FalsePositive on trying to access RBC insurance site

Viruses and worms
1

I am getting URL:Phishing threat and connection to the site is aborted when I try to login to https://www3.rbcigroupbenefits.com/secureapp/ugr0/Authenticate_UI/GALoginENServlet . This is the RBC insurance site and I cannot login without first temporarily disabling Avast.

https://ibb.co/njCK8Jn

https://ibb.co/njCK8Jn

Thank you

2

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

3

VT is on the side of it being a FP:
https://www.virustotal.com/gui/url/1088ae489e2b92de976c420dccb6854f12d6e854d56a4b77032b6e6e1bbcf416/details
&
https://www.virustotal.com/gui/ip-address/23.66.80.156/relations

However this was found on that page to be retired:

Retire.js
bootstrap 3.3.5 Found in
hxtps://www3.rbcigroupbenefits.com/secureapp/ugr0/Authenticate_UI/mediaimages/rbcoli_files/bootstrap.min.js
Vulnerability info:
High 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 1
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
jquery 1.11.3 Found in htxps://www3.rbcigroupbenefits.com/secureapp/ugr0/Authenticate_UI/mediaimages/rbcoli_files/jquery.min.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution 123
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

JavaScript errors because of blockers:
File not found: /secureapp/ugr0/Authenticate_UI/mediaimages/rbcoli_files/keypress.js

File not found: htxps://nexus.ensighten.com/rbc/insurance/Bootstrap.js

On the orher hand, if not Akamai abuse, cloud done: wXw3.rbcigroupbenefits.com
Bootstrap, script
Not vulnerable
Font Awesome, html
Not vulnerable
jQuery, script
Not vulnerable

Unique IDs about your web browsing habits have been securely sent to third parties.

0000aa2nmj-ty7paoXXXXXXXXXX:beac9317d8aeXXXXXXXXXX240000a9950a67fffd
-wXw3.rbcigroupbenefits.com jsessionid

Now let us all wait for a final verdict from avast team, as to the reported FP.
As they are the only ones to come and unblock because of an apparent FP.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)