Author Topic: false alarm report form not working - and I need help  (Read 814 times)

0 Members and 1 Guest are viewing this topic.

Offline Matyko42

  • Newbie
  • *
  • Posts: 2
false alarm report form not working - and I need help
« on: June 10, 2024, 06:44:46 PM »
Dear AVAST support,

I tried submitting two domains using the form, but it did not work. Everything seemed to be fine, but I never got a reply, and I did not get a confirmation email after submitting the domains (maybe this is normal - but most antivirus vendors send an automatic email that they received the filled form)

So I am trying via email...

Two ad-tracking domains on our adult website were flagged by you, and we believe that this is a false alarm, and kindly asking you to remove the malware flag.

The domains are:
https://trklaos.org/cukil4k.php?key=7pri02ma1rkfnkchu9mt&ID=5675798510275907077&AUCTIONPRICE=2.36&REF=https%3A%2F%2Fstarwank.com%2Fvideos%2F147149%2Fexotic-beauty-and-her-tutor-having-forbidden-affair-mina-luxx%2F%3Futm_source%3Dawm%26utm_medium%3Dawmtraffic%26utm_campaign%3Dstarwank%26subid1%3D900001&KW=&REFDOMAIN=starwank.com&SPOTID=442385&NODEID=77&CPVPRICE=0.0023599999999999997&CAMPAIGNID=3770353&CREATIVEID=2064677&IP=72.84.108.211&UA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F125.0.0.0+Safari%2F537.36

and

https://p.pa6ka.com/api/click/5675798510275907077?u=8zJeTEKYMEaOZLsrSZA

Both domain's reputation is already clean on virustotal:

https://www.virustotal.com/gui/url/fcadf78c1991b21e42b2c83efe2b67208984ea19f5774c6cff05689ffb18b876

and

https://www.virustotal.com/gui/url/9682e95f60ba02dcb714e820b959e71f7640e5c3d7831aa42db362b2012c9366?nocache=1

Please be so kind and whitelist them!

Thank You & Kind Regards,

Matyko Berenyi

Owner/CEO @ NetConvert Ltd [ https://www.netconvert.net ]
LinkedIn: https://www.linkedin.com/in/matykoberenyi/
Skype: live:matyko42
Cell/WhatsApp: +36304573092

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89427
  • No support PMs thanks
Re: false alarm report form not working - and I need help
« Reply #1 on: June 10, 2024, 06:56:11 PM »
Confirmation emails have been discontinued by Avast.
Something as an Avast user I disagree with.

Please break active links to suspect sites to avoid accidental exposure, only post the domain-name or change the https to httXp to break the link.

I didn't get an alert on hXXps://trklaos.org by avast but is was blocked by the uBlock Origin add-on in firefox. However even with uBlock Origin add-on disabled I get a blank screen and no avast alert.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Matyko42

  • Newbie
  • *
  • Posts: 2
Re: false alarm report form not working - and I need help
« Reply #2 on: June 14, 2024, 02:02:54 PM »
Good David,

Thank you for your reply.
Did they just discontinued the confirmation emails or these cases are now not getting any ticket/case ID-s I an refer to?
I tried emailing AVAST about this, but there's an automatic reply saying if I don't use a case/ticket ID then they ignore the email..

Thank You for your suggestion about posting the suspicious links!
Luckily, these links are totally clean in Virustotal, this is why I did not bother with it - in my book these are false positives and I just need AVAST to clean the reputation of these domains.

Peace

Confirmation emails have been discontinued by Avast.
Something as an Avast user I disagree with.

Please break active links to suspect sites to avoid accidental exposure, only post the domain-name or change the https to httXp to break the link.

I didn't get an alert on hXXps://trklaos.org by avast but is was blocked by the uBlock Origin add-on in firefox. However even with uBlock Origin add-on disabled I get a blank screen and no avast alert.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89427
  • No support PMs thanks
Re: false alarm report form not working - and I need help
« Reply #3 on: June 14, 2024, 09:38:36 PM »
You're welcome.
The lack of email response in the standard reporting a possible false positive is fairly recent.

The link for reporting this has also recently changed (not sure if this was also when responses ceased):
New location to report both a False Positive and or a False Negative, for URL or File - https://www.avast.com/submit-a-sample#pc

You will have noticed (I hope), that Avast isn't listed on the VT checks for URLs as Avast doesn't have a function to do this on demand, this is carried out by the Web Shield which is a live scan (so avast has to be running on the user system).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33976
  • malware fighter
Re: false alarm report form not working - and I need help
« Reply #4 on: June 15, 2024, 12:51:35 PM »
See: https://radar.cloudflare.com/scan/5dcfe4f6-ff0a-4093-b15d-5ba762af922b/summary

and https://radar.cloudflare.com/scan/f1b6d608-d383-4e21-9c0a-a2ed31d8d99b/summary

https://quttera.com/detailed_report/trklaos.org

There is some room for extended header security. While Cloudflare is a reputable company, the reliability of these results depends on various factors. Here are some points to consider:

Methodology: Cloudflare's Radar scan uses automated tools to identify potential vulnerabilities and weaknesses in a website's infrastructure. The methodology is based on industry-standard scanning techniques and best practices.
Scope: The scan typically includes checks for common vulnerabilities, such as outdated software, misconfigured servers, and potential backdoors. However, it may not cover every possible vulnerability or configuration issue.
Accuracy: While Cloudflare's radar scan is designed to be accurate, it's not perfect. False positives or false negatives can occur due to various reasons, such as:
Misconfigured scanners or outdated database information.
Overlapping or conflicting results with other security tools.
There is insufficient information about the website's specific configuration or technology stack.
False positives: It's not uncommon for security scans to generate false positives, which can lead to unnecessary remediation efforts. Carefully review the scan results and prioritise issues based on their severity and relevance to your website.
False negatives: Conversely, the scan might miss some vulnerabilities or issues that are not detected by the scanning technology. This is where human expertise and manual testing come into play.
Website configuration: The accuracy of the scan results depends on the website's configuration and technology stack. For example, if a website uses custom or non-standard configurations, the scan might not be able to detect certain issues.
Human interpretation: The results require human interpretation and understanding of the findings. A thorough analysis of the report and prioritisation of issues are essential to ensuring effective remediation.
To increase the reliability of these results:

Review the scan report carefully and prioritise issues based on severity and relevance.
Verify the findings with other security tools and experts.
Conduct manual testing and verification of critical issues.
Consider engaging with Cloudflare support or other security experts for further guidance.
Keep your website software up-to-date and ensure regular security patches are applied.
In conclusion, while Cloudflare's radar scan provides valuable insights into a website's security posture, it's essential to consider the limitations and potential inaccuracies of the results. A combination of automated scanning, human expertise, and manual testing is necessary to ensure a comprehensive understanding of your website's security posture. INfo deep.ai oversight

polonus
« Last Edit: June 15, 2024, 01:10:34 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!