Images on website blocked (URL:Phishing)

[Leuthino]

a certain number of images on my websites are blocked by avast, but if i test the files on sucuri i don't get warnings.
what can i do to solve this?
 
(see attachment)

[Pondus]

Test URLs for blacklisting at   www.virustotal.com    note scan date at top right, if old click rescan button at top right for fresh result


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

[Leuthino]

After checking on VirusTotal i get this (see image below)

how can i fix this?

[polonus]

Beste Leuthino,

Consider: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Xl1wfVttbV0uYntgbmw%3D~enc
Consider the vulnerabilities at the hoster for that IP: https://www.shodan.io/host/51.255.101.10

Errors with retirable jQuery libraries detected for this site for 7 main security related categories:
https://webhint.io/scanner/9e5d1830-eb81-4b5f-9867-290031715ca8#category-security

jquery-migrate   1.2.1   Found in -https://coprimmo.be/media/jui/js/jquery-migrate.min.js
Vulnerability info:
Medium   11290 Selector interpreted as HTML   
jquery   1.11.0   Found in -https://coprimmo.be/media/jui/js/jquery.min.js
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

and JavaScript error notification for "TypeError: jQuery(...).select2 is not a function
 /nl:874"
See:

oaded script with known vulnerabilities: -https://coprimmo.be/media/jui/js/jquery.min.js
 - jquery 1.11.0 - Info: https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
(anonymous) @ content.js:19
content.js:19 Loaded script with known vulnerabilities: -https://coprimmo.be/media/jui/js/jquery-migrate.min.js
 - jquery-migrate 1.2.1 - Info: http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/

Consider also: Zen Mate firewall blocks 0% of all content, which is good actually.

B-scan results here: https://webcookies.org/cookies/coprimmo.be/28848225?332046

F-grade results: https://observatory.mozilla.org/analyze/coprimmo.be

See recommendations for the website found through linting:
https://webhint.io/scanner/9e5d1830-eb81-4b5f-9867-290031715ca8
Also consider the security related hints:

Wait for an avast team member to give a final verdict as they are the only ones to come and unblock,
we here are just volunteers with relative knowledge.

Ontvang de vriendelijke groeten uit de buurt van Rotterdam voor u in Antwerp,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

[Leuthino]

thanks for the answer, i will take a look!


groeten terug!

[polonus]

Hi Leuthino,

With the PHISHING alert, this alert just appears to come from alerts for that particular IP with OVH SAS,
so you have to take that up with the hoster of the website in France.

Could also be the alerts at VT has not been renewed. So old inaccurate results came to produce an FP.
See latest detections for your website: https://www.virustotal.com/gui/ip-address/51.255.101.10/relations

Weird as -https://www.coprimmo.be/images/logo.png is given the all green,
while -https://coprimmo.be/images/logo.png is being flagged as for to-day 10-01-2020

But it seems OK according to DrWeb's: Checking: -https://coprimmo.be/images/logo.png
Engine version: 7.0.42.9300
Total virus-finding records: 8602050
File size: 6971 bytes
File MD5: 59534f497e1967b4c59c47332433c05b

-https://coprimmo.be/images/logo.png - Ok

polonus

[Pondus]

After checking on VirusTotal i get this (see image below)

how can i fix this?

Contact Avira ....


https://www.virustotal.com/gui/url/94aba7416256b689a81221fd5710c0e326667b50879eb26de3485ee4ed67e8de/detection

What Do I Do If an Engine Detects My Safe File as a Threat? (or blacklist URL)
https://www.opswat.com/blog/what-do-i-do-if-engine-detects-my-safe-file-threat

[polonus]

Hi Pondus,

OK, my friend, correct, but Avast Online Security in Avast Secure Browser also still blocks:
-https://coprimmo.be/images/logo.png  (Also Bitdefender TraficLight blocks and Fortinet's).

Then the alert page asks to leave that site:

Ta witryna jest niebezpieczna
Ta witryna internetowa została oznaczona jako phishingowa. Phishing to próba kradzieży informacji poufnych, takich jak hasła, numery kart kredytowych itd.

I work my avast AOS-browser with Polish settings while abroad (that means device is 70% more secure for me) , so that why the alert for me comes in that particular language.[/quote] 

polonus

[jefferson sant]

a certain number of images on my websites are blocked by avast, but if i test the files on sucuri i don't get warnings.
what can i do to solve this?
 
(see attachment)

Detection was removed in 13.01.2020 at 06:02 AM

Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

[Leuthino]

thanks for all the help guys!