Author Topic: Adult dating content website falsely labeled “URL:Scam” with blocked access  (Read 1702 times)

0 Members and 1 Guest are viewing this topic.

Offline hp01

  • Newbie
  • *
  • Posts: 4
Hello


I am facing an unfortunate false positive issue with my URL


This is a simple php informational & content website. We educate users on various adult products and services and provide affiliation links if they are interested to learn more.


We are not a “Scam” URL. Kindly note the following


 -   Our website’s Privacy Policy which clarifies we do not collect or store user information of any kind.
 -   Our website is free to access. There is no cost to the user as described in our Terms of Use.
 -   We do not offer any downloadable software of any kind, or any malicious links or programs that may harm a user’s device.


Additional supporting information for false positive detection:


“CLEAN” as reported by all vendors on VirusTotal and Sucuri -

https://www.virustotal.com/gui/url/748fad24b2ae583763c786238317c6b0a43e1bbbe32f5ec34a596ce5ff7fe00f

https://unmask.sucuri.net/security-report/?page=send2dates.com/lorsus/ibi-nb24.php


We have already reported the false positive to Avast team. They have indeed confirmed it is a false positive and have claimed to remove it from their database, twice. But, the changes seem to have not taken effect yet for some reason. The last update from Avast team was around 5 business days ago. Our URL is still being blocked.


We take malware prevention and website security very seriously. I am hoping somebody from Avast team finds this post and is able to help us resolve in the soonest.


Thank you and Kind Regards,
« Last Edit: April 23, 2024, 12:58:33 PM by hp01 »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33930
  • malware fighter
Wait for a final verdict from the Avast team.

This is probably the reason the website was being blocked: https://www.malwarebytes.com/blog/detections/165-227-177-96

Abuse found on IP: https://www.abuseipdb.com/check/165.227.177.96

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89332
  • No support PMs thanks
Not sure why VT does the scan on the redirect to PHP when Avast alerts on the main domain name for http and https

-  Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline hp01

  • Newbie
  • *
  • Posts: 4
Thank you for the replies.


Not sure why VT does the scan on the redirect to PHP when Avast alerts on the main domain name for http and https

-  Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

DavidR - we did in fact report the false positive, and Avast team had already agreed to the file status as an FP. They cleared the FP from their database, atleast as per them (I had mentioned this in the original post as well).

However, after their first clearance, there was no change in fact reflecting yet, neither in WebShield nor in their Online Security browser extension.

I had requested them to recheck, at which point they mentioned they had fully cleared the URL and files a second time. Still no changes reflected.

I had requested them to recheck a third time, due to the still existing FP. No response as of yet (5 business days).

Is there anyone from Avast's team we could contact directly here to resolve this for good? This issue has been in support limbo for close to 3 weeks and we are eager to help restore full access to our website.

Thank you,

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89332
  • No support PMs thanks
I would contact them again using the report form, I would give a link back to this topic URL.

As I mentioned.
Quote from: extract
Not sure why VT does the scan on the redirect to PHP when Avast alerts on the main domain name for http and https
I just wonder if this might have an impact as 3rd party connections would be alerted on main domain.

As the related IP give by Polonus gave is flagged by VT.
https://www.virustotal.com/gui/url/8bf370c2b41119b7b97b9bdb8b6b2fd41e080effccb2e4d235bcb5e08666b640/detection
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33930
  • malware fighter
And there is also this: https://www.malwarebytes.com/blog/detections/165-227-177-96
blocked as associated with a trojan.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline hp01

  • Newbie
  • *
  • Posts: 4
I would contact them again using the report form, I would give a link back to this topic URL.

I will do this now, thank you.

And there is also this: https://www.malwarebytes.com/blog/detections/165-227-177-96
blocked as associated with a trojan.

polonus

We have a new mirror site at 167.71.182.100 which was not found in any abuse databases, yet the mirror is also still being blocked by Avast.

Offline hp01

  • Newbie
  • *
  • Posts: 4
Update: The false positive for the URL in my original post was cleared today by the Avast Malware Analysis Team.

Within 4 hours of the cleared false positive, Avast Webshield & browser extension are now once again blocking access to our site due to the same FP detection. Note, this is after 3 weeks of back and forth related to the repeated clearings of our sites from Avast’s database not having any effect. This is the third such occasion where they have been unable to fix the false positive.


I will keep this thread updated until our issue is thoroughly and fully resolved.




Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37612
  • Not a avast user

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33930
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!