Author Topic: HTML:iFrame-inf [Susp] - embed links  (Read 1652 times)

0 Members and 1 Guest are viewing this topic.

Offline John01

  • Newbie
  • *
  • Posts: 3
HTML:iFrame-inf [Susp] - embed links
« on: September 02, 2023, 04:23:54 PM »
Hello !

We have recevied complains from our users that on our website Avasat is detecting sites what we are using as embed with this message and blocking access and the iframe is not loading at all. HTML:iFrame-inf [Susp] .

iframe exemple : <iframe src="https://fshd3.club/e/RGYwUitzVGlObW1VNktKd2hERW9UQT09" height="450" width="720" webkitAllowFullScreen mozallowfullscreen allowfullscreen frameborder="0" scrolling="no"></iframe>

Netu.tv it's videohosting and we using it only as embed and many websites are using the same, but for some reasons you are only targeting us.

Url exemple :
1. http://www.filmeserialeonline.org/episodul/aguarras/
2. http://www.filmeserialeonline.org/choose-love/
3. http://www.filmeserialeonline.org/wp-content/themes/grifus/loop/second_id.php?id=204790&embed=0

There are many exemple of websites using the same videohosting as embed, and Avasat are not flagging them the same.


Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 34001
  • malware fighter
Re: HTML:iFrame-inf [Susp] - embed links
« Reply #1 on: September 04, 2023, 11:10:31 AM »
Due to a 502 error, see: https://sitecheck.sucuri.net/results/https/fshd3.club/e/RGYwUitzVGlObW1VNktKd2hERW9UQT09
So it is not Avast, take this up with the cloud provider.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline John01

  • Newbie
  • *
  • Posts: 3
Re: HTML:iFrame-inf [Susp] - embed links
« Reply #2 on: September 04, 2023, 02:59:33 PM »
The url act like a redirect. It's a custom domain on that videohosting.
Not sure why Avast is blocking it and it also blocked our site because we are using it as iframe.
Only on Avast that domain is blacklist or sometimes it shows like url:scam.  Nothing to do with cloudflare, the links can be accesed by users if they have an other antivirus software.
Many sites are using the same way. It's video delivery service and Avast is blocking access to it.


https://sitecheck.sucuri.net/results/fshd3.club
a0e49d3a23f7/2023-09-04T12:37:00.752Z

https://sitecheck.sucuri.net/results/filmeserialeonline.org
7146ef55e307/2023-09-04T12:44:14.423Z





Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37648
  • F-Secure user

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37648
  • F-Secure user
Re: HTML:iFrame-inf [Susp] - embed links
« Reply #4 on: September 04, 2023, 04:16:16 PM »
F-secure is flagging the URL in the script, see attached screenshot
https://www.virustotal.com/gui/url/7a1f588c6f400e24ba9a07e8499680d8cbfd5ccb432ab191e8d7c15697dc1dc9?nocache=1


when going to filmserialeonline.org my F-secure also block this
https://www.virustotal.com/gui/url/cd6119c4b0e1d1bb7f40cddfac1657253d0f8f43c2ff365ffa871a99ae71fe54?nocache=1

and remove this from the incomming data to browser

Classification
Category : SpywareType : AdwarePlatform : W32Aliases : Adware.[family], Adware:W32/[family], Adware.W32.[variant]




« Last Edit: September 04, 2023, 04:40:19 PM by Pondus »

Offline John01

  • Newbie
  • *
  • Posts: 3
Re: HTML:iFrame-inf [Susp] - embed links
« Reply #5 on: September 04, 2023, 04:57:27 PM »
We understand that some antivirus solution are seeing that link as threat, but it's only loading a video. It's used as iframe.
Links that are opening while loading that video, Avast or other antivirus can block it of course, but the url in question doenst have a malware.
And it's wierd how only our site is maked like that and others are not. And we think it was manual reported.