Q&A Netcraft false positive or not ?

JB007

Level 24
Verified
May 19, 2016
1,349
5,536
Hello,
Netcraft blocks a page in a well known French site "La Poste".
I'm wondering if it is a false positive or not :unsure:
VT : clean : VirusTotal
Sucuri : Medium Security Risk : Sucuri Security

Netcraft.PNG
 
Last edited by a moderator:

silversurfer

Level 76
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,592
71,715
Thanks @silversurfer
Yes the whole site is not blocked but only some pages.
If youwant you can get the address when you click on the VT link I have posted.

Yes, I had taken your full-link from VT, all content looks like CLEAN, according to Kaspersky Threat Intelligence Portal.
Code:
http://www.laposte.fr/beaux-timbres/carnets/carnet-12-timbres-fleurs-cosmos-lettre-verte/p/1120484
 

JB007

Level 24
Verified
May 19, 2016
1,349
5,536
Yes, I had taken your full-link from VT, all content looks like CLEAN, according to Kaspersky Threat Intelligence Portal.
Code:
http://www.laposte.fr/beaux-timbres/carnets/carnet-12-timbres-fleurs-cosmos-lettre-verte/p/1120484
Thanks @silversurfer for the check
Did you try the full link with "your" Netcraft ?
 

SecureKongo

Level 23
Verified
Feb 25, 2017
1,241
8,640
What's the worse case scenario for "loading a malicious resource" on a modern, up to date browser and operating system?

I mean you mentioned an up to date browser and operating system, but there is always the possibility of a vulnerability within your system's applications.
 

JB007

Level 24
Verified
May 19, 2016
1,349
5,536
I tried on different browsers Brave & Edge, but Netcraft doesn't block any content of this website (laposte...) 🤷‍♂️
Hello @silversurfer,
Just to be sure that you made the same "clicks" on the site, Netcraft warns and block when I click to see the details of the stamps I want to buy.
netcraft.PNG
 
Last edited by a moderator:

silversurfer

Level 76
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,592
71,715
What's the worse case scenario for "loading a malicious resource" on a modern, up to date browser and operating system?

Of course, it's like a unrealistic scenario as such cases happens rarely to home users...

Malicious website content => zero-day-exploit is able to bypass built-in sandbox by browsers => AV missing all malicious activity => OS infected
 

SecureKongo

Level 23
Verified
Feb 25, 2017
1,241
8,640
No Adblock, Im using µBlock Origin
I mean an adblocker in general. I thought you might get this Netcraft blockpage because your adblocker doesn't block the infected advertisment on the website, while it's getting blocked on the systems of the other people with different filter lists enabled before Netcraft even checks the code of the site.
 

JB007

Level 24
Verified
May 19, 2016
1,349
5,536
I mean an adblocker in general. I thought you might get this Netcraft blockpage because your adblocker doesn't block the infected advertisment on the website, while it's getting blocked on the systems of the other people with different filter lists enabled before Netcraft even checks the code of the site.
Thanks @SecureKongo for the explanations
 

silversurfer

Level 76
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,592
71,715
Top