Is this a false negative warning?

[michael.gladu]

I'm getting a popup from Avast that is blocked Phishing Malware when I go to open Allstays Pro website. I tried to contact Allstays but never got a response. The popup started showing 2 days before my new Allstays Pro annual billing cycle. Seems I'm unable to add a screenshot of the pop-up here.

[Pondus]

Is this a false negative warning?

False negative = something malicious is not detected

False positive = something clean is detected as malicious


So in Your case when avast is detecting a website, it will be correct (positive) or wrong (false positive)

Seems I'm unable to add a screenshot of the pop-up here.

See below the box you write in attachments and other options

[michael.gladu]

Thank you. The correct question- Is this a false positive? Please see attachment-

[DavidR]

Since you didn't select the Details option before the screenshot we can't see the URL.

I did a google search on Allstays Pro website and visited the site at the top of the results and no avast alert.
hXXps://wXw.allstays.com/DL/ the latter /DL/ I suspect is a redirect from the main domain.  Note I have broken the link (replacing some of the URL prefixes) to prevent it being active.

Is this the URL you were/are getting the alert on ?

[michael.gladu]

Not precisely that exact URL but when I log in to the next page with my credentials the Avast warning pop-up appears. I will try to log in again now to it...OK, now I'm getting a red Chrome warning that it's a dangerous site when I try to log in! I depend heavily on Allstays Pro for RV trip planning. Maybe Allstays Pro has been hacked?

[DavidR]

A screenshot with the Details option selected before the screenshot would help.  We can't see the URL, so it is virtually impossible to investigate.

[michael.gladu]

This is the URL and the red Chrome warning that is displaying now when I attempt to Login to Allstays Pro-

[DavidR]

But that isn't an Avast Alert but one related to Chrome.

Looking back at your first images I see the URL is new-adversting.com and that gets several hits on VirusTotal
https://www.virustotal.com/gui/url/c3e4ec3259a0605d5c360de048b260d6e17f9a1c0ee68ec6bbb24b24bb6e8256?nocache=1 - also look at the Details tab in these results.
Note Avast doesn't do on-demand scans of websites only live scans when a user visits a site or there would be more...

Also note that this domain is indicating it is Russian and a check on it returns a low level of trust - https://sites.ipaddress.com/new-adversting.com/ - note this is a checking site and not a direct link to the suspect site.

So given the 'live alert' by avast, also by Chrome and the ones on virustotal I doubt that this is a false positive.  Though I can't be positive as an Avast user and not an Avast Team member.

[michael.gladu]

quote- "Looking back at your first images I see the URL is new-adversting.com and that gets several hits on VirusTotal
https://www.virustotal.com/gui/url/c3e4ec3259a0605d5c360de048b260d6e17f9a1c0ee68ec6bbb24b24bb6e8256?nocache=1 - also look at the Details tab in these results.
Note Avast doesn't do on-demand scans of websites only live scans when a user visits a site or there would be more..."

Thank you, could it be new-adversting.com was attempting to hijack Allstays Pro URL? No matter whether I used a stored Allstays Pro bookmark or a Google link the Avast warning popup appeared when I attempted to log in to Allstays Pro. Since the warning appears when I attempt to log-in, it would be impossible for you to replicate this Avast warning or Google warning without being an Allstays Pro member, correct? I have petitioned some members on one of my RV tech forums to see if they are having a similar problem with Allstays Pro and/or Avast and Google.

[DavidR]

<snip quote>
Thank you, could it be new-adversting.com was attempting to hijack Allstays Pro URL? No matter whether I used a stored Allstays Pro bookmark or a Google link the Avast warning popup appeared when I attempted to log in to Allstays Pro. Since the warning appears when I attempt to log-in, it would be impossible for you to replicate this Avast warning or Google warning without being an Allstays Pro member, correct? I have petitioned some members on one of my RV tech forums to see if they are having a similar problem with Allstays Pro and/or Avast and Google.

I honestly don't know as the Avast alert is on a different domain to that which Chrome is alerting on, nor how they are related.  But the Chrome warning, given the info I found earlier on it particularly the second link I posted in reply #7 would make me very suspicious of it. 

Avast doesn't just check the URL you visited but would also check external/3rd party links and according to your first two images, this appears to be what it is alerting on, when you logon.  That is why using the see Details (which I have mentioned) could give more information.

As an Avast User there is only so much that I can do and information is the key to doing that. 
My problem is how would you get to the Chrome Alert without having Avast alerting earlier in that process.