Author Topic: False positive on our website  (Read 741 times)

0 Members and 1 Guest are viewing this topic.

Offline benoit.rogez

  • Newbie
  • *
  • Posts: 2
False positive on our website
« on: December 02, 2021, 03:35:25 PM »
Hello,
It seems our website wXw.3dvf.com is blocked by Avast & Avast Secure Browser.

This is a false positive:
https://www.virustotal.com/gui/url/956b7208673a1e6b9f7be1ebf15d24eb265e4ce11838ba7332124c77086c5948
https://sitecheck.sucuri.net/results/www.3dvf.com

We have sent a request using the false positive form ( https://www.avast.com/false-positive-file-form.php ) 48 hours ago and haven't received a reply yet: any chance you could help us on this issue?
« Last Edit: December 02, 2021, 05:25:46 PM by benoit.rogez »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86126
  • No support PMs thanks
Re: False positive on our website
« Reply #1 on: December 02, 2021, 05:20:35 PM »
Please 'modify' your post change the URL from www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

Avast is still alerting on the site as it appears to be loading a css file and that is what avast is objecting to.  See attached image.

Also I got a notice from Firefox as the site apparently doesn't have https.  That may be the fact that avast has alerted, preventing that.
That said a couple of check I normally run are unable to scan the site.  However, the sucuir.net link you posted isn't completely clear.

Also see - https://urlscan.io/result/8eaac21d-8b75-46d9-a494-74d351ad89d6/
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33440
  • malware fighter
Re: False positive on our website
« Reply #2 on: December 02, 2021, 11:04:31 PM »
DavidR is right, and it is not only avast that finds this website malicious,
detected malicious file by Quttera's in:
Quote
/magazine/les-news-quotidiennes-3dvf/#
Severity:   Malicious
Threat:   Heur.HTML.SpamSEO.gen
Reason:   SEO or Spam content detected
Details:   Detected malicious SPAM/SEO content
Line:   881
Offset:   55909
Threat dump:   View code *
Threat dump MD5:   DBBB635CE87E51D31BA16179DEA07C35
File size[byte]:   206651
File type:   HTML
Page/File MD5:   C6D420EB7A9044140F7F091BE1510991
Scan duration[sec]:   4.596

malcode observed:
Quote
[[<a href="htxps://www.3dvf dot com/madmarica-specialiste-du-voxel-art/" title=" MadMaraca, sp\xC3\xA9cialiste du voxel art ">MadMaraca, sp\xC3\xA9cialiste du voxel art</a>]]

Outgoing links on website:
-https://vimeo.com/3dvf
 
-https://www.3dvf.fr
 
-https://twitter.com/3dvf
 
-https://www.facebook.com/3dvfCG/
 
-https://www.evolix.fr/
 
-https://www.youtube.com/user/3DVFTV

polonus

« Last Edit: December 02, 2021, 11:11:17 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline benoit.rogez

  • Newbie
  • *
  • Posts: 2
Re: False positive on our website
« Reply #3 on: December 02, 2021, 11:28:49 PM »
Hello DavidR, hello Polonus,

Thanks! I'll check the CSS file issue with our technical team.
The https issue probably is indeed Avast-related: I don't seem to have any notice from Firefox when using another security tool.

As for the malicious code detected by Quttera, I don't really understand what the issue could be, since this is just a regular link to an article, but we'll take a look at it as well.

Again, thanks for your help !

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86126
  • No support PMs thanks
Re: False positive on our website
« Reply #4 on: December 03, 2021, 01:11:55 AM »
You're welcome.

As avast user we are limited in what we can do other than give tips that might be helpful.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline redwolfe_98

  • Jr. Member
  • **
  • Posts: 95
Re: False positive on our website
« Reply #5 on: December 03, 2021, 02:43:02 AM »
for whatever reason, the website also is being blocked by malwarebytes.