False positive

[sL3xx]

Hello,

I am getting a false positive for a website I manage: 

https://s2000.club/ 

I have code on the site that obfuscates my email address and a few file names. You can see one example near the footer. 

Being detected as a false positive.

---------

LogMeIn Antivirus blocked this page

The page you are trying to access contains malware.

Detected malware: Trojan.JS.Redirector.DN

Access from your browser has been blocked.

---------------

code example: 

<a href='ma&#105;lt&#111;&#58;da&#114;y%6E%40%63&#117;%&#55;2v%&#50;E&#110;e%7&#52;'><script type='text/javascript'> 

<!--

var s="ebszoAdvsw/ofu";

m=""; for (i=0; i<s.length; i++) {	if(s.charCodeAt(i) == 28){	  m+= '&';} else if (s.charCodeAt(i) == 23) {	  m+= '!';} else {	  m+=String.fromCharCode(s.charCodeAt(i)-1);	}}document.write(m);//-->

</script></a> — Instagram: <a href="https://www.instagram.com/daryn.jpg">@daryn.jpg</a>

 

Edited March 6 by AdvancedSetup
Disabled hyperlinks

[cli]

Did you mean to contact LogMeIn?

Quote

LogMeIn Antivirus blocked this page

The page you are trying to access contains malware.

 

[sL3xx]

Yeah sorry, I was lead here and thought it was part of Malware bytes but can see it's not. Feel free to delete.

[Porthos]

@sL3xx The zip downloads on your site are blocked by Browser Guard. I will move your post so the BG team can address that issue. It has probably no bearing on the LogMeIn issue though

For example

https://s2000.club/LOGO/S2000-RadioDoor-logo.zip

@JPopovic@BjelakovicL

Edited March 6 by Porthos

[sL3xx]

1 minute ago, Porthos said:

@sL3xx The zip downloads on your site are blocked by Browser Guard. I will move your post so the BG team can address that issue. It has probably no bearing on the LogMeIn issue though

For example

https://s2000.club/LOGO/S2000-RadioDoor-logo.zip

Thank you. I appreciate it. Only an EPS file and a PNG in that zip.

I also discovered that Bitdefender is used by LogMeIn so I contacted them as well. Hopefully resolves my other issue.
I know the obfuscation code resembles malware, but you think it would at least analyze the code and not automatically assume malice.

[Porthos]

1 minute ago, sL3xx said:

I know the obfuscation code resembles malware

Securi does not like your site either. https://sitecheck.sucuri.net/results/https/s2000.club

You might want to contact the vendors on this list as well. https://www.virustotal.com/gui/url/83dfa2240ea8aa13caf0f73e90159da3a692bba5f4e61fd2f15bd10dead917bd?nocache=1

https://docs.virustotal.com/docs/false-positive-contacts

[sL3xx]

Much appreciated. Did you manually see that or do you have a tool that shows you them all? Was just curious if I should contact anyone else.

[Porthos]

2 minutes ago, sL3xx said:

Did you manually see that or do you have a tool that shows you them all?

Scanned site at Virus Total. https://www.virustotal.com/gui/home/url

[1PW]

FYI:

https://quttera.com/detailed_report/s2000.club

 

[sL3xx]

Thanks guys. You are all extremely helpful even though malwarebytes has nothing to do with this. 

[sL3xx]

Sorry one question, 1PW. How come under all of the BLACKLISTING STATUS sites it says CLEAN but yet the domain is listed under BLACKLISTED.

Is there a way to tell who is blacklisting the domain?