My website watch anime is detected as url:scam and access is blocked

[animevietsub]

Hello

Since few days my website watch anime is detected as URL:Scam by avast and i'm not able to access it and others users as soon the Avast program is active.

I don't understand why suddently my website become flagged as this ?

It's hosted on a professionnal service and different analysis didn't detect any problem :
https://unmask.sucuri.net/security-report/?page=animevietsub.fan
https://www.virustotal.com/gui/url/4b1ca827be1aec2617b781080acdcae0d5b503d3cfb51e7bcd22e22e19f4e6bd

I believe this blocking is a result of a false positive, as my website does not contain any malicious or harmful content. The website serves watch anime online, and it is crucial for my online presence and engagement with visitors.

I'm facing a similar issue with my old domain, animevietsub.moe. Due to my internet service provider blocking it, I have redirected all traffic to the new website, animevietsub.fan. Currently, I'm encountering the same problem as with the old domain.

If you require any further information or clarification, please do not hesitate to contact me at admin@animevietsub.tv. I am looking forward to your positive response and resolution of this issue.
 
Thank you for your time and understanding.
 
Sincerely,

[DavidR]

-  Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

[animevietsub]

-  Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

I sent it three days ago, but still haven't received a response.

[polonus]

Hi animevietsub,

Malware as an heuristic generic find was detected on the website, see: https://quttera.com/detailed_report/animevietsub.fan
You find it addressed here: https://quttera.com/detailed_report/animevietsub.fan

Also Avira flags this here: (Avira means Avast also flags) -> https://www.virustotal.com/gui/url/39b1a073d1861b31cdbdc19bfd3573dc72ea4f1b084c907cd1938f56de0229e9?nocache=1
and found also to be suspicious after re-analyzing: https://www.virustotal.com/gui/url/39b1a073d1861b31cdbdc19bfd3573dc72ea4f1b084c907cd1938f56de0229e9?nocache=1

Suspicious generic find = PS.SuspScript.gen Error: SyntaxError: Unexpected token (eval).
JSLint throws up 9 errors - Use double quotes, not single quotes.
Detected potentially suspicious initialization of function pointer to JavaScript method eval CcodeE __tmpvar1366573087 = eval; Ccode/E


Reputation checks have been performed on the IP address for each of the linked sites. Hosts found on blacklists with poor reputation may be a threat to users of the site. Hosting and locations are also included in the results.


Read further on this generic detection issue, here: https://stackoverflow.com/questions/34744207/jquery-v2-showing-as-potentially-suspicious

Externally Linked Host   Hosting / Company
     -bit.ly   GOOGLE-CLOUD-PLATFORM         
     -www.facebook.com   FACEBOOK         
     -www.instagram.com   FACEBOOK         
     -fb.com   FACEBOOK         
     -www.kanefusafs.net   GOOGLE         
     -twitter.com   TWITTER         
     -www.youtube.com   GOOGLE         
     -bitly.com   GOOGLE-CLOUD-PLATFORM   

See vulners for additional script: https://www.shodan.io/host/103.229.42.224  (link)

See: https://urlscan.io/result/589f7a5e-80a8-4816-b661-df60cc0d4e79/

Hint scan delivered SECURITY issue:
Disallowed HTTP-Headers WarningThe 'Expires' header should not be used, 'Cache-Control' should be preferred.
WarningThe 'X-Frame-Options' header should not be used. A similar effect, with more consistent support and stronger checks, can be achieved with the 'Content-Security-Policy' header and 'frame-ancestors' directive.

@ https://urlscan.io/responses/bc47e1119a0bab6801b12db9debaefffc2116c5cf8d12cc5e7184154c3ce5d1e/
x-frame-options: deny
https://urlscan.io/favicon.ico
x-frame-options: deny

Wait for a final verdict from avast team for this PUP-detection.

polonus (volunteer 3rd party cold reconnaissance website security-analyst & website error-hunter)

[animevietsub]

Hi animevietsub,

Malware as an heuristic generic find was detected on the website, see: https://quttera.com/detailed_report/animevietsub.fan
You find it addressed here: https://quttera.com/detailed_report/animevietsub.fan

Also Avira flags this here: (Avira means Avast also flags) -> https://www.virustotal.com/gui/url/39b1a073d1861b31cdbdc19bfd3573dc72ea4f1b084c907cd1938f56de0229e9?nocache=1
and found also to be suspicious after re-analyzing: https://www.virustotal.com/gui/url/39b1a073d1861b31cdbdc19bfd3573dc72ea4f1b084c907cd1938f56de0229e9?nocache=1

Suspicious generic find = PS.SuspScript.gen Error: SyntaxError: Unexpected token (eval).
JSLint throws up 9 errors - Use double quotes, not single quotes.
Detected potentially suspicious initialization of function pointer to JavaScript method eval CcodeE __tmpvar1366573087 = eval; Ccode/E


Reputation checks have been performed on the IP address for each of the linked sites. Hosts found on blacklists with poor reputation may be a threat to users of the site. Hosting and locations are also included in the results.


Read further on this generic detection issue, here: https://stackoverflow.com/questions/34744207/jquery-v2-showing-as-potentially-suspicious

Externally Linked Host   Hosting / Company
     -bit.ly   GOOGLE-CLOUD-PLATFORM         
     -www.facebook.com   FACEBOOK         
     -www.instagram.com   FACEBOOK         
     -fb.com   FACEBOOK         
     -www.kanefusafs.net   GOOGLE         
     -twitter.com   TWITTER         
     -www.youtube.com   GOOGLE         
     -bitly.com   GOOGLE-CLOUD-PLATFORM   

See vulners for additional script: https://www.shodan.io/host/103.229.42.224  (link)

See: https://urlscan.io/result/589f7a5e-80a8-4816-b661-df60cc0d4e79/

Hint scan delivered SECURITY issue:
Disallowed HTTP-Headers WarningThe 'Expires' header should not be used, 'Cache-Control' should be preferred.
WarningThe 'X-Frame-Options' header should not be used. A similar effect, with more consistent support and stronger checks, can be achieved with the 'Content-Security-Policy' header and 'frame-ancestors' directive.

@ https://urlscan.io/responses/bc47e1119a0bab6801b12db9debaefffc2116c5cf8d12cc5e7184154c3ce5d1e/
x-frame-options: deny
https://urlscan.io/favicon.ico
x-frame-options: deny

Wait for a final verdict from avast team for this PUP-detection.

polonus (volunteer 3rd party cold reconnaissance website security-analyst & website error-hunter)

My previous domain name also experienced a similar situation. It appears that someone may have intentionally reported my website. That is the IP address of Cloudflare, and I use Cloudflare's firewall to prevent DDoS attacks. My website is completely clean and secure.

[polonus]

This file there is still flagged by three AV solutions as either malicious or suspicious:
https://www.virustotal.com/gui/url/e14a27709afccf5f591df419406a2efb5c3f7b9e2e3bb12e25d5d43cae802ff7?nocache=1

Did you report it here:    
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQx0WsHTKuBH%2BjLA284tmnSTxZaqI8FrpKYsBcazZ4mUKNux%2F8e%2BEu32ipSrUNtFtGN4Sz01sk8cuvOqHzQ0VOLT%2BFLyKYffRGbortCAqK22kIMr78kvXp6HgJ1Kqn%2FLvls%3D"}],"group":"cf-nel","max_age":604800}

Here file was found to be benign: https://zulu.zscaler.com/submission/094d91ec-e480-4a95-8a72-eeeadb95b80b

polonus