False Positive: Site Blocked - URL:Phishing

The avast software is saying that our company domain wxw.bitrue.com is blocked because of phishing URL.

This has caused huge concerns among our customers who had your software on their laptops. Can we understand what happened here and what had triggered the false positive??

Thank you in advance for clarification.

Kind regards

Bitrue

https://sitecheck.sucuri.net/results/www.bitrue.com

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

Hi,
it was fixed 25 minutes ago.

Hey there, this is happening to us again. We’d really be grateful if you could help us understand what had trigger this false positive again in such a short time period. wxw.bitrue.com

It affecting our reputation as a company, please help fix it. Thank you.


“The requested webbadress contains sabotage software that can harm your computer. If you want to go in to the webpage, close avast web protection and try again
Infection type: URL:Phishing”

Sorry for the inconvenience, I added bitrue[.]com to our cleanset so it wouldn’t happen again.

After entering my login info in sos.secureserver.net (the site, hostingdude.com, where my domains are hosted) and clicking “enter,” I am taken to hxtps://register-cheap-domain-names-cheap-web-hosting.hostingdude.com/sso/custom-domain-set?target=ggrdqjoeueticgeabbdidgihwjveubahphvarfyfyfreginbgcwdmglchifbkiphsigasiwhdgpjjdieneyckfhjxeqhicnc&sid=yfvghcsidcphubmdqgzefiwgahrikejh, where I get the warning: “URL:Phishing.” I am unable to access my account, and would appreciate advise - should I proceed – disable Avast – and go into the site?

I am unable to access my account, and would appreciate advise - should I proceed -- disable Avast -- and go into the site?
See reply #1

Detection has been removed in 14.08.2019 09:40 AM.

Our virus specialists have now cleared its reputation in our database.

With URLs this change should be instant, but it might take up to 24 hours with files.

6 reports found on scumware for that IP: https://www.scumware.org/report/103.86.176.10.html
Not flagged here: https://sitecheck.sucuri.net/results/www.artreenepal.com

49 recommendations towards improvement of website: https://webhint.io/scanner/a9656bc7-7043-49c1-b4a8-5712081a5ef7
Especially mark the security tips!

Wait for a final verdict from avast team, as they are the only ones to come and unblock.

polonus (volunteer 3rd party cold recon website security analysis and website error-hunter)

Buenas tardes, avast muestra la URL de mi sitio como un sitio de spam o malware, por favor podrían revisar mi sitio y eliminarlo de su lista negra. hxtps://www.sonarcts.com.ar/ https://sitecheck.sucuri.net/results/sonarcts.com.ar

Good afternoon avast shows my site url as spam or malware site, could you please check my site and remove it from your blacklist
https://www.sonarcts.com.ar/ https://sitecheck.sucuri.net/results/sonarcts.com.ar

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

Wait for a final verdict from an avast team member as they are the only ones to come and unblock.

Here your links seem clean:

Checking: -https://static.parastorage.com/unpkg/whatwg-fetch@3.0.0/dist/fetch.umd.js File size: 14.46 KB File MD5: 456c02ee2a496580a24e5aee614ba9b3

-https://static.parastorage.com/unpkg/whatwg-fetch@3.0.0/dist/fetch.umd.js - Ok

Checking: -https://static.parastorage.com/services/wix-perf-measure/1.238.0/wix-perf-measure.bundle.min.js
File size: 22.98 KB
File MD5: f5934c142b480054f08ac792a2ef0f6f

-https://static.parastorage.com/services/wix-perf-measure/1.238.0/wix-perf-measure.bundle.min.js - Ok

Checking: -https://static.parastorage.com/unpkg/requirejs-bolt@2.3.6/requirejs.min.js
File size: 17.08 KB
File MD5: 18823f6a6d208ee1e361bb266ab794d5

-https://static.parastorage.com/unpkg/requirejs-bolt@2.3.6/requirejs.min.js - Ok

Checking: -https://static.parastorage.com/services/tag-manager-client/1.186.0/siteTags.bundle.min.js
File size: 9969 bytes
File MD5: 69058c409a71528fa4be8ab659d4cc24

-https://static.parastorage.com/services/tag-manager-client/1.186.0/siteTags.bundle.min.js - Ok

Checking: -https://static.parastorage.com/services/wix-bolt/1.6656.0/bolt-main/app/bolt-custom-elements.min.js
File size: 139.00 KB
File MD5: 609b23cb79281b5db163d9bba440a9b1

-https://static.parastorage.com/services/wix-bolt/1.6656.0/bolt-main/app/bolt-custom-elements.min.js - archive JS-HTML
-https://static.parastorage.com/services/wix-bolt/1.6656.0/bolt-main/app/bolt-custom-elements.min.js - Ok

Checking:- https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js
File size: 134.54 KB
File MD5: 18eb21e8d1074fd7a594d3748ba0cb33

-https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js - archive JS-HTML

-https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js/JSTag_1[3588][1e4a3] - Ok
-https://static.parastorage.com/unpkg/core-js-bundle@3.2.1/minified.js - Ok

Checking:
-https://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js
File size: 11.94 KB
File MD5: 07cfd255c2196aee3348d61240568187

-https://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js - archive JS-HTML

-hXtps://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js/JSFile_1[0][2fc4] - Ok
-https://static.parastorage.com/services/web/2.1229.80/javascript/wysiwyg/viewer/deprecatedbrowsers/UpgradeBrowser.js - Ok

Checking: -https://www.sonarcts.com.ar/
Engine version: 7.0.49.9080
Total virus-finding records: 9278294
File size: 483.13 KB
File MD5: 6f9fe1ad495ce2f3ed1380441887492a

-https://www.sonarcts.com.ar/ - archive JS-HTML

-https://www.sonarcts.com.ar//JSTAG_1[544][10b1b] - Ok
-https://www.sonarcts.com.ar//JSTAG_2[11095][3d] - Ok
-https://www.sonarcts.com.ar//JSTAG_3[11112][172b] - Ok
-https://www.sonarcts.com.ar//JSTAG_4[12866][2251] - Ok
-https://www.sonarcts.com.ar//JSTAG_5[14af2][285] - Ok
-https://www.sonarcts.com.ar//JSTAG_6[14def][87] - Ok
-https://www.sonarcts.com.ar//JSTAG_7[14f75][c5] - Ok
-https://www.sonarcts.com.ar//JSTAG_8[1506c][1e2] - Ok
-https://www.sonarcts.com.ar//JSTAG_9[1526c][b2] - Ok
-https://www.sonarcts.com.ar//JSTAG_10[15346][702] - Ok
-https://www.sonarcts.com.ar//JSTAG_11[15c01][160] - Ok
-https://www.sonarcts.com.ar//JSTAG_12[453c1][d6] - Ok
-https://www.sonarcts.com.ar//JSTAG_13[45c32][e6] - Ok
-https://www.sonarcts.com.ar//JSTAG_14[45dbf][33e] - Ok
-https://www.sonarcts.com.ar//JSTAG_15[657ea][18a] - Ok
-https://www.sonarcts.com.ar//JSTAG_16[66d5c][11bc8] - Ok
-https://www.sonarcts.com.ar//JSTAG_17[78ac5][1e] - Ok
-https://www.sonarcts.com.ar//JSTAG_18[78b21][139] - Ok
-https://www.sonarcts.com.ar/ - Ok

check by DrWeb’s.

31 recommendations towards improvement given here: https://webhint.io/scanner/e43e6761-b286-4db3-9cfd-59d329472979
1500! idem given here: https://webhint.io/scanner/dd07a5bc-d313-4fb3-baab-c7d81211eac3

polonus (volunteer 3rd party coldd recon website security analyst and website error-hunter)

Gracias por tu disposición, espero aun miembro avast resuelva.

Hi contacto38,

Report here: https://www.avast.com/false-positive-file-form.php
The only ones that can give a final verdict and possibly unblock your website are avast team members.
We here are not. Just volunteers with relative knowledge of website security intelligence.

At the moment avast detects certain issues with sites on CloudFlare and it’s anti-bot obfuscated code,
combined with clickfunnels’ proximanova code.

Hopefully this issue will be sorted out soon between avast, clickfunnels & CloudFlare. :stuck_out_tongue:

Your website is redirecting here: -https://www.fernandarestrepo.com/inscribeteparalarepeticionn1601675656060
I see no cloaking, no spammy links, normal status codes, no iframes and no further blacklists mentioned.
https://sitecheck.sucuri.net/results/www.fernandarestrepo.com
VT: no engines detect: https://www.virustotal.com/gui/url/0a555b780be78cc52705ed16415ac6f839abaf779e6a415d63bac0b7f93ad4a1/detection

DOM-XSS issues: Results from scanning URL: -https://www.fernandarestrepo.com/inscribeteparalarepeticionn1601675656060
Number of sources found: 33
Number of sinks found: 364

Recommendations: https://webhint.io/scanner/c1674c98-a5f2-4620-8a3b-b654f1d34e08
Only Trustwave to flag that CloudFlare IP: https://www.virustotal.com/gui/ip-address/104.16.16.194/detection
See also: https://www.virustotal.com/gui/ip-address/104.16.16.194/relations

polonus (3rd party cold recon website security analyst and website error-hunter)

Use the link in Reply #11 https://forum.avast.com/index.php?topic=226334.msg1562447#msg1562447

Whilst not blacklisted in that check, https://sitecheck.sucuri.net/results/bictf.org there are some other issues.

Also this check https://webhint.io/scanner/21c4cbc6-e159-426b-a684-0c8aeba65ad7 especially security based issues.

I don’t know if these would result in avasts detection (possibly not) or make it more likely that the site could be hacked. Which is why you should report it directly to avast using the link in Reply #11 that I mentioned above.

Wait for a final verdict from avast team as it has been given as clean here:

Checking: -https://bictf.org//assets/js/front/popper.min.js File size: 18.59 KB File MD5: b18556921e79d50bc26a3f42f33f1c16

-https://bictf.org//assets/js/front/popper.min.js - Ok

Checking: -https://bictf.org//assets/js/front/theme.js
File size: 6772 bytes
File MD5: 2c8d617570437d559ef7aa76a804b399

-https://bictf.org//assets/js/front/theme.js - archive JS-HTML

-https://bictf.org//assets/js/front/theme.js/JSFile_1[0][1a74] - Ok
-https://bictf.org//assets/js/front/theme.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery-3.3.1.min.js
File size: 84.89 KB
File MD5: 4b57cf46dc8cb95c4cca54afc85e9540

-https://bictf.org//assets/js/front/jquery-3.3.1.min.js - archive JS-HTML

-https://bictf.org//assets/js/front/jquery-3.3.1.min.js/JSTag_1[b3b0][9fde] - Ok
-https://bictf.org//assets/js/front/jquery-3.3.1.min.js/JSTag_2[bc2a][9764] - Ok
-https://bictf.org//assets/js/front/jquery-3.3.1.min.js/JSTag_3[13c2a][1764] - Ok
-https://bictf.org//assets/js/front/jquery-3.3.1.min.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery.scrollUp.js
File size: 5338 bytes
File MD5: c752b61fcdae6d71e36ce1f8a378cce2

-https://bictf.org//assets/js/front/jquery.scrollUp.js - Ok

Checking: -https://bictf.org//assets/js/front/owl.carousel.min.js
File size: 41.76 KB
File MD5: b7b9c97cd68ec336d01a79d5be48c58d

-https://bictf.org//assets/js/front/owl.carousel.min.js - Ok

Checking: -https://bictf.org//assets/js/jquery.validate.js
File size: 47.54 KB
File MD5: ed399222edd6d6afc491bc82ac5e5051

-https://bictf.org//assets/js/jquery.validate.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery.meanmenu.js
File size: 11.45 KB
File MD5: ed22b2eea8f7a1f9e0fe9c024f4ad76f

-https://bictf.org//assets/js/front/jquery.meanmenu.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery.counterup.min.js
File size: 1331 bytes
File MD5: 44f141aed0c0804f9f17b6a85e1991b7

-https://bictf.org//assets/js/front/jquery.counterup.min.js - archive JS-HTML

-https://bictf.org//assets/js/front/jquery.counterup.min.js/JSFile_1[0][533] - Ok
-https://bictf.org//assets/js/front/jquery.counterup.min.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery.waypoints.min.js
File size: 9028 bytes
File MD5: 7d05f92297dede9ecfe3706efb95677a

-https://bictf.org//assets/js/front/jquery.waypoints.min.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery.fancybox.min.js
File size: 44.44 KB
File MD5: 5b87ba747cef3c648f3a574425266d65

-https://bictf.org//assets/js/front/jquery.fancybox.min.js - Ok

Checking: -https://bictf.org//assets/js/front/jquery-ui.js
File size: 526.78 KB
File MD5: e0e5b130995dffab378d011fcd4f06d6

-https://bictf.org//assets/js/front/jquery-ui.js - Ok

Checking: -https://bictf.org//assets/js/front/bootstrap.min.js
File size: 49.84 KB
File MD5: 67176c242e1bdc20603c878dee836df3

-https://bictf.org//assets/js/front/bootstrap.min.js - Ok

Checking: -https://bictf.org/
Engine version: 7.0.49.9080
Total virus-finding records: 9597100
File size: 20.55 KB
File MD5: 83e0e149a68b942d2c48e8776cf68eee

-https://bictf.org/ - archive JS-HTML

-https://bictf.org//JSTAG_1[4c8a][587] - Ok
-https://bictf.org/ - Ok

No cloaking, no spammy looking links, no iFrames etc.
JavaScript errors - I do not see the website flagged by avast now:
File not found: //assets/js/front/theme.js

File not found: //assets/js/front/bootstrap.min.js

File not found: //assets/js/front/popper.min.js

File not found: //assets/js/front/jquery.waypoints.min.js

File not found: //assets/js/front/jquery.scrollUp.js

File not found: //assets/js/front/jquery.fancybox.min.js

File not found: //assets/js/front/jquery.meanmenu.js

File not found: //assets/js/front/jquery.counterup.min.js

File not found: //assets/js/front/owl.carousel.min.js

File not found: //assets/js/front/jquery-ui.js

File not found: //assets/js/jquery.validate.js

File not found: //assets/js/front/jquery-3.3.1.min.js

SyntaxError: Invalid regular expression flags
:3:100()
Object.P.safeDocument. [as dispatchEvent] (:10:55)()
:3:100()
la (:10:228)()
Object.send (:11:438)()
Object.exec_csp (:1:265)()
Object.E_u (:3:384)()
Ka (:59:375)()
Object.create (:71:235)()
L (:10:208)()

EvalError: Refused to evaluate a string as JavaScript because ‘unsafe-eval’ is not an allowed source of script in the following Content Security Policy directive: “script-src ‘’”.
chrome-extension://dhdgffkkebhmkfjojejmpbldmpobfkfo/userscript.html?name=Userscript%252B%2520%253A%2520Show%2520Site%2520All%2520UserJS.user.js&id=deaa8e68-d0a0-47a6-a24c-c7399df11a53:71 Function.onload()
:3:100()
:27:113()

TypeError: Cannot read property ‘apply’ of undefined
:2:506()
:3:78()
Object.exec_script (:1:369)()
Object.exec_csp (:1:292)()
Object.E_u (:3:384)()
Ka (:59:375)()
Object.create (:71:235)()
L (:10:208)()
animate.css, html
Bootstrap, script Not vulnerable
jQuery, script Not vulnerable

Something with CloudFlare with the tags with disallowed characters?

As I said wait for an avast team member to comment, we here are just volunteers with relevant knowledge in the field of website security, but only avast team members can come and unblock, and as far as I can establish, they already have done so.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

hi avast reports the website lucedeglieventi.it as responsible for phishing but the problem was solved after a few hours the hacker attack on 25 January 2021

but now avast still reports the website as a false positive

we tried to use the form
https://www.avast.com/false-positive-file-form.php

but it does not work
the captcha with google chrome and Edge browser always gives me error

we would like to know how to have this website removed from your list

Thank you

@ ‘niccosan’
See this topic, as there appears to be a problem reporting possible false positives on that link.

https://forum.avast.com/index.php?topic=249241.0

Additionally no spam report seen for this IP: https://cleantalk.org/blacklists/104.21.56.30
CloudFlare dot net has a low spam rate of moderate 4,7% overall.

polonus

Dear polonus
I didn’t understand what you mean by your message?
do i have to check with the link you provided?

or other?

Regards
Nicola