We run an online sales platform serving clients across the country. It’s well known in our vertical (telecommunications), and widely used.
Friday June 18 we had angry clients telling us that our platform had been blocked by Avast for URL:Phishing. They are actively losing orders and their clients are questioning the security of the site. I installed Avast to see this for myself, and yes the site is blocked - with no explanation, detail, nothing to go on at all. I seem to only be able to fill out a false positive form. In the case of business sites, including this case, measurable revenue is being lost.
Our platform is on hxxps://order.lvmtech.com - we run on the subdomain which points to our platform. It’s proprietary code.
They have a main site which is also blocked: hxxps://www.lvmtech.com - it’s WordPress, run by the clients - could this be the cause? Would Avast also block the “order” subdomain?
I need to determine root cause on this block. I’ve read through the forums and have used various links to scanners and URL analysis tools. Nothing suspicious has shown up.
Are the Avast techs here? Can I find out what’s happening?
I’m so confused - Dr. Web says the link is connected to violence? They are a dealer of phones and GPS services. Then I look up the site itself on VirusTotal and it shows none of that - just Information Technology.
As for the other warnings, I see they are suggested, but not having the suggested security features indicates malware, or that we are phishing. I need to do PCI compliance scans on a regular basis, which currently all pass. Things like IPV6 are not required, similar to HSTS (? I need to research this).
I got a generic reply this morning that “the reported URL was checked by Avast virus specialists and based on the findings the detection was removed. The website is now marked as clean in the Avast virus database.”
No root cause, and not whether the “www” or the subdomain caused the issues. No fixes had to be made - so it was just a costly mistake?
Any Avast techs, if you have any information that would be great. The client will blame us (the subdomain), but I believe it’s the “www” that caused this.
Tor Browser detected a potential security threat and did not continue to -66.212.168.157.tor.pathcom.com.
If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.
What can you do about it?
The issue is most likely with the website, and there is nothing you can do to resolve it.
You can notify the website’s administrator about the problem.
Well that is what has been done through this thread.
Question remains - why is it being grey-listed by Google’s?