Jump to content

False positive


Go to solution Solved by Porthos,

Recommended Posts

Hello,

I am getting a false positive for a website I manage: 

https://s2000.club/ 

I have code on the site that obfuscates my email address and a few file names. You can see one example near the footer. 

Being detected as a false positive.

---------

LogMeIn Antivirus blocked this page

The page you are trying to access contains malware.

Detected malware: Trojan.JS.Redirector.DN

Access from your browser has been blocked.

---------------

code example: 

<a href='ma&#105;lt&#111;&#58;da&#114;y%6E%40%63&#117;%&#55;2v%&#50;E&#110;e%7&#52;'><script type='text/javascript'> 

<!--

var s="ebszoAdvsw/ofu";

m=""; for (i=0; i<s.length; i++) {	if(s.charCodeAt(i) == 28){	  m+= '&';} else if (s.charCodeAt(i) == 23) {	  m+= '!';} else {	  m+=String.fromCharCode(s.charCodeAt(i)-1);	}}document.write(m);//-->

</script></a> — Instagram: <a href="https://www.instagram.com/daryn.jpg">@daryn.jpg</a>

 

Edited by AdvancedSetup
Disabled hyperlinks
Link to post
1 minute ago, Porthos said:

@sL3xx The zip downloads on your site are blocked by Browser Guard. I will move your post so the BG team can address that issue. It has probably no bearing on the LogMeIn issue though

For example

https://s2000.club/LOGO/S2000-RadioDoor-logo.zip

image.png.b126fb74f4a23d1c6e943d2c45e6aa86.png

Thank you. I appreciate it. Only an EPS file and a PNG in that zip.

I also discovered that Bitdefender is used by LogMeIn so I contacted them as well. Hopefully resolves my other issue.
I know the obfuscation code resembles malware, but you think it would at least analyze the code and not automatically assume malice.

Link to post
  • Solution
1 minute ago, sL3xx said:

I know the obfuscation code resembles malware

Securi does not like your site either. https://sitecheck.sucuri.net/results/https/s2000.club

You might want to contact the vendors on this list as well. https://www.virustotal.com/gui/url/83dfa2240ea8aa13caf0f73e90159da3a692bba5f4e61fd2f15bd10dead917bd?nocache=1

https://docs.virustotal.com/docs/false-positive-contacts

  • Like 1
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.