Author Topic: False Positive URL:Phishing  (Read 1363 times)

0 Members and 1 Guest are viewing this topic.

Offline rodrigo.lopez

  • Newbie
  • *
  • Posts: 3
False Positive URL:Phishing
« on: November 07, 2022, 06:10:16 PM »
Hello, we are having reports of some users that are using Avast are getting blocked when try to go to our webmail , Avast is giving them a URL:Phishing message.
The domain of our webmail is correo.sofse.gob.ar and it get clean in all the tests than i do, example of that are the next 2:
https://www.urlvoid.com/scan/correo.sofse.gob.ar/
https://sitecheck.sucuri.net/results/correo.sofse.gob.ar

Can you help us with this case?

Regards

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33495
  • malware fighter
Re: False Positive URL:Phishing
« Reply #1 on: November 07, 2022, 10:23:30 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline rodrigo.lopez

  • Newbie
  • *
  • Posts: 3
Re: False Positive URL:Phishing
« Reply #2 on: November 09, 2022, 06:47:05 PM »
That test is incorrect, correo.sofse.gob.ar is not our mailexchanger , the domain is sofse.gob.ar, the host that Avast is blocking its the web interface of the mail client.
You have to test it like a web, not a mail server.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87304
  • No support PMs thanks
Re: False Positive URL:Phishing
« Reply #3 on: November 09, 2022, 07:59:26 PM »
That test is incorrect, correo.sofse.gob.ar is not our mailexchanger , the domain is sofse.gob.ar, the host that Avast is blocking its the web interface of the mail client.
You have to test it like a web, not a mail server.


It still shows security weaknesses based on the domain - https://en.internet.nl/site/sofse.gob.ar/1769620/
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33495
  • malware fighter
Re: False Positive URL:Phishing
« Reply #4 on: November 10, 2022, 01:30:01 PM »
Found: TLS Recommendations

HTTPS mixed content found. Your HTTPS website is referring to an HTTP resource:
htxp://www.afip.gob.ar/images/f960/DATAWEB.jpg on hxtps://www.argentina.gob.ar/transporte/trenes-argentinos

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline rodrigo.lopez

  • Newbie
  • *
  • Posts: 3
Re: False Positive URL:Phishing
« Reply #5 on: November 10, 2022, 02:59:52 PM »
Again, that is not the site that is blocked. sofse.gob.ar is our main domain, is redirected to argentina.gob.ar , the site blocked is correo.sofse.gob.ar , that is the frontend of the webmail. The rest of our hosts are not blocked and only avast and avg are blocking correo.sofse.gob.ar
The mixed content is not on correo.sofse.gob.ar, but in argentina.gob.ar (that´s the site where sofse.gob.ar and www.sofse.gob.ar is redirected to)
I know that the security is not optimal, but in almost any site that i check it´s showing low risk.


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33495
  • malware fighter
Re: False Positive URL:Phishing
« Reply #6 on: November 12, 2022, 01:31:19 PM »
Wait for a final verdict from avast team. They are the only ones to come and unblock.
We here are just volunteers, knowledgeable in the field of website security and website error-hunting.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Constructora2

  • Newbie
  • *
  • Posts: 2
Re: False Positive URL:Phishing
« Reply #7 on: November 17, 2022, 07:50:59 PM »
Hello, I have a problem with my website. It gives me a URL:Phishing alert to any of the domains that I want to enter. I have already gone through different scanners and they do not indicate virus or malware symptoms. I already reported in the false positive form to wait for the review of my page, but at the moment there is no response. I hope you can help me.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87304
  • No support PMs thanks
Re: False Positive URL:Phishing
« Reply #8 on: November 17, 2022, 08:16:48 PM »
Hello, I have a problem with my website. It gives me a URL:Phishing alert to any of the domains that I want to enter. I have already gone through different scanners and they do not indicate virus or malware symptoms. I already reported in the false positive form to wait for the review of my page, but at the moment there is no response. I hope you can help me.

Since you don't give a domain name (ensure it isn't active no http? etc. to avoid accidental exposure), no one in the forum or Avast Team can investigate.

You also don't say where it was reported or when  ?
If here - https://www.avast.com/false-positive-file-form.php.
 Then you should get a response in a day or two.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Constructora2

  • Newbie
  • *
  • Posts: 2
Re: False Positive URL:Phishing
« Reply #9 on: November 17, 2022, 08:23:22 PM »
el nombre de mi sitio es https://constructoracestber.com/, el formulario fue enviado el dia de ayer en la mañana

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87304
  • No support PMs thanks
Re: False Positive URL:Phishing
« Reply #10 on: November 17, 2022, 10:52:43 PM »
el nombre de mi sitio es constructoracestber.com/, el formulario fue enviado el dia de ayer en la mañana

Please modify your post as I have in your quoted post, just constructoracestber.com is sufficient.

Also please post in English in this section of the forum (google translate) or post in the Spanish language forum.

You can as suggested in the post above yours report it as a possible false positive.
Quote from: DavidR
https://www.avast.com/false-positive-file-form.php.
 Then you should get a response in a day or two.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security