HTML:iFrame-inf [Susp] - embed links

Hello !

We have recevied complains from our users that on our website Avasat is detecting sites what we are using as embed with this message and blocking access and the iframe is not loading at all. HTML:iFrame-inf [Susp] .

iframe exemple :

Netu.tv it’s videohosting and we using it only as embed and many websites are using the same, but for some reasons you are only targeting us.

Url exemple :

  1. http://www.filmeserialeonline.org/episodul/aguarras/
  2. http://www.filmeserialeonline.org/choose-love/
  3. http://www.filmeserialeonline.org/wp-content/themes/grifus/loop/second_id.php?id=204790&embed=0

There are many exemple of websites using the same videohosting as embed, and Avasat are not flagging them the same.

Due to a 502 error, see: https://sitecheck.sucuri.net/results/https/fshd3.club/e/RGYwUitzVGlObW1VNktKd2hERW9UQT09
So it is not Avast, take this up with the cloud provider.

polonus

The url act like a redirect. It’s a custom domain on that videohosting.
Not sure why Avast is blocking it and it also blocked our site because we are using it as iframe.
Only on Avast that domain is blacklist or sometimes it shows like url:scam. Nothing to do with cloudflare, the links can be accesed by users if they have an other antivirus software.
Many sites are using the same way. It’s video delivery service and Avast is blocking access to it.

https://sitecheck.sucuri.net/results/fshd3.club
a0e49d3a23f7/2023-09-04T12:37:00.752Z

https://sitecheck.sucuri.net/results/filmeserialeonline.org
7146ef55e307/2023-09-04T12:44:14.423Z

https://i.gyazo.com/990341671d9f3d2270fea66fdcd49b2e.png

https://i.gyazo.com/f117fea58b5de35b39ad2757e5e86c58.png

only avast/AVG detect that html script

https://www.virustotal.com/gui/file/6fbd4666025ad6e647aa1590e387454948f2f645c9c013bc2248f3ae2d775376/detection

see how to report to avast lab here https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

F-secure is flagging the URL in the script, see attached screenshot
https://www.virustotal.com/gui/url/7a1f588c6f400e24ba9a07e8499680d8cbfd5ccb432ab191e8d7c15697dc1dc9?nocache=1

when going to filmserialeonline.org my F-secure also block this
https://www.virustotal.com/gui/url/cd6119c4b0e1d1bb7f40cddfac1657253d0f8f43c2ff365ffa871a99ae71fe54?nocache=1

and remove this from the incomming data to browser

Classification
Category : SpywareType : AdwarePlatform : W32Aliases : Adware.[family], Adware:W32/[family], Adware.W32.[variant]

We understand that some antivirus solution are seeing that link as threat, but it’s only loading a video. It’s used as iframe.
Links that are opening while loading that video, Avast or other antivirus can block it of course, but the url in question doenst have a malware.
And it’s wierd how only our site is maked like that and others are not. And we think it was manual reported.