Author Topic: Asian fintech websites blocked (Read 1389 times)

Vojtech11 · « **on:** May 08, 2023, 05:27:22 PM »

Recently Avast is blocking my web browsers to connect to Vietnamese fintech websites such as:
vayvnd.vn
atmonline.com.vn
senmo.vn
vamo.vn

for reasons "URL:phishing" or "URL:blacklist"

example Alert ID: fd81ae30b90c/2023-05-08T15:23:21.100Z

Why are they blocked? In my opinion, these are legit websites of official companies. I need to access them for market research work.

polonus · « **Reply #1 on:** May 08, 2023, 11:29:17 PM »

For senmo dot vn I get an access denied. Could be cookie restrictions elsewhere, a firewall implementation or Cloudflare kicking up an error.
The other addresses just open up fine in Firefox on Ubuntu. At vamo dot vn you have to fill out a Cloudflare I am a human captcha, when your connection has been established as secure you will be connected.

-atmonline.com.vn -Word Press version outdated.

The following plugins were detected by reading the HTML source of the WordPress sites front page.

Plugin Update Status About
wordpress-seo 7.5.1 Warning latest release (20.6)
-https://yoa.st/1uj

Also consider: https://urlscan.io/result/4d6f458c-288f-44c4-ba11-d9e9dd178c9b/

Indicators

Quote

-analytics.tiktok.com
-api.vayvnd.vn
-cdn.seon.io
-connect.facebook.net
-fonts.googleapis.com
-fonts.gstatic.com
-mc.yandex.ru
-region1.analytics.google.com
-stats.g.doubleclick.net
-use.fontawesome.com
-vayvnd.vn
-www.facebook.com
-www.google-analytics.com
-www.google.com
-www.google.nl
-www.googletagmanager.com
-103.1.237.22
-125.212.216.23
-2.16.186.242
-2001:4860:4802:32::36
-2606:4700:e2::ac40:840f
-2a00:1450:4001:810::200a
-2a00:1450:4001:827::200e
-2a00:1450:4001:829::2004
-2a00:1450:4001:82a::2003
-2a00:1450:4001:82f::2008
-2a00:1450:4001:830::2003
-2a00:1450:400c:c00::9d
-2a02:6b8::1:119
-2a03:2880:f083:9:face:b00c:0:3
-2a03:2880:f177:83:face:b00c:0:25de
-65.9.66.100

polonus

Vojtech11 · « **Reply #2 on:** May 09, 2023, 04:09:17 PM »

Thank you very much, but I am confused. Are you saying that Avast actually didn't blacklist them?

polonus · « **Reply #3 on:** May 09, 2023, 05:48:36 PM »

That is true, avast is not blocking these sites. only vamo.vn is being blocked because of phishing.
For https://vayvnd.vn/ everything found OK.
Senmo is blocking visitors: I got an error when visiting senmo.vn/.

Error code: 1020

Ray ID: 7c4b13b7a863b767

Country: NL

Timestamp: 2023-05-09 15:46:45 UTC

polonus

Vojtech11 · « **Reply #4 on:** May 10, 2023, 03:21:45 PM »

But I am getting the block messages from Avast when I try to access these sites. Can you please have a look at the attached screenshots?

Also, I am pretty sure that vamo.vn is not phishing. It's always been their website and this is the domain which is promoted on 3rd party affiliate platforms.

polonus · « **Reply #5 on:** May 10, 2023, 11:27:23 PM »

Hi Vojtech11,

We here are just volunteers here with some relevant knowledge,
but definitions are being provided only by avast team and are their sole responsibility.

Report to them through this online form:
https://www.avast.com/false-positive-file-form.php#pc

They will eventually react about the status of these detections,

polonus

Vojtech11 · « **Reply #6 on:** May 11, 2023, 10:48:39 AM »

Thank you!

polonus · « **Reply #7 on:** May 11, 2023, 12:48:19 PM »

But look at the 91 blacklisted links here: https://quttera.com/detailed_report/vayvnd.vn

See and consider: https://bitcoinblack.net/community/vayvnd/
random example: https://bitcoinblack.net/community/betongphuloc/info/ and issues mentioned there.

Vietnam was a later arrival on the Internet, e.g. later in this century

but site has file grabbers, auto fill etc. like Cốc Cốc Browser with quick download potential.

Moreover vayvnd.vn has a TikTok link, TikTok, which recently has been frowned upon from USA, EU, etc.

polonus

DavidR · « **Reply #8 on:** May 11, 2023, 04:25:48 PM »

Quote from: polonus on May 11, 2023, 12:48:19 PM

But look at the 91 blacklisted links here: https://quttera.com/detailed_report/vayvnd.vn
<snip>
polonus

Looks like a very handy resource, though having to sign in would limit it for some !

EDIT: However, the /website-malware-scanner element appears not to require sign-in.
Thanks polonus

polonus · « **Reply #9 on:** May 12, 2023, 06:03:50 AM »

Hi DavidR,

You are welcome,

With so many websites, there could also be so many reasons for blacklisting.
In this case it could have been bitcoin blacklisting.

In other cases there could have been copyright infringement (illegal grabbing of copyrighted material)
and there could also have been various other reasons (abuse).

Anyway, it is a reassuring idea to have it checked for false positives, as we advised here.

As said Vietnam is a relatively recent player on the Interwebz, good thing avast also overseas this theatre.

Have a nice day,

polonus a.k.a. Damian