webpage blocked as 'phishing'

Viruses and worms
1

our webpage wxw.blenderkit.com is being blocked by avast as ‘phishing’

This is extremely annoying. Our site wasn’t hacked and is working normally. Please unblock ASAP. If there was a reason for the block, please write it to us also immediately.

2

Hello,
use https://www.avast.com/false-positive-file-form.php, please.

Milos

3

I already did. I’d expect an immediate reaction since blocking our web without any warning through email is literally an attack on our company.

b.t.w. the captcha images on this forum are far beyond readable.

4

The site was obviously blocked already for a few days. Really, we need to solve this immediately, I expect a response when you are killing somebody’s business. This is extremely problematic for us. The filter even blocks our addon. I cannot count how much money and users we might use because of this.

5

Captcha is only needed for your first 3 posts. (Spam protection)

6

We really need to solve this. We have a plugin to which hundreds of people connect every day and expect it to work, and avast and avg block it. It is an emergency, no time to send somebody to other link or explaining captcha nuances. We need somebody from the company to solve the problem ASAP. I tried to contact them through all means possible the whole day with no reply.

Regarding Captcha, the fact that it’s used only 3 times it doesn’t mean it’s readable :wink: I’m a human neural network and I had real trouble reading it, having to retype probably 5x.

7

Something you may fix on your website
https://retire.insecurity.today/#!/scan/ab5975cb904b360f2913478a2a673ee511f3fa6b35ea72c18b4baee19ebd8433

8

There are only minor issues for your site, but it is domains that share the same IP on Amazon that may have caused this:
https://www.virustotal.com/gui/ip-address/52.4.75.11/relations
So it is Amazon AWS abuse on Gunicorn 19.9.0 which server is exploitable: https://snyk.io/vuln/pip:gunicorn

One error on that page: ERROR: Execution of script ‘Dat Peer Detector v 1.1’ failed! require is not defined

Not much we can do here as volunteers with relevant knowledge,
only avast team members can come and unblock, so wait for one of them to come up with a final verdict
and hopefully an exclusion for your domain, also take this up with your hoster,
they should take the bad apples out or let them stop abusing,

For your site PHISHING heuristics are good: https://zulu.zscaler.com/submission/61300dd7-b379-41eb-92c6-3db9c2f08979
PHISHtank also says: Nothing found on -www.blenderkit.com

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

9

Avast already unblocked our site,
thanks for help, polonus and Pondus.
We definitely try to address any possible vulnerabilities.
However Avast didn’t send us any message why our site was supposed to be insecure. Also, having a possible vulnerability vs being marked as phishing site is a huge difference and really harmed our company. This really surprises me how this can be done by a company with global reach like Avast.

10

Hi Vilém6,

FPs with PHISHING alerts do happen, fact of life. In most cases it is so-called “relations” that play out wrongly.
e.g. not excluded domains that share the same IP address, that cause such inconvenience.

Also see VirusTotal relations for that matter in the ever-changing malware landscape.

Of course all alerts should be checked and double-checked.

I think avast does not have such a bad reputation in this field, some av resolutions have much older definitions
(McAfee for instance) and leave them for months and months unchanged.

So you were a victim of a so-called “common grid” false positive,
even more reason for avast team to come and set the record right.

Have a nice day,

Con Dios,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

P.S. A very interesting report here: https://webcookies.org/cookies/www.blenderkit.com/27909477?395845