Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: thamaht on February 14, 2014, 11:41:22 PM
-
Hello mebers of Avast staff:
My name is Johnattan, and I work in a private corporation in Colombia country (Connexion movil). Me and my job team are working in development (Ekzpert), we have a page where that is a private development for to optimize any process for a transport system.
I'm posting you cos when the users try to get in the page ("connexionmovil.ekzpert.com"), if the pc of his user have that avast antivirus, dont let you get in.
That is a trouble beacouse the user must desactivate this antivirus. for to let input in that page. That is not the idea. But I have tried many things, all within sucess.
This page, when i and my team are working have a hard code. This use php code, apis of google, jframes for jaspersoft, Jquerys and all that are using an struct MVC with framework Zend.
I dont know if u have any idea for help tome and my team Ekzpert. But i had not find the problem. My last resourse u are .
If u request any thing for help me, is not problem, i will pass u that u need.
thanks for your time.
I'll be looking forward.
thanks
PD: the pages are copies for different corporations.
connexionmovil.ekzpert.com
ciudadmovil.ekzpert.com
-
I am not an avast! staff member, but I have third party scanned your site from front to back and here is my report:
Site has unsatisfactory WOT status: https://www.mywot.com/en/scorecard/margarita.ekzpert.com?utm_source=addon&utm_content=popup-donuts
Site is blacklisted and probably compromised: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fconnexionmovil.ekzpert.com%2F
See: http://safeweb.norton.com/report/show?url=connexionmovil.ekzpert.com
Name of threat: Web Attack: Facebook Event Invitation Scam -> http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24239
Location: http://k.ekzpert.com/v/ -> not found any longer -> http://jsunpack.jeek.org/?report=fba9842e6e37e8d49593e10f312a736e9b0f9629
Suspicous iFrame check for connexionmovil dot ekzpert dot com
Suspicious
htxp://mbi.ekzpert.com:8080/jasperserver-pro/logout.html' -> http://jsunpack.jeek.org/?report=e4e873e239365698fb813e41cc40e24f23d67d63
IP has been flagged by ThreatSTOP last seen 3 hours ago threat level 1 (non-specific geolocation--threat - to be ignored)
No alerts detected here: http://urlquery.net/report.php?id=9439890
Benign here: http://zulu.zscaler.com/submission/show/314cd2109d519ccc3cea75dd2e10fd20-1392419152
When you think the site has got a FP detection, report here: www.avast.com/contact-form.php
What could have been a reason for blocking is
NS ciudadmovil.com.co NS target:ns2.afraid.org
IN 3600
ciudadmovil.com.co NS target:ns4.afraid.org
IN 3600
ciudadmovil.com.co NS target:ns1.afraid.org
IN 3600
ciudadmovil.com.co NS target:ns3.afraid.org
also see: http://gowebrank.com/www/connexionmovil.com.co (same story mainly)
This could have been a valid reason for an avast team member to add sites to blocking, changing from afraid dot org could be a reason to unblock...
polonus
-
IP is blacklisted here http://www.apews.org/?
CASE: C-684
AS14080 CO, ISP permits abuse and/or ignores criminal activity
-
Yep, Pondus, thank you very much for confirming this detection.
This is exactly the problem - being with afraid dot org - and also the reason that avast! blocks that site.
avast! team member, Milos explained this issue in a couple of his reactions to apparent FP reports.
See below:
DNS Check results;
Delegation: Domain connexionmovil dot ekzpert dot com/IN does not exist.
Search for Parent for connexionmovil dot ekzpert dot com failed
Delegation not found at Parent. Link to this test: http://dnscheck.sidn.nl/?time=1392474829&id=1735990&view=basic&test=standard
And the guys at APEWS.ORG also must have these results.
Damian
-
Ok, i get it the problem. Thanks guys for ur anwers. I'will be lokking the trouble with my team, with norton also exist the problem, just like polonus told us. I think the solution is talk with the providers.
see u next time and again thanks