Author Topic: False positive on a crypto website  (Read 980 times)

0 Members and 1 Guest are viewing this topic.

Offline Nicolas40

  • Newbie
  • *
  • Posts: 1
False positive on a crypto website
« on: November 22, 2022, 11:15:36 AM »
Phishing false positive for hxtps://beta.swaap.finance/

I know crypto don't have a good reputation  ;) but this website is absolutely not a phishing one and we are working hard with the community to build something safe and even useful.

Does someone can explain why it would be detected as positive ? What could we do in code of infra to avoid this on Avast or others.
In the tech, we use React and deploy with netlify, as lean as it can be.
« Last Edit: December 01, 2022, 02:05:30 PM by Milos »

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2266
Re: False positive on a crypto website
« Reply #1 on: December 01, 2022, 02:06:46 PM »
Hello,
use the form: https://www.avast.com/false-positive-file-form.php, please.

Thanks,
Milos

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33489
  • malware fighter
Re: False positive on a crypto website
« Reply #2 on: December 01, 2022, 02:55:28 PM »
This is an FP.

Mind this however: Hardening Improvements
Protection
No website application firewall detected. Please install a cloud-based WAF to prevent website hacks and DDoS attacks.

Security Headers
Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors 'none'.

Missing security header to prevent Content Type sniffing.

Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src

(source: sucuri dot net)

Here they slightly differ in opinion, but not fundamentally,
see: https://urlscan.io/result/7268460b-71ae-4f2e-a7bb-1917e179f11f/
Re: https://sitereport.netcraft.com/?url=http://beta.swaap.finance
Also consider: https://urlscan.io/search/#domain:%22api.coingecko.com%22
(server Netlify uses Snyk as a security-plug-in)
Also see: https://urlscan.io/result/fe7f15df-e091-40c8-8864-d186500ca609/

Phishing against Uniswap, but not reaching a final verdict: Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

So do as avast's Milos proposes.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!