Author Topic: False positive / Legit publisher  (Read 351 times)

0 Members and 1 Guest are viewing this topic.

Offline MarkoM

  • Newbie
  • *
  • Posts: 1
False positive / Legit publisher
« on: June 10, 2021, 04:25:08 PM »
Hello everyone, I`m representing a Large publisher group from Europe, and we own and operate more than 15 most popular web sites in this part of Europe. One of our domains is flagged with nothing in particular, and as I`m aware there is nothing wrong with our domain. I have filed the False positive request, but would also appreciate any advice or help, event better a contact so I could escalate this on a highest level possible, as I`d like to try to avoid including our legal team to deal with this the hard and unpopular way. We strongly believe that this might be a result of our competitor`s abuse of downvoting on the extension`s thumbs down icon. We need help removing this flag as this is affecting our business badly. Please help. Than you so much!
https://www.virustotal.com/gui/url/08de44187c5c274159776781635100936167a34f86612f5a55ed8d7e99321df2/detection

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85106
  • No support PMs thanks
Re: False positive / Legit publisher
« Reply #1 on: June 10, 2021, 05:20:11 PM »
You don't say what the domain is that is flagged, so it would be almost impossible to suggest a possible resolution.

Quote from: MarkoM
One of our domains is flagged with nothing in particular,

The highlighted text makes me wonder 'exactly' what is alerting, certainly not the main Avast Web Shield as that is pretty definitive, Audible and Visual Popup - see attached image of an Avast Alert (of an unrelated web site).  That certainly wouldn't fall into the "flagged with nothing in particular" category.

So given the above, I suspect you may be talking about the Avast Online Security browser extension, which is a user based Web Reputation rating, see second attached image.  If this is correct I'm not sure how you would address this as it is user based.

As an Avast User not Avast Team member I can only offer the above information.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33196
  • malware fighter
Re: False positive / Legit publisher
« Reply #2 on: June 13, 2021, 11:57:17 PM »
Here IP flagged as spam-harvester: https://www.projecthoneypot.org/ip_107.178.194.182

Quttera flags website. Wait for a final verdict from avast team. They are the only ones to come and unblock.
Here the x-haste-hits-stream* I have seen:[/quote] "HTTP/2 200
date: Sun, 13 Jun 2021 21:52:31 GMT
vary: Accept-Encoding
content-encoding: gzip
x-backend-server: -espreso-web1 time for request D=10296
content-length: 25501
content-type: text/html; charset=UTF-8
server: Haste
x-haste-cacheable: YES
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: 0
x-haste-perspective: desktop
age: 44
x-haste-debug-backend: -espresoTHQ
x-haste-node: -cache-us2.itplatforma.com
x-haste-cache: HIT
x-haste-hits: 4
accept-ranges: bytes
x-haste-cfg: 162.221.184.74->ha-us1a(158.69.39.235)/-http-in/be_cache_varnish/cache-us2--0"[/quote]
*=deprecated system for facebook haste module system

polonus
« Last Edit: June 14, 2021, 12:05:30 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!