Author Topic: False positive for cfprotools.com and associated domains  (Read 4873 times)

0 Members and 1 Guest are viewing this topic.

Offline jaime128

  • Newbie
  • *
  • Posts: 10
Re: False positive for cfprotools.com and associated domains
« Reply #15 on: September 29, 2020, 03:33:56 PM »
Thanks for the updates.  I just updated Avast on my local machine and am still getting blocked as URL:Phishing when visiting cfprotools.com and any associated subdomain.

This issue does not appear to be resolved.



See now that that detection is no longer there, finalizing this thread here with a [SOLVED].

Still there is an "unexpected token" error in the code on line 9 etc
Quote
<form class="challenge-form" id="challenge-form" action="/?
,
that is left for ryan380 to take up with appropriate development concerned.

So all's well that ends well,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False positive for cfprotools.com and associated domains
« Reply #16 on: September 29, 2020, 05:37:35 PM »
Thought someone would have reacted, see that it is still flagged for PHISHing by avast webshield.
See indicators: https://urlscan.io/result/1b36fe20-a01a-4e24-b5fc-698b82f354dc/#indicators
DOM view: https://urlscan.io/result/1b36fe20-a01a-4e24-b5fc-698b82f354dc/dom/

polonus
« Last Edit: September 29, 2020, 06:49:44 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jaime128

  • Newbie
  • *
  • Posts: 10
Re: False positive for cfprotools.com and associated domains
« Reply #17 on: September 29, 2020, 06:10:20 PM »
Yes, I'd love to know how else we can help to get this resolved.  It's been happening for almost 2 full days with no response from Avast.  It's a big impact for a lot of customers.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False positive for cfprotools.com and associated domains
« Reply #18 on: September 30, 2020, 12:17:25 AM »
L.S.

Detections reported for abuse of that particular CloudFlare Inc. IP:
-> https://www.abuseipdb.com/check/104.16.12.194  reported as spreading abusive PHISHING spam.

Remark: Old Reports: The most recent abuse report for this IP address is from 1 month ago. It is possible that this IP is no longer involved in abusive activities.

But there is a link on that website that uMatrix blocks as with PHISHING - -https://bam.nr-data.net etc. etc. new relic malware...
See: https://retire.insecurity.today/#!/scan/6727ffe5367f136ff548743378022ab5c63c7a5f70a2e1228bab07ed3f05abcd

Why-is-bam-nr-data-net-blacklisted-as-a-threat?

polonus
« Last Edit: September 30, 2020, 12:39:38 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jaime128

  • Newbie
  • *
  • Posts: 10
Re: False positive for cfprotools.com and associated domains
« Reply #19 on: September 30, 2020, 12:52:15 AM »
Thanks again for all the effort on this.  I really hope we can get an official response from Avast on this soon.  This is affecting a lot of customers in a very negative way.

L.S.

Detections reported for abuse of that particular CloudFlare Inc. IP:
-> https://www.abuseipdb.com/check/104.16.12.194  reported as spreading abusive PHISHING spam.

Remark: Old Reports: The most recent abuse report for this IP address is from 1 month ago. It is possible that this IP is no longer involved in abusive activities.

But there is a link on that website that uMatrix blocks as with PHISHING - -https://bam.nr-data.net etc. etc. new relic malware...
See: https://retire.insecurity.today/#!/scan/6727ffe5367f136ff548743378022ab5c63c7a5f70a2e1228bab07ed3f05abcd

Why-is-bam-nr-data-net-blacklisted-as-a-threat?

polonus


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: False positive for cfprotools.com and associated domains
« Reply #20 on: September 30, 2020, 02:10:54 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jaime128

  • Newbie
  • *
  • Posts: 10
Re: False positive for cfprotools.com and associated domains
« Reply #21 on: September 30, 2020, 03:11:38 PM »
Thanks.  I've done that multiple times.  I'll do that again.

I got a response back from Avast customer care on one of the reports for the app.cfprotools.com subdomain that just says the detection is correct.  Absolutely no information.

How can I resolve this issue without some sort of additional information from their team?

Hello,

Again use https://www.avast.com/false-positive-file-form.php, please.

polonus

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: False positive for cfprotools.com and associated domains
« Reply #22 on: October 01, 2020, 02:55:18 PM »
Hello,
I see that it was resolved yesterday.

Milos

Offline jaime128

  • Newbie
  • *
  • Posts: 10
Re: False positive for cfprotools.com and associated domains
« Reply #23 on: October 01, 2020, 04:28:49 PM »
Awesome, thank you.  Is it possible to get any sort of follow up from Avast to determine what the cause of the issue was? 

Hello,
I see that it was resolved yesterday.

Milos