Finding more information on suspicious site warning

Hi all,

I tried to visit a site which was the first result on Google when a notification came up from Avast Mobile Security (Android) saying “Suspicious site found” and saying that the URL “has been reported as a malware site”. The site is just someone’s personal blog, and is quite widely linked to as an information resource, but I returned to Google immediately instead of continuing on the site.

Since then, I have scanned my phone using Avast (and Malwarebytes) and neither came up with any issues. It may be worth noting that whilst Avast was running, and had updated its virus definitions earlier in the day, I had not given it full file access so I believe it was only scanning apps. And there was also what looks like a fairly significant app update available for Avast, too. Since then, I’ve updated the app and given it full file access and run the scan again, and it still doesn’t find anything.

So my questions are:

  1. Does Avast actually block sites when it gives the suspicious site warning, or is it possible that something might have been installed, despite the warning? Are there any other steps that I should take to check whether any malware was installed on my phone?

  2. Is there any way of finding out more about the threat which Avast reported? I haven’t been able to find any more information in the Avast app itself. I’ve also put the website URL into Google Safe Browsing directory and VirusTotal and neither came up with any warnings (though Google said it hadn’t updated it since October).

If you need any other information I’ll be happy to provide it.

Thanks in advance for your help!

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

Hi, Thanks for this. I wondered about posting a report but I don’t actually know if it is a false positive, because I haven’t been able to identify what the apparent threat is meant to be in the first place. I guess this is okay though, and the people who handle the report will make their own assessment? Could I expect to hear back from them on what they decide?

Thanks again

If it turns out to be a false positive, it will stop being blocked.
That doesn’t usually take very long.

Thanks again, I’ve posted a false positive report as you suggest.

If you don’t mind me asking one more clarificatory question: Does Avast actually block the website when it shows these warnings? I didn’t want to stick around to find out after I saw the notification, but it looked like the site was at least partly loading in the background. I’m trying to work out how likely it is that the site would have been able to cause any damage before I left it, if it does in fact contain malware, and whether there’s anything I need to do now to mitigate the issue. (Other than running the Avast scan, which as mentioned above I’ve done already.)

That would be a lot easier to answer if I knew the exact warning you received.
If you were prevented from going to the site, it was blocked.

Thanks!

For your first question: the warning just said “Suspicious site found. [The site URL] has been reported as a malware site.” There wasn’t any other information either in the alert or in the app’s Activity Log. If there’s a way for me to find more information I will be happy to share it with you, if you can let me know where to find it.

I’m reluctant to post the actual URL here in case it is a false positive, because then the post might show up on Google associating them with malware. But if it would help to know the URL I could send it in a private message, if you would be okay with that?

For your second question: I’m not totally sure but it didn’t look like the site was blocked as such. It looked like it loaded, but then I got the Avast notification loaded on top of it.

You can safely post the url using hxxps instead of the actual https
that makes it an unselectable url and safe to post on the forum.

Thank you for the suggestion, I will certainly remember that for the future! I’m concerned about the other scenario too though, i.e. if it turns out that there is no malware on the site. It’s just somebody’s blog, so I don’t want to falsely associate them with having malware if they don’t, because I know that forum posts like this can get picked up by google searches etc. and often have a long life there even after any issues might have been resolved.

Sorry, I don’t mean to be unhelpful. As mentioned, I’d be happy to send it via a private message if that’s okay, or I can send other information about the issue if there’s anything that would be helpful to know.

Thanks again