Author Topic: False positive / Falso positivo  (Read 2179 times)

0 Members and 1 Guest are viewing this topic.

Offline sagitarioxp

  • Newbie
  • *
  • Posts: 9
False positive / Falso positivo
« on: September 30, 2020, 03:55:57 AM »
Hola, Avast está bloqueando mi web descargacineclasico.net por amenaza de malware, pero he analizado la web con distintas herramientas, incluso contraté a un experto en seguridad y me dijo que el sitio estaba limpio.
Ya llevo mas de una semana con este problema y no cambia. Pensé que esperando a la actualización se solucionaría, pero no es así.

Podrían revisar mi sitio para solucionarlo o ayudarme, pues no se que más puedo hacer.
Saludos.

Translate:

Hello, Avast is blocking my website www.descargacineclasico.net due to malware threat, but I have analyzed the website with different tools, I even hired a security expert and he said that the site was clean.
I have been with this problem for more than a week and it does not change. I thought waiting for the update would fix it, but it doesn't.

You could check my site to fix it or help me, I don't know what else I can do.
Greetings.
« Last Edit: September 30, 2020, 04:31:03 AM by sagitarioxp »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: False positive / Falso positivo
« Reply #1 on: September 30, 2020, 07:54:51 AM »
You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline sagitarioxp

  • Newbie
  • *
  • Posts: 9
Re: False positive / Falso positivo
« Reply #2 on: September 30, 2020, 01:34:40 PM »
Hi Asyn.


thanks for your reply. I did it a day ago and I did it again last night, but I have not received a response.

How long does it usually take?

Thanks!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: False positive / Falso positivo
« Reply #3 on: September 30, 2020, 02:25:12 PM »
Hi sagitarioxp,

Word Press CMS configuration seems OK,

DShield    CLEAN
AlienVault OTX      CLEAN
Cisco Talos    CLEAN
abuse.ch (Feodo)    CLEAN
URLhaus    CLEAN
Spamhaus (Drop / eDrop)    CLEAN

JS checked with Google Safebrowsing:
JS Link   Hosting / Company Netblock   Country
  -https://code.jquery.com/jquery-1.10.2.min.js   HIGHWINDS3   
  -https://descargacineclasico.net/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp   CLOUDFLARENET   
  -https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare   AMAZON-02   
  -https://descargacineclasico.net/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/lazyload.min.js   CLOUDFLARENET   
  -https://descargacineclasico.net/wp-content/plugins/rate-my-post/public/js/rate-my-post.js?ver=3.3.1   CLOUDFLARENET   
  -https://descargacineclasico.net/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=5.5.1   CLOUDFLARENET   

Retirable jQuery detected: https://retire.insecurity.today/#!/scan/53e71a00059c607aaa137873836d6b4e5d4f6b32f1102579f3eb2f454c0ecce4

Website improvement hints: https://webhint.io/scanner/6046dce5-924d-47b2-9c02-c61c253fd197

Wait for a final verdict from avast team, as they are the only ones to come and unblock.
Could have been a(n FP) detection of some obfuscated code used by your hoster.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline sagitarioxp

  • Newbie
  • *
  • Posts: 9
Re: False positive / Falso positivo
« Reply #4 on: September 30, 2020, 02:55:13 PM »
Gracias por su respuesta polonus.

Espero que me respondan rápido, porque esto es muy estresante y la reputación de mi sitio cada vez está mas en duda por los usuarios :-(

Offline rocksteady

  • Super Poster
  • ***
  • Posts: 1533
Re: False positive / Falso positivo
« Reply #5 on: September 30, 2020, 04:26:39 PM »
Gracias por su respuesta polonus.

Espero que me respondan rápido, porque esto es muy estresante y la reputación de mi sitio cada vez está mas en duda por los usuarios :-(
Translate:
Thanks for your reply polonus.

I hope they answer me quickly, because this is very stressful and the reputation of my site is more and more in doubt by users :-(

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: False positive / Falso positivo
« Reply #6 on: September 30, 2020, 10:19:19 PM »
Some more particulars here:

There is one more av engine that detects this site as with malware:
https://www.virustotal.com/gui/url/304524025a71878d3b25598b32ba25d76b19787099e8340fd6446f14692c7ca4/detection
On IP see: https://www.virustotal.com/gui/ip-address/172.67.131.226/relations

Phishcheck 2.0.beta results:

-https://descargacineclasico.net/
Last Checked: Sep 30, 2020, 16:14 EDT
Analysis
Related Submissions 0
Whois Record
Resources 0
Redirects 0
View Source
IP Address:   -104.28.23.62
ASN #:   AS13335 CLOUDFLARENET, US
Location:   Data unavailable.
URL Reputation:   
Unknown This URL is not identified as malicious in the PhishTank Database.
Unknown PhishCheck thinks this URL is likely not a phish.
Warning OpenPhish: URL found in feed. But OpenPhish is also flagged by Avast Webshield as with mal-code.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline sagitarioxp

  • Newbie
  • *
  • Posts: 9
Re: False positive / Falso positivo
« Reply #7 on: October 01, 2020, 01:31:29 AM »
Some more particulars here:

There is one more av engine that detects this site as with malware:
https://www.virustotal.com/gui/url/304524025a71878d3b25598b32ba25d76b19787099e8340fd6446f14692c7ca4/detection
On IP see: https://www.virustotal.com/gui/ip-address/172.67.131.226/relations

Phishcheck 2.0.beta results:

-https://descargacineclasico.net/
Last Checked: Sep 30, 2020, 16:14 EDT
Analysis
Related Submissions 0
Whois Record
Resources 0
Redirects 0
View Source
IP Address:   -104.28.23.62
ASN #:   AS13335 CLOUDFLARENET, US
Location:   Data unavailable.
URL Reputation:   
Unknown This URL is not identified as malicious in the PhishTank Database.
Unknown PhishCheck thinks this URL is likely not a phish.
Warning OpenPhish: URL found in feed. But OpenPhish is also flagged by Avast Webshield as with mal-code.

polonus

Thanks polonus, but my website is checked several times by different technicians and they tell me that it is clean, that it is a false positive. If they tell me what the infection or the problem is, I can solve it, but if they block me, with no alternative, it would be unfair to me. I am the main interested in that my website is clean.

Thank you very much for your time and help

EDIT:

With WWW is clean:
https://www.virustotal.com/gui/url/5d163db7f7c46230e2589d5fa56f27f6deb791ae0b9121739a1e264428d403a7/detection
« Last Edit: October 01, 2020, 01:39:54 AM by sagitarioxp »

Offline sagitarioxp

  • Newbie
  • *
  • Posts: 9
Re: False positive / Falso positivo
« Reply #8 on: October 03, 2020, 01:44:04 AM »
It seems that they stopped blocking me, although Avast never responded to the reports I sent