Jump to content

False Positive


c121mark
 Share

Recommended Posts

The domain beechwoodgolfclub.com is being blocked.  

Everything is clean on virustotal:  https://www.virustotal.com/gui/url/d03704ab6ee14c4273b1313c1b969ccfc44632c8a15d143a169259e1403985a1

It's getting flagged for:
Riskware
Riskware, or “risky software,” describes legitimate software programs that contain loopholes or vulnerabilities that can be exploited by hackers for malicious purposes.

Link to post
Share on other sites

  • Staff

Hello,

Thanks for reporting. It was being blocked due to this two paths:

hxxp://beechwoodgolfclub.com/wellsfargo/Wellsfargo.zip
hxxp://beechwoodgolfclub.com/wellsfargo/Wellsfargo

They still exist but they aren't loading the phish anymore. It goes to a 404 page instead. I'd recommend removing the paths entirely to reduce the chances of AV flagging the site again. In any case, I will remove the domain block.

Regards

Link to post
Share on other sites

  • Staff
1 hour ago, c121mark said:

Great thank you.  The site was switched to a new platform in late February.  Could this be lingering in the cache and possibly related to the old website?  I'm not finding anything wellsfargo related in the file system. 

You're welcome. Yes, that does sound probable as to what is going on.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.