Hello,

I’m writing here because the false positive form is ignoring my requests.

It concerns the https://notube.fi website.

The site is blocked by Avast and prevents thousands of users from accessing our site: we receive complaints from users almost every hour to let us know.

This is simply unacceptable, as we have done everything necessary to meet Avast’s requirements, including removing entire categories from our advertising network.

It’s also very strange and dangerous to block our site when it’s simply ads you don’t like.

Can you please :

Unblock the entire notube.fi site, subdirectories and subdomains.
And if you want, block notube.fi/p/ and notube.fi/p2/, which do indeed redirect to mainstream advertising (unless you consider amazon or aliexpress to be dangerous advertising).

Another funny thing is that you’ve whitelisted the notube.net domain, which is exactly the same site but in English (.fi is the Spanish version).

This makes it very difficult for me to justify this to my users, and I will systematically redirect them to the url of this topic so that they can have a transparent report from you.

Sorry if the post can be a bit prickly, but I’ve been fighting with you for years over the same request, and you’re the ONLY antivirus company to act in this way against my site.

Thank you in advance

But there is a reason: check out hxtps://notube.fi/
Xmark
Checking for cloaking
There is a difference of 4351 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that’s trying to hide from browsers but makes Google think there’s something else on the page. show. See: https://www.isithacked.com/check/https%3A%2F%2Fnotube.fi%2F (Google may not like cloaking.).

Xmark
Status codes
These should normally be the same.

GoogleBot returned code 403
Google Chrome returned code 301 to -https://notube.fi/es/youtube-app-2

No malicious content found here: https://quttera.com/detailed_report/notube.fi
nor here: https://www.virustotal.com/gui/url/b2bf27266b9867430d6abaa69beaf25a906d17dff4cf35f55bb9325025c84a3b

So wait for a final verdict from the Avast team.

polonus

I can confirm that there’s no reason for this: It’s just a redirect to the home page.

301 Moved Permanently

I’ve been waiting for several months now, and Avast’s last reply dates back to May 20, 2 months ago. How long do I have to wait?

Avast has recently ceased sending direct responses to FPs - yes they will investigate and if confirmed as an FP it would be removed.

That said I tried to visit the site and it still throws up an alert (see attached screenshot), but it doesn’t match what you have posted.

Before shooting the messengers neither of us work for Avast but are Avast Users.

“Avast has recently ceased sending direct responses to FPs” What does this mean? How can the problem be followed up and resolved if they no longer respond to requests?

Have a look at the json output at urlscan.io:

{ "data": { "requests": [ { "request": { "requestId": "FFE6D6FEEB069E1E19910A33FB555A6A", "loaderId": "FFE6D6FEEB069E1E19910A33FB555A6A", "documentURL": "-https://notube.fi/", "request": { "url": "-https://notube.fi/", "method": "GET", "headers": { "Upgrade-Insecure-Requests": "1", "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" }, "mixedContentType": "none", "initialPriority": "VeryHigh", "referrerPolicy": "strict-origin-when-cross-origin", "isSameSite": true }, "timestamp": 57648272.519988, "wallTime": 1721310675.71098, "initiator": { "type": "other" }, "redirectHasExtraInfo": false, "type": "Document", "frameId": "1E27BB1678EB4EDB4DB53869E4B60ABC", "hasUserGesture": false, "primaryRequest": true }, "response": { "encodedDataLength": 0, "dataLength": 0 } } ], "cookies": [], "console": [], "links": [], "timing": { "beginNavigation": "2024-07-18T13:51:15.707Z", "frameStartedLoading": "2024-07-18T13:51:15.710Z" }, "globals": [] }, "lists": { "ips": [], "countries": [], "asns": [], "domains": [ "notube.fi" ], "servers": [], "urls": [ "-https://notube.fi/" ], "linkDomains": [], "certificates": [], "hashes": [] }, "meta": { "processors": {} }, "page": { "domain": "-notube.fi", "url": "-https://notube.fi/", "apexDomain": "-notube.fi" }, "scanner": { "country": "fi" }, "stats": { "IPv6Percentage": null, "adBlocked": 0, "domainStats": [ { "count": 0, "ips": [], "domain": "notube.fi", "size": 0, "encodedSize": 0, "countries": [], "index": 0, "initiators": [] } ], "ipStats": [], "malicious": 0, "protocolStats": [], "regDomainStats": [ { "count": 0, "ips": [], "regDomain": "notube.fi", "size": 0, "encodedSize": 0, "countries": [], "index": 0, "subDomains": [ { "domain": "", "failed": true } ] } ], "resourceStats": [], "securePercentage": 0, "secureRequests": 0, "serverStats": [], "tlsStats": [], "totalLinks": 0, "uniqCountries": 0 }, "submitter": { "country": "NL" }, "task": { "apexDomain": "notube.fi", "domain": "notube.fi", "method": "manual", "source": "web", "tags": [], "time": "2024-07-18T13:51:45.707Z", "url": "-https://notube.fi/", "uuid": "bf57160a-1946-4d6d-8c5c-2d321b8c3179", "visibility": "public", "reportURL": "https://urlscan.io/result/bf57160a-1946-4d6d-8c5c-2d321b8c3179/", "screenshotURL": "https://urlscan.io/screenshots/bf57160a-1946-4d6d-8c5c-2d321b8c3179.png", "domURL": "https://urlscan.io/dom/bf57160a-1946-4d6d-8c5c-2d321b8c3179/" }, "verdicts": { "overall": { "score": 0, "categories": [], "brands": [], "tags": [], "malicious": false, "hasVerdicts": false }, "urlscan": { "score": 0, "categories": [], "brands": [], "tags": [], "malicious": false, "hasVerdicts": false }, "engines": { "score": 0, "categories": [], "enginesTotal": 0, "maliciousTotal": 0, "benignTotal": 0, "maliciousVerdicts": [], "benignVerdicts": [], "malicious": false }, "community": { "score": 0, "categories": [], "brands": [], "votesTotal": 0, "votesMalicious": 0, "votesBenign": 0, "malicious": false, "hasVerdicts": false } } }

polonus

They don’t send email notifications/replies if your possible email FP report is/was considered an FP.

Did you use the on-line Web form (see below) which is the recommended reporting method - this won’t draw a direct response other than internal investigation and correction if considered an FP.

• Possible False Positive - New location to report both a False Positive and or a False Negative (for File or URL) - https://www.avast.com/submit-a-sample#pc

In the meantime - Investigate the link in my screenshot as to why it might be considered a URL Scam.
Test by temporarily removing that youtube-app-2 link.

Yup all the code is OK. No way to contact them now? It’s been 2 months that the site has been blocked for no reason, it’s just unbelievable!

The way to contact them is via the form link that I gave.

But did you try removing that link as suggested, as an Avast User I’m limited in what I can do

The detection has been lifted, and Avast does not flag the website any longer.

polonus