Our website’s login page (easycrypto.ai) is blocked by Avast Web Shield as “URL:Phishing”. This is incorrect. This is our website for customers to login through and is not a phishing site.
We have reported this via the Avast false positive form over 12 hours ago now however it is still blocked.
We have also gone further to confirm that there isn’t any MITM or redirection attacks happening against our customers.
Now we have taken to emailing customers a form letter explaining how to disable their use of Avast software and pinpointing Avast as the problem.
Needless to say, this is also a large financial loss for us to have our site unavailable for an entire day. This loss has been entirely caused by your incorrect classification of our login page. I will need a proper RCA for how this site came to be blocked.
Outdated JavaScript libraries detected. jquery 3.4.1
medium : Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
CVE-2020-11022
medium : Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
CVE-2020-11023
reported by retire.js
1 missing-content-security-policy
No Content Security Policy configured for this site.
source: DEVCON info.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
We are still waiting for a final verdict from an avast team member for these apparent FP PHISHING findings
on various CloudFlare driven websites. Yours is one of them.
I PM-ed avast threat lab, but probably they will not reply earlier than over the week-end,
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)