False positive (blocking website) on https://portal.systematix.solutions

[rschoenaker]

As soon as I log in to my own website, with the url 

https://portal.systematix.solutions/account/login

I get the following screen:

The data in the console (Chrome) I see is this:

 



block.js:1 BLOCK PAGE

block.js:1 BLOCK PAGE PARAMS:

1. {referrer: undefined, url: 'https://portal.systematix.solutions/account/login', host: 'portal.systematix.solutions', type: 'scam', subtype: 'phishing', …}
   1. filename: undefined
   2. host: "portal.systematix.solutions"
   3. prevUrl: null
   4. referrer: undefined
   5. subtype: "phishing"
   6. tabId: "1056607299"
   7. type: "scam"
   8. url: "https://portal.systematix.solutions/account/login"

 

Please remove the false positive immediately. My customers are having trouble signing in.

[Porthos]

2 hours ago, rschoenaker said:

As soon as I log in to my own website, with the url 

After MB improved the phishing heuristic detection mechanisms in Browser Guard, there was a misconfiguration that caused a minor number of legitimate pages to be detected. The new version v2.6.6 has already been released with the introduced fix.

Please manually update browser guard to 2.6.6

[rschoenaker]

Thank you for your swift reply. However, judging from the screenshot below, it shows that with 2.6.6 installed, the issue persists:

[thisisu]

Are you still experiencing an issue. If so, can we see debug logs for this one?

Thank you

[rschoenaker]

After manually updating the database and retrying, I can confirm the issue is still there. How can I get the debug logs to you? Please provide steps, so I can give you exactly what you need. Thx! 

[Porthos]

14 minutes ago, rschoenaker said:

How can I get the debug logs to you?

[rschoenaker]

Here you areBG-Logs_v2.6.6_2023-07-07_1203.txt

[rschoenaker]

Just updated the database to the latest version. Page is still blocked. Last bit of the debug log:

{"@timestamp": "2023-07-07T16:14:13.499Z", "session": "1688719595348", "message": "SF: Pop doc ready. Onboarding.", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:13.524Z", "session": "1688719595348", "message": "SF: Is onboarding complete: ,{'result':true,'group':'GROUP_A'}", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:13.524Z", "session": "1688719595348", "message": "SF: Pop redirecting to Dashboard", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:21.787Z", "session": "1688719595348", "message": "UPD: Database mbgc.db.phishing.2 successfully migrated from 2.0.202307071424 to 2.0.202307071554", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:21.802Z", "session": "1688719595348", "message": "UPD: Database mbgc.db.malware.urls.2 successfully migrated from 2.0.202307071529 to 2.0.202307071554", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:21.823Z", "session": "1688719595348", "message": "UPD: Database mbgc.db.reputation.2 successfully migrated from 2.0.202307071529 to 2.0.202307071554", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:21.823Z", "session": "1688719595348", "message": "UPD: 3/26 databases updated,{'mbgc.db.phishing.2':'2.0.202307071554','mbgc.db.reputation.2':'2.0.202307071554','mbgc.db.malware.urls.2':'2.0.202307071554'}", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:21.823Z", "session": "1688719595348", "message": "UDC: 3 will be saved in the cache", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:21.840Z", "session": "1688719595348", "message": "UDC: 3 databases were saved in the cache", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:25.946Z", "session": "1688719595348", "message": "BTW: POST issued, checking suspicious activity...", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:25.947Z", "session": "1688719595348", "message": "BTW: https://portal.systematix.solutions/account/login is not in the white listed entries", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:25.947Z", "session": "1688719595348", "message": "BTW: suspicious request made to high risk TLD, possible phishing!", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:25.947Z", "session": "1688719595348", "message": "OS: (PAGE_BLOCK) phishing attempt found on https://portal.systematix.solutions/login for https://portal.systematix.solutions/account/login", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:25.948Z", "session": "1688719595348", "message": "ENV: {'browser':'Chrome 114.0.0.0','version':'2.6.6','build':'Build 611','databases':[{'ads':'2.0.202307070253'},{'adware':'2.0.202306141317'},{'compromised':'2.0.202307070253'},{'exploit':'2.0.202306270830'},{'fraud':'2.0.202307071424'},{'hijack':'2.0.202306292128'},{'malvertising':'2.0.202307051342'},{'pharma':'2.0.202307041852'},{'phishing':'2.0.202307071554'},{'ransomware':'2.0.202306271559'},{'reputation':'2.0.202307071554'},{'riskware':'2.0.202307071254'},{'spam':'2.0.202307070253'},{'spyware':'2.0.202307070253'},{'trojan':'2.0.202307071455'},{'whitelist_ads':'2.0.202207211934'},{'whitelist_malware':'2.0.202305251518'},{'worm':'2.0.202306151306'},{'whitelist_scams_manual':'2.0.202307070253'},{'top1m':'2.0.202307070253'},{'malware_partial_urls':'2.0.202306291732'},{'malware_patterns':'2.0.202306291732'},{'malware_urls':'2.0.202307071554'},{'whitelist_scams_patterns':'2.0.202306291732'},{'whitelist_tracker':'2.0.202306291732'},{'featureflags':'2.0.202207202034'}]}", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:25.948Z", "session": "1688719595348", "message": "PD: Posting message to native app about: ,portal.systematix.solutions", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:25.948Z", "session": "1688719595348", "message": "SCA: Redirecting https://portal.systematix.solutions/account/login to block page for scam detection", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:34.005Z", "session": "1688719595348", "message": "SF: Pop doc ready. Onboarding.", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:34.026Z", "session": "1688719595348", "message": "SF: Is onboarding complete: ,{'result':true,'group':'GROUP_A'}", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:34.026Z", "session": "1688719595348", "message": "SF: Pop redirecting to Dashboard", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:39.050Z", "session": "1688719595348", "message": "MDL: User settings: ,{'enableProtection':true,'enableProtectionAds':true,'enableProtectionGtld':false,'enableProtectionMalware':true,'enableProtectionScams':true,'enableNativeMessaging':null,'enableVerboseLogging':false,'enableMonthlyNotification':null,'enableMaliciousNotification':true,'newFeatures':{'exportImport':true},'adTelemDate':'7/7/2023','cachedDatabases':true,'detectReputation':true,'idbStorageDatabases':true,'last_fetch_failure':'7/6/2023, 8:01:40 AM','last_successful_fetch':'7/7/2023, 6:14:21 PM','licenseStatePremium':2,'licenseTermPremium':'2023-07-19T18:18:17.000+00:00','localIpWhitelisting':true,'machineId':'06c778316466c6fb066a39abfccf308e6d06a8ad','mbamVersion':{'cuVersion':'1.0.2051','duVersion':'1.0.72049','prodBuild':'consumer','prodCode':'MBAM-C','prodVersion':'4.5.32.271'},'uuid':'8c9efaa2-c633-43b1-be85-ef1cae563da6'}", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:39.050Z", "session": "1688719595348", "message": "MDL: Blocked items: ,", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:39.050Z", "session": "1688719595348", "message": "MDL: Allowed items: ,{}", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:39.050Z", "session": "1688719595348", "message": "MDL: Content Control Items: ,[]", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:39.050Z", "session": "1688719595348", "message": "ENV: {'browser':'Chrome 114.0.0.0','version':'2.6.6','build':'Build 611','databases':[{'ads':'2.0.202307070253'},{'adware':'2.0.202306141317'},{'compromised':'2.0.202307070253'},{'exploit':'2.0.202306270830'},{'fraud':'2.0.202307071424'},{'hijack':'2.0.202306292128'},{'malvertising':'2.0.202307051342'},{'pharma':'2.0.202307041852'},{'phishing':'2.0.202307071554'},{'ransomware':'2.0.202306271559'},{'reputation':'2.0.202307071554'},{'riskware':'2.0.202307071254'},{'spam':'2.0.202307070253'},{'spyware':'2.0.202307070253'},{'trojan':'2.0.202307071455'},{'whitelist_ads':'2.0.202207211934'},{'whitelist_malware':'2.0.202305251518'},{'worm':'2.0.202306151306'},{'whitelist_scams_manual':'2.0.202307070253'},{'top1m':'2.0.202307070253'},{'malware_partial_urls':'2.0.202306291732'},{'malware_patterns':'2.0.202306291732'},{'malware_urls':'2.0.202307071554'},{'whitelist_scams_patterns':'2.0.202306291732'},{'whitelist_tracker':'2.0.202306291732'},{'featureflags':'2.0.202207202034'}]}", "level": "INFO"}
{"@timestamp": "2023-07-07T16:14:39.050Z", "session": "1688719595348", "message": "MDL: Browser name and version:,Not.A/Brand,8.0.0.0", "level": "INFO"}

This is getting quite annoying. Our corporate website where users log in is blocked for no obvious reason. What I see in the logs is this:

"BTW: https://portal.systematix.solutions/account/login is not in the white listed entries"

I would urge you to add our website to the white list a.s.a.p. We are losing business and credibility this way!

[thisisu]

Thank you.

Manually whitelisted it for now. Give it a couple of hours. I'm still unable to reproduce the block so if you can let me know if the issue is resolved for you or not I'd appreciate it

Regards

 

[rschoenaker]

I can confirm it works now. Thx!

[thisisu]

On 7/9/2023 at 4:43 AM, rschoenaker said:

I can confirm it works now. Thx!

Thank you for confirming :)