Kaspersky
Solved

Dangerous URL attack blocking.


Hello, the cloud antivirus detects a dangerous url. The curious thing is that it detects it even without being navigating or in the pc. I don't know what's going on. Attached is the antivirus report. If someone can help me solve this problem I would be very grateful. Best regards.

code:
hxxps://openphish.com/feed.txt?_=6 Object: hxxps://openphish.com/feed.txt?_=6 Reason: Heuristic Analysis Application: Opera Internet Browser	
icon

Best answer by Berny 9 July 2019, 11:50

This Forum can't resolve a FP issue , as mentioned above please contact Tech Support.
View original

12 replies

Hello Nuit,
Welcome!
Please tell us:
Operating system, version, release, build?
(all ) installed Kaspersky software, version, patch?
May we have a screen image of (from Kaspersky application) of the "dangerous" detection please?
Thanks!


Hello, thank you very much for your reply. I enclose the requested data.

Operating system, version, release, build?


(all ) installed Kaspersky software, version, patch?
Kaspersky Securtity Cloud Free 19.0.0.1088(f)

Userlevel 7
Badge +5
Hello Nuit,
Welcome!
Please tell us:
  1. Operating system, version, release, build?
  2. (all ) installed Kaspersky software, version, patch?
  3. Opera browser?
  4. May we have a screen image of (from Kaspersky application) of the "dangerous" detection please?
Have you performed a full reset of Opera?

Thanks!
Userlevel 7
Badge +3
code:
The curious thing is that it detects it even without being navigating or in the pc. 



Also and in addition to the above Post from FLOOD,
please check this pinned Topic : https://community.kaspersky.com/kaspersky-internet-security-13/notification-of-detection-file-or-website-detected-1313

If no fix please contact K-Lab Tech Support https://center.kaspersky.com
Userlevel 7
Badge +5

I enclose the requested data.Operating system, version, release, build? W10, 1903, 18362.207
Kaspersky Securtity Cloud Free 19.0.0.1088(f)


Hello Nuit,
Thank you for the data.and the images, as well as the info from Berny & Richbuff, the 2 objects - (green in my image),


from the report you've provided, both pass checking by 70 antivirus scanners and URL/domain blacklisting services.
If, AFTER, performing all the requested procedures, including the full reset of the Opera browser, and rechecking the issue please post back.
The Lab Technical Support Team will not be available, unfortuately, as the Kaspersky software is the free version.
However, if you use tool available @ https://virusdesk.kaspersky.com - REPORT a false detection - send both links for analysis to the Antivirus Lab
Please do let us know how you go?
Many thanks.


I enclose the requested data.Operating system, version, release, build? W10, 1903, 18362.207
Kaspersky Securtity Cloud Free 19.0.0.1088(f)
Hello Nuit,
Thank you for the data.and the images, as well as the info from Berny & Richbuff, the 2 objects - (green in my image),


from the report you've provided, both pass checking by 70 antivirus scanners and URL/domain blacklisting services.
If, AFTER, performing all the requested procedures, including the full reset of the Opera browser, and rechecking the issue please post back.
The Lab Technical Support Team will not be available, unfortuately, as the Kaspersky software is the free version.
Please do let us know how you go?
Many thanks.


Hello, I marked the issue as solved thinking that the ticket was also for the free version.... It's clearly a false positive from Kaspersky. So I'm not going to give it much importance. It's probably from some update of ublock lists for dangerous domains. Thank you very much. Best regards.
Userlevel 7
Badge +5
Hello Nuit,
I agree with you, (imo) the detections are FPs, by submitting them @ https://virusdesk.kaspersky.com - REPORT a false detection, the experts do fix false positives, if the information is provided to them via the virusdesk page.
Best regards.
Userlevel 7
Badge +5
"when I try to report the url I get the following error "An error occurred during send. Please try again later."


Hello Nuit,
  • The "an error occurred during send" error is NOT due to the Kaspersky Free software.
  • Did you try using other browsers?
  • & yes, I know OpenPhish is in VT, that's why it's important to submit the files/urls for analysis.
  • If you can't report a false positive by VT - you can.
  • (yesterday) I submitted hxxp://openphish.com/feed.txt?_=6 - (as an unlicenced user) Kaspersky software is no longer detecting.
  • I didn't submit phishing.army - Kaspersky is still detecting.
Best regards
Hi, I finally had to uninstall it given the many false positive problems with my custom uBlock list. Thank you. Regards.

code:
The curious thing is that it detects it even without being navigating or in the pc. 


Also and in addition to the above Post from FLOOD,
please check this pinned Topic : https://community.kaspersky.com/kaspersky-internet-security-13/notification-of-detection-file-or-website-detected-1313

If no fix please contact K-Lab Tech Support https://center.kaspersky.com

Hi, thank you very much. I think it's a false positive. Could you check it out? Thank you very much in advance. Best regards.

https://www.virustotal.com/gui/url/18f60cf4abe4fffa56a3b904494e2eb8d4d3a9135268ead69c30e54b2f7d9cb1/detection
Userlevel 7
Badge +3
This Forum can't resolve a FP issue , as mentioned above please contact Tech Support.
Hello Nuit,
I agree with you, (imo) the detections are FPs, by submitting them @ https://virusdesk.kaspersky.com - REPORT a false detection, the experts do fix false positives, if the information is provided to them via the virusdesk page.
Best regards.

Hello, when I try to report the url I get the following error
"An error occurred during send. Please try again later."

Additionally as curious data the domain "OpenPhish" is in virustotal...



If you can't report a false positive by this means or by support, because there are no free versions, I have no choice but not to give it any importance...

I hope someday the users of the free versions will have some kind of support even if it is minimal.

Thank you and regards.

https://www.virustotal.com/gui/url/18f60cf4abe4fffa56a3b904494e2eb8d4d3a9135268ead69c30e54b2f7d9cb1/detection
https://www.virustotal.com/gui/url/6f1b925e59929f4bc0947700b901575ffb21aeecbe3802134580ae7da9d4bba3/detection
https://www.virustotal.com/gui/url/81989eca3d88e11aa41717b038e2a722a43329357a3c4002a9cb330a0d7fc405/detection
Confirmed detection of that url is given when updating the uBlock Origin lists. Regards.

Reply / Ответить