No, I meant it could easily be a false positive detection. Wait for a final verdict from avast team.
polonus
No, I meant it could easily be a false positive detection. Wait for a final verdict from avast team.
polonus
The avast software is saying that domain hxtps://iradio.pro/ is blocked because of phishing URL.
This has caused huge concerns among my customers and my sales have droped down because of it. Can you please help me with this i already filled the false positive form
Thank you in advance for clarification.
Wait for a final verdict from avast team, as avast team members are the only ones that may come and unblock.
In the mean time here are some recommendations towards the improvement of that website, some 390 hints:
https://webhint.io/scanner/a0085652-ea58-407f-b3ae-0bf6365a3ea0
No cloaking, spammy links etc. detected. Also sucuri sitescan gives the site the all green, as will VT.
DOM-XSS issues: Results from scanning URL: -https://stream.iradio.pro/system/streaminfo.js
Number of sources found: 44
Number of sinks found: 15
3 vulnerable libraries found: https://retire.insecurity.today/#!/scan/d5f873486139103b2278072b7c16d76c21927c1569f7e41013dc8c96ebdb3c0a
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Hello Avast technical support. My name is Justin and my company website is experiencing the similar phishing URL problem. The Avast software is blocking the website from being viewed because it has been deemed a phishing site.
Can someone please help me get this fixed?
The company site in question is: jshaccountingservicesllc.com
Thank you.
Justin
Can someone please help me get this fixed?
Report a suspected false positive (select file or website)
Click this link >> https://www.avast.com/false-positive-file-form.php
Hello Avast technical support, Rubfy is my website hosting company, domains, cloud servers, app and website development services and was marked as a virus by avast, I use avast secure browser and I guarantee that all my customers are happy with our services, we use the Licensed Cloud Linux OS, we use the licensed WHMCS, WHM / CPANEL Licenciado, there is no reason to be marked as a website with a virus, this causes me to lose customers.
I have already sent in the form to remove the false positive, you are the only ones who accuse it as a virus and it ends up with the reputation
link: hxtps://www.rubfy.com.br
I know about the CRDF, I removed it yesterday morning (you can see that in the urlvoid but in the virustotal it shows another one, it doesn’t have a sync, so I ask avast to help me), they removed it from their database and left the total virus but now the adminuslab also identified, being that they were clean yesterday, I don’t know if it was because of the CRDF that it has already removed, but hey this is very sad! in anaconda everything is ok, in kaspersky, and many others
follow the crdf email link saying it was removed: hxtps://ibb.co/nspQbQf
adminuslab answered automatically that there are many cases and it will take time to respond.
You have to wait for a final verdict from an avast team member, as avast has followed GData’s detection here.
See VT url scan results.
Indicators for detection: https://urlscan.io/result/f52ddb27-a4a6-440b-bcda-29cdb36045ce/#indicators
-d26lpennugtm8s.cloudfront.net (pinterest dot com stores etc.), -va.tawk.to, -www.siteblindado.com etc.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
You have to wait for a final verdict from an avast team member, as avast has followed GData’s detection here.
See VT url scan results.Indicators for detection: https://urlscan.io/result/f52ddb27-a4a6-440b-bcda-29cdb36045ce/#indicators
-d26lpennugtm8s.cloudfront.net (pinterest dot com stores etc.), -va.tawk.to, -www.siteblindado.com etc.polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
ok, I will wait, I have already zipped the whole site and sent it to the G data to analyze it, explained the whole situation, sent all the licensed systems I use as WHM, WHMCS, Cloud Linux and they answered automatically:
"Dear customer,
*** This message is an automatic e-mail response ***
Thank you for your sample submission.
A ticket for your submission has now been created and added to the processing queue.
Our analysts will examine your submission and you will get a reply with the solution and / or verdict for the submitted files / URLs.
Please note that we are receiving a large number of submissions per day, the processing of your ticket may take time.
Thank you for your patience.
Best Regards,
SecurityResponse Team
G DATA CyberDefense AG • G DATA Campus • Königsallee 178 "
I only have 2 options or I wait for the G-DATA to release or Avast removes and helps me.
the links are only images like cloudfront, etc., that I did not host on my server, I left on the CDN, I really have to upload it on my server, but I believe that this is not the problem because we have used it for months without any problem.
Hi bryan221,
I hope for you soon after this long weekend, you will be in for a final reply.
Hope that all ends well for you,
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Hi bryan221,
I hope for you soon after this long weekend, you will be in for a final reply.
Hope that all ends well for you,polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Hi polonus,
thank you very much, the support is very good, super effective, you respond very quickly and calm us down!
@ bryan221
You might want to check this out - https://awesometechstack.com/analysis/website/rubfy.com.br/ - as it reports some of the software needs to be updated, jQuery and Bootstrap.
Good advice towards bootstrap and jQuery version updates, however…
Whenever scanning at awesometechstack dot com, better keep following inline script blocked:
-https://m.servedby-buysellads.com/monetization.js (blocked by uBlockOrigin for me) (not malicious per se, but ad-tracking)
Re: https://www.virustotal.com/gui/ip-address/108.161.189.78/relations
polonus
Hi.I’m trying to pay a bill through hxtps://secure.euplatesc.ro/ and it says that was blocked due to phishing infection.I didn’t have this problem until now.Please whitelist it or review it.Thanks
Hi.I’m trying to pay a bill through https://secure.euplatesc.ro/ and it says that was blocked due to phishing infection.I didn’t have this problem until now.Please whitelist it or review it.Thanks
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
Scamvoid says potentially safe. But we see a link redirecting to facebook & linkedin:
Outgoing Links
-https://www.facebook.com/EuPlatesc.ro CleanMX flags this a s PHISHing link.
-https://www.linkedin.com/groups/eCommerce-Romania-1843035/about CleanMX flags this a the PHISHing link
So avast’s detection can be based on CleanMX’s detection.
polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
The avast software is saying that our company domain hxtps://productmarketingalliance.com/ is blocked because of phishing…?
It’s caused some concern to our members. Can we understand what happened here and what had triggered the false positive?
Thank you in advance for clarification.
Kind regards
Rich
Hi, you can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php