Author Topic: False Positive Browser Threat (fonts.shopifycdn.com)  (Read 556 times)

0 Members and 1 Guest are viewing this topic.

Offline bendtan

  • Newbie
  • *
  • Posts: 2
False Positive Browser Threat (fonts.shopifycdn.com)
« on: April 09, 2021, 10:33:14 PM »
Hi,
I work with a website, called, mobileigo.com.
When I loaded this site today in Chrome, my Avast flagged the site/connection with a URL Phishing browser threat. I asked Shopify tech support about this, and they say that Avast is erroneously flagging the URL as a phishing URL.

How do I report this to Avast as a false positive assuming the Shopify tech team is correct?
Thanks,

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37180
Re: False Positive Browser Threat (fonts.shopifycdn.com)
« Reply #1 on: April 10, 2021, 12:00:28 AM »
Quote
How do I report this to Avast as a false positive assuming the Shopify tech team is correct?
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438



Offline bendtan

  • Newbie
  • *
  • Posts: 2
Re: False Positive Browser Threat (fonts.shopifycdn.com)
« Reply #2 on: April 10, 2021, 07:50:38 PM »
Thank you!

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33625
  • malware fighter
Re: False Positive Browser Threat (fonts.shopifycdn.com)
« Reply #3 on: April 10, 2021, 10:25:31 PM »
See retirable JQuery libraries flagged here: https://retire.insecurity.today/#!/scan/f31480bc5d6af4109bd7f274269d6cddbf4bccee9247d783ffd558ef7c8e3fba

And again we see the following script running there, that seems to play a role in all those apparent FP's now given by avast's:
Javascript 1   (external 1, inline 0)
-d3uvwl4wtkgzo1.cloudfront.net/‚Äče8af8301-45e2-41c6-9212-9421ce1b1dc7.js  (also Amazon seems involved with a CallBack issue).
I have it blocked by my client, that's why the script kicking up an error.

polonus

P.S. I PM-ed someone from avast team to give a final verdict through avast threat lab. Curious what their reply will be.

Damian
« Last Edit: April 10, 2021, 10:43:58 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!