Receiving blocked threat notices here: https://personalsavings.americanexpress.com/
You can report a URL here: https://www.avast.com/report-a-url.php
Excellent! Thanks!!
You’re welcome.
Only avast detect > https://virusscan.jotti.org/en-US/filescanjob/1x6wknwhef
This seems to be happening to everything to do woth Amex…how do you override a threat report?
I am having the same problem. It seems to affect everything to do with American Express.
Will be interesting to hear Avast Team’s position on this issue. Is it a FP or a genuine detection, just Avast detects. American Express has been hacked and spread malware on several occasions in the past. The only one to explain is the Avast Team Member responsible for that potential FP whenever it is one. Probably we will hear about this over the weekend. Also curious if the detection is also reported when users use Avast Safe Zone browser?
Well there are certainly problems there, as is shown here: https://aw-snap.info/file-viewer/?tgt=https%3A%2F%2Fpersonalsavings.americanexpress.com%2Fhome.html&ref_sel=GSP2&ua_sel=ff&fs=1
But let us wait for a final verdict from Avast…
polonus
Seems the FP has been mitigated, I am no longer getting this avast pop-up alert.
A likewise generic detection like this one seemed to have been at the culprit of this, again not on all clients: https://www.reverse.it/sample/8bef79ef4eb547e6a227b31a80fec6565fb073d4a36138ab80fdeed274a7a414?environmentId=100
and also consider this one: https://www.hybrid-analysis.com/sample/145ec5176315a0cec2c56f3ae57dbd22c2d7e09a2e958ef13a3ca28f70439100?environmentId=100 It is anexperimental navigation structure and behavior pattern based on progressive enhancement and responsive web design,
NAV.RWD.checkMetroMode line 87 of the website code where we have to point to according to Redleg.
We are just waiting for an Avast Team Member to react.
Security issue server header info proliferation for Server type:
Apache/2.2.3 (Red Hat) DAV/2 mod_jk/1.2.31 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Not Enabled
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Enabled
RC4:
Not Enabled
OCSP stapling:
Not Enabled
Please check this list for unknown links on your website:
-https://www.bluebird.com/?solid=inavmyaccountbb&inav=menu_my → ‘bluebird alternative to bankin’
-https://www.amexglobalbusinesstravel.com → ‘corporate travel solutions’
-http://www.amextravelresources.com/?us_nu=dd&inav=menu_trave → ‘find a travel service office’
-https://www.amexglobalbusinesstravel.com → ‘corporate travel solutions’
-https://www.amexglobalbusinesstravel.com/meetings-and-events → ‘meetings and events’
-https://www.openforum.com/?cid=inav_home → ‘learn more’
-http://www.fdic.gov/edie/index.html → ‘continue’
-http://www.fdic.gov/edie/index.html → ‘continue’
-https://foursquare.com/americanexpress → ‘’
-https://www.bluebird.com/?solid=bbdamexhpbbar&inav=footer_bl → ‘bluebird®’
-https://info.evidon.com/pub_info/1328?v=1&nt=1&nw=true&inav= → ‘adchoices’
polonus (volunteer website security analyst and website error-hunter)
Hi all,
This was indeed a false positive. Luckily it impacted only a very small percentage of users accessing amex 
It should have been fixed a long time ago, if you still have any problems, can you try to update Avast, restart shields and then trying again?
@HonzaZ - Tried what you recommended and still getting popup warning. What else do you recommend?
Post a screenshot of the popup warning
Screenshot attached
@HonzaZ is probably not online again before tomorrow (european time)
I doubt that there is another FP on the same site with the same detection…
Cou you try to updating Avast (both engine and virus database), then restart your computer, to see if there is still a popup?