Why is your website very similar to "LinkedIn"? LinkedIn is a major networking website for professionals to connect with each other. Your website is blocked by Fortigate's Firewall FYI. Additionally, your website has outdated software installed.
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31853
  • malware fighter
Re: False positive for our website
« Reply #4 on: September 07, 2019, 09:09:19 PM »
See it in the website code:
Quote
Content that was returned by your request for the URL: -http://www.linkedinexport.com/

1:  < html>
2:  < head> < title> 404 Not Found< /title> < /head>
3:  < body bgcolor="white">
4:  < center> < h1> 404 Not Found< /h1> < /center>
5:  < hr> < center> nginx/1.14.0 (Ubuntu)< /center>
6:  < /body>
7:  < /html> Content after the < /html> tag should be considered suspicious.

8:  < !-- a padding to disable MSIE and Chrome friendly error page -->
9:  < !-- a padding to disable MSIE and Chrome friendly error page -->
10:  < !-- a padding to disable MSIE and Chrome friendly error page -->
11:  < !-- a padding to disable MSIE and Chrome friendly error page -->
12:  < !-- a padding to disable MSIE and Chrome friendly error page -->
13:  < !-- a padding to disable MSIE and Chrome friendly error page -->
See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lmxbbmt7I1tue3hwXX10Ll5dbWA%3D~enc
Not malicious as rated here: https://zulu.zscaler.com/report/c5c0ae3f-6d18-4f9d-be26-cec82bebd152

Take it up with your hoster. Consider: https://webhint.io/scanner/d773b980-7e70-4dfd-868d-b362eb41f21c
Consider also: https://www.immuniweb.com/websec/?id=yIl14OI8

For the other URI you provided: Results from scanning URL: -https://api.linkedinexport.com/
Number of sources found: 0
Number of sinks found: 0
source found:
Quote
{"status":"success","message":"Data API Server","data":{"version_number":"v1.0.0"}}

polonus (volunteer website security analyst and website error-huntrer)
« Last Edit: September 07, 2019, 09:19:19 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6393
  • volunteer
Re: False positive for our website
« Reply #5 on: September 11, 2019, 01:32:38 AM »
Hi,
Our website is being blocked by Avast for URL:Phishing.  Here is our website.  hxxps://api.linkedinexport.com and hxxp://www.linkedinexport.com. 
We are sure our website is clean and would like you to have it removed from your blacklist.  Thank you for your time and consideration.

Thanks,
Trung
https://forum.avast.com/index.php?action=verificationcode;vid=post;rand=222381bec79719823536566261de9eaa

Detection was removed in 10.09.2019 13:14 PM

Quote from: Avast
Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.