« previous next »
Pages: [1]   Go Down

Author Topic: URL Scam false positive not allowing me to navigate the website  (Read 3467 times)

0 Members and 1 Guest are viewing this topic.

Offline ggomezg

  • Newbie
  • *
  • Posts: 1
URL Scam false positive not allowing me to navigate the website
« on: May 18, 2023, 08:57:48 PM »
Hello, Avast is blocking me from navigate https://playdede.to as it detects https://playdede.to/ajax.php as url scam but it has nothing to do with any type of scam. I need to disable Avast so i can navigate normally. I have Avast since long ago and i usually navigate this website so i suppose this false positive has been active within the past few days.

Thank you
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33905
  • malware fighter
Re: URL Scam false positive not allowing me to navigate the website
« Reply #1 on: May 18, 2023, 11:03:47 PM »
Ola ggomexg,

Some errors while scanning: https://sitecheck.sucuri.net/results/https/playdede.to

Added cdn-cgi script on your pages
DOM
Quote
<head></head>

<body>{"alert":{"text":"M\u00e9todo inv\u00e1lido: ","level":"warning"}}</body>
  Take this up with Cloudflare's.

On this error, read here: https://magento.stackexchange.com/questions/323523/magento-2-how-to-insert-data-in-custom-table (you aren't on Magento, but nevertheless the error-info is valid).
By the way your WordPress configuration is OK, user enumeration and directory listing neatly disabled.  :)

One potentially infested file found
Quote
Potentially Suspicious files:1
Detected Potentially Suspicious Files
File name   /cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7c96ff18de303620
Threat name   PS.JS.Obfuscantion.gen
File type   ASCII
Reason   Too low entropy detected in string [['0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000']] of length 100 which may point to obfuscation or shellcode.
Details   Detected procedure that is commonly used in suspicious activity.
Threat dump   [[iv(1164)](221,k))l=i[iv(736)](i[iv(736)](i[iv(1742)](i[iv(905)](fF,this),24),i[iv(1742)](fF(this),16))|fF(this)<<8,fF(this));elseif(242===k)l=(k=fH(this,123)[iv(1714)](),k[0]=fI(this),k[3]=fF(this)^164.28,k);elseif(k===217){for(k=fF(this)<<8|i[iv(640)](fF,this),l=[],s=0;s<k;l[iv(796)](i[iv(1526)](fF,this)^42.05),s++);}elseif(69===k){for(l=fF(this)<<8|i[iv(905)](fF,this),k='',s=0;s<l;k+=fz[i[iv(1578)](fF(this),135)],s++);for(l=i[iv(533)](fF(this),55),s='',o=0;i[iv(1393)](o,l);s+=fz[fF(this)^61],o++);l=i[iv(5]]
Threat MD5   A92781BDEAC2746D1CA08B392C45D152
File MD5   B4A4188759B22BEAD101FD3A97DC7998
Line   Available via API only.
Offset   Available via API only.
File size   Available via API only.
File type   Available via API only.


Wait for a final answer from avast team and file a FP report here: https://www.avast.com/false-positive-file-form.php#pc  whether this is a genuine detection or a false positive despite of the found low string entropy.
See: https://www.virustotal.com/gui/url/a26d09f5df9fec2626af1aec5e45159dbcec6f722dce62d7a9d2375253c674a7/detection

That is all we know for now,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunbter)
« Last Edit: May 18, 2023, 11:31:05 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »