False positives on urls by Avast.

Avast has been giving false positives with websites it shouldn’t lately, one of them being this one: tdesktop.telega.one and the other one: http://cpanel.ezyro.com/

How do you know they are false positives ?

Please break active links to suspect sites to avoid accidental exposure (as I have in the quoted text).

There are sites that can also check a site link and or file upload.
https://www.virustotal.com/
https://en.internet.nl/
https://sitecheck.sucuri.net/
https://quttera.com/website-malware-scanner

New location to report both a False Positive and or a False Negative - https://www.avast.com/submit-a-sample#pc

tdesktop.telega.one is a Telegram domain, it cannot be a malicious URL. The other link is a cPanel URL.

The fact that it is a telegram domain doesn’t mean it can’t be infected.

I don’t work for Avast, just trying to help.
I can only point you in the right direction, what you choose to do is up to you.

Hmmmm, okay ::slight_smile:

https://www.virustotal.com/gui/url/8676b1fdca5eb651119a1f133ff6d23db66888e99777e29cefeeb74d16c111a5?nocache=1

https://www.virustotal.com/gui/url/f9d0b6c71d3ba8ce8e756d50480ed44c1cdb03a47d862480de1cc58e6ee0766c?nocache=1

The fact that some engines detect it does not validate that it is malicious. If you look closely, they are lesser-known engines that cannot be taken into account. Not even Avast appears in the list of detections. Additionally, reputable antivirus programs such as ESET, Kaspersky, and others do not detect the URL as malicious. Therefore, the analysis of renowned engines is more reliable than, for example, CRDF.

Not even Avast appears in the list of detections.
It never vil becaus they dont have there blacklist represented at VT

That is correct as Avast only does live (on-access) scans on websites from within the running program and not the on-demand scan from within Virus Total.

I’d say most recent scan of the telegraph site shows 13 detections only 48 minutes ago. Being a telegraph site does not mean it cannot become a malicious site.

Attached find alerts from avast free antivirus, both are blacklisting detections, as below.

Pondus is correct, Avast is focused on real-time detection. and not the on-demand scan used at VirusTotal.

If you can prevent the threat from ever running on your system, you have defeated it.

Please break the live link so others will not be infected, as hXtps://. Thank you.

Additional findings using another top-rated antivirus real-time scanner: Total AV Pro Trial version.

Note that telg site has secure transport issues when attempting to connect with https://.

The other, hxtp://cpanel.ezyro.com is detected as malware by Total AV Pro trial version. Attempting to connect results in a real-time block.

Seems you have some issues to rectify to protect your web visitors from harm. ::slight_smile:

Well, in the end, I was right; the false positives from the Telegram URL have disappeared.