Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on July 21, 2015, 02:58:00 PM
-
Hello,
I play on a website for years but since something like a week, I can't access to the website anymore. Today, they put something on the connexion saying '' if you use AVAST, it is possible that their last update blocks our website, please disconnect Avast to play on our website".
I don't understand, it have always been working and I have AVAST for a long time now. The website is https://www.ludicash.com
Regards
-
IP is blacklisted:
http://zulu.zscaler.com/submission/show/ebd109f2f992b156c0df8bd2fe2b1c08-1437484381
http://urlquery.net/report.php?id=1437484530312
http://urlquery.net/report.php?id=1437484554801
http://multirbl.valli.org/lookup/83.149.102.8.html
Vulnarable to (Poodle) attacks:
http://www.avgthreatlabs.com/ww-en/website-safety-reports/domain/ludicash.com/
-
Hello,
post Avast's alert window screenshot, please.
Milos
-
There is no alert screen at all.
So I turned on logs, and here is part of the log file.
I found out that it works if I add the following URL exclusion in the settings: https://belote.ludissl.com*
(http://www.ludicash.com* exclusion doesn't help)
[2015-07-21 15:09:36.288] [debug ] [aavm ] [ 508: 6808] Worker scan thread: opening objects
[2015-07-21 15:09:36.288] [debug ] [aavm_scan ] [ 508: 6808] AavmCheckFileCommonFlt server start: filename:C:\Windows\TEMP\_avast_\ws12FAE600.dat nativename:C:\Windows\TEMP\_avast_\ws12FAE600.dat dispname:https://u.heatmap.it/conf/www.ludicash.com.js www.ludicash.com.js https://www.ludicash.com/salle-de-belote
46.105.202.39 scantype:1 trigger:6 ticks:28518948
[2015-07-21 15:09:36.290] [debug ] [aavm_scan ] [ 508: 6808] AavmCheckFileCommonFlt server end: filename:C:\Windows\TEMP\_avast_\ws12FAE600.dat result:0x00000000 ticks:28518948
[2015-07-21 15:09:36.290] [debug ] [aavm ] [ 508: 6808] Worker scan thread: signaling
[2015-07-21 15:09:36.290] [debug ] [aavm_scan ] [ 508: 5452] AavmCheckFileCommonFlt client 508 end: filename:C:\Windows\TEMP\_avast_\ws12FAE600.dat result:0x00000000 ticks:28518948
[2015-07-21 15:09:38.102] [debug ] [aavm_scan ] [ 508: 6748] In AavmCheckFileDlgSpecifyProcessID
[2015-07-21 15:09:38.102] [debug ] [aavm_scan ] [ 508: 6748] AavmCheckFileCommonFlt client 508 start: filename:C:\Windows\TEMP\_avast_\ws12BE6310.dat nativename:C:\Windows\TEMP\_avast_\ws12BE6310.dat dispname:https://signalr.ludissl.com/signalr/negotiate?clientProtocol=1.5&connectionData=%5B%7B%22name%22%3A%22hubclassementcoupe%22%7D%5D&_=1437491374289 negotiate https://www.ludicash.com/salle-de-belote
83.149.102.12 scantype:1 trigger:6 ticks:28520773
[2015-07-21 15:09:38.102] [debug ] [aavm ] [ 508: 6932] Worker scan thread: opening objects
[2015-07-21 15:09:38.103] [debug ] [aavm_scan ] [ 508: 6932] AavmCheckFileCommonFlt server start: filename:C:\Windows\TEMP\_avast_\ws12BE6310.dat nativename:C:\Windows\TEMP\_avast_\ws12BE6310.dat dispname:https://signalr.ludissl.com/signalr/negotiate?clientProtocol=1.5&connectionData=%5B%7B%22name%22%3A%22hubclassementcoupe%22%7D%5D&_=1437491374289 negotiate https://www.ludicash.com/salle-de-belote
83.149.102.12 scantype:1 trigger:6 ticks:28520773
[2015-07-21 15:09:38.105] [debug ] [aavm_scan ] [ 508: 6932] AavmCheckFileCommonFlt server end: filename:C:\Windows\TEMP\_avast_\ws12BE6310.dat result:0x00000000 ticks:28520773
[2015-07-21 15:09:38.105] [debug ] [aavm ] [ 508: 6932] Worker scan thread: signaling
[2015-07-21 15:09:38.106] [debug ] [aavm_scan ] [ 508: 6748] AavmCheckFileCommonFlt client 508 end: filename:C:\Windows\TEMP\_avast_\ws12BE6310.dat result:0x00000000 ticks:28520773
[2015-07-21 15:09:40.707] [debug ] [aavm ] [ 508: 8160] In RefreshGlobalState fFullRefresh:0 fQuickRefresh:0
[2015-07-21 15:09:40.754] [debug ] [aavm ] [ 508: 8160] In AavmGetGlobalState
[2015-07-21 15:09:40.798] [info ] [aavm ] [ 508: 8160] - In AavmGetEngineHandle
[2015-07-21 15:09:43.220] [debug ] [aavm_scan ] [ 508: 6748] In AavmCheckFileDlgSpecifyProcessID
[2015-07-21 15:09:43.220] [debug ] [aavm_scan ] [ 508: 6748] AavmCheckFileCommonFlt client 508 start: filename:C:\Windows\TEMP\_avast_\ws12F41A48.dat nativename:C:\Windows\TEMP\_avast_\ws12F41A48.dat dispname:https://signalr.ludissl.com/signalr/start?transport=serverSentEvents&clientProtocol=1.5&connectionToken=RDcSh26%2BQDQsZKSKREy74Za5GujfHlQcFnNK1eNbvlfAKWKZEYpA5pu1f6RezGg9uFUtSsMvwmHg6XU%2FGMye8ciFxX7W%2FyPy6dMR8g4Votp7HPi%2FkVbEpE5M4yeLstoU&connectionData=%5B%7B%22name%22%3A%22hubclassementcoupe%22%7D%5D&_=1437491374290 start https://www.ludicash.com/salle-de-belote
83.149.102.12 scantype:1 trigger:6 ticks:28525890
[2015-07-21 15:09:43.221] [debug ] [aavm ] [ 508: 4952] Worker scan thread: opening objects
[2015-07-21 15:09:43.221] [debug ] [aavm_scan ] [ 508: 4952] AavmCheckFileCommonFlt server start: filename:C:\Windows\TEMP\_avast_\ws12F41A48.dat nativename:C:\Windows\TEMP\_avast_\ws12F41A48.dat dispname:https://signalr.ludissl.com/signalr/start?transport=serverSentEvents&clientProtocol=1.5&connectionToken=RDcSh26%2BQDQsZKSKREy74Za5GujfHlQcFnNK1eNbvlfAKWKZEYpA5pu1f6RezGg9uFUtSsMvwmHg6XU%2FGMye8ciFxX7W%2FyPy6dMR8g4Votp7HPi%2FkVbEpE5M4yeLstoU&connectionData=%5B%7B%22name%22%3A%22hubclassementcoupe%22%7D%5D&_=1437491374290 start https://www.ludicash.com/salle-de-belote
83.149.102.12 scantype:1 trigger:6 ticks:28525890
[2015-07-21 15:09:43.223] [debug ] [aavm_scan ] [ 508: 4952] AavmCheckFileCommonFlt server end: filename:C:\Windows\TEMP\_avast_\ws12F41A48.dat result:0x00000000 ticks:28525890
[2015-07-21 15:09:43.223] [debug ] [aavm ] [ 508: 4952] Worker scan thread: signaling
[2015-07-21 15:09:43.223] [debug ] [aavm_scan ] [ 508: 6748] AavmCheckFileCommonFlt client 508 end: filename:C:\Windows\TEMP\_avast_\ws12F41A48.dat result:0x00000000 ticks:28525890
[2015-07-21 15:09:43.421] [debug ] [aavm_scan ] [ 508: 6748] In AavmCheckFileDlgSpecifyProcessID
[2015-07-21 15:09:43.422] [debug ] [aavm_scan ] [ 508: 6748] AavmCheckFileCommonFlt client 508 start: filename:C:\Windows\TEMP\_avast_\ws12FD8748.dat nativename:C:\Windows\TEMP\_avast_\ws12FD8748.dat dispname:https://belote.ludissl.com/socket.io/1/?t=1437491383239 https://www.ludicash.com/salle-de-belote
83.149.102.4 scantype:1 trigger:6 ticks:28526093
[2015-07-21 15:09:43.422] [debug ] [aavm ] [ 508: 7504] Worker scan thread: opening objects
[2015-07-21 15:09:43.422] [debug ] [aavm_scan ] [ 508: 7504] AavmCheckFileCommonFlt server start: filename:C:\Windows\TEMP\_avast_\ws12FD8748.dat nativename:C:\Windows\TEMP\_avast_\ws12FD8748.dat dispname:https://belote.ludissl.com/socket.io/1/?t=1437491383239 https://www.ludicash.com/salle-de-belote
83.149.102.4 scantype:1 trigger:6 ticks:28526093
[2015-07-21 15:09:43.425] [debug ] [aavm_scan ] [ 508: 7504] AavmCheckFileCommonFlt server end: filename:C:\Windows\TEMP\_avast_\ws12FD8748.dat result:0x00000000 ticks:28526093
[2015-07-21 15:09:43.425] [debug ] [aavm ] [ 508: 7504] Worker scan thread: signaling
[2015-07-21 15:09:43.426] [debug ] [aavm_scan ] [ 508: 6748] AavmCheckFileCommonFlt client 508 end: filename:C:\Windows\TEMP\_avast_\ws12FD8748.dat result:0x00000000 ticks:28526093
[2015-07-21 15:09:50.490] [info ] [aavm ] [ 508: 6496] - In AavmGetEngineHandle
[2015-07-21 15:10:01.132] [info ] [aavm ] [ 508: 8160] - In AavmGetEngineHandle
-
Hi,
it seems that the site is signed by Go Daddy Root G2 certificate which is not trusted by default in plain Win7, was probably delivered as an update recently. Can you please add more details about your setup?
Such as: Windows version and browser brand and version?
Thanks.
L.
-
Thank you for your answer. No idea what is Go Daddy Root G2 certificate, I'm contacting their support client and giving them the forum link in case that may help but it seems that it concerns a lot of people because my friend can't access too.
I'm on Windows 8 with Google Chrome 43.02
-
The main page does not work or what exactly happens?
-
Hello,
I am working for the website.
It is true that we are using a root certificate for the gaming lobby, but it has been like this for at least one year without any problem.
Our main site ww.ludicash.com is not signed with a root certificate and it works.
A lot of Avast users seem to be complaining about websites being blocked since the last update, do you think you will make an update allowing Go Daddy Root G2 certificates ?
-
Hi Support Team,
10 days later, a new version has been released on your side but we're still experiencing a lots of negative feedbacks from our users who us Avast on their computer as they cannot access to our games on our portal https://www.ludicash.com (when they click on the "Jouer" button on the web site the game client is luanched but it stays blocked at the end of our process that loads all the images used in the client).
We have tried with a non-root SHA-2 certificate, it does not change anything.
The only way to make it work is still by entering an url exclusion in Avast settings as said above (now https://tarot.ludicash.com for the TAROT game for example)
As our users are for the most of them inexperienced with computer it's harsh to tell them to add the URL to the exclude list. We would like to have a real solution to that problem. May you look into that issue please?
Thank you
-
Report it at support.avast.com