Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on September 06, 2016, 02:39:08 PM

Title: Why our domain is blocked by avast
Post by: REDACTED on September 06, 2016, 02:39:08 PM

Hi,
Why our domain promety.net is blocked by Avast ?

There is no problem with this domain on :
https://www.virustotal.com/fr/url/9dccb9fccadaacf40927d18fd2b19ecdcccd35fe7cc7b9bdca1767e675756ca9/analysis/1473164399/
http://retire.insecurity.today/#!/scan/76015d38248726a61e4033418fa8716a2a668bb01836f4f4efaf1d1e80b931da
http://urlquery.net/queued.php?id=1586780837
http://zulu.zscaler.com/submission/show/d71bc4a40939875dd1fb8d0ea343f525-1472656432

We are the same problem with :
http://bernarddevent.legrandchangement.com/categorietm1.asp?i_ordre=fk_ci_forfait&i_catego=47799&i_cherche=&docid=1980&i_page=5

Why our sites is blocked ?

Thanks
Michel Morin

Title: Re: Why our domain is blocked by avast
Post by: Eddy on September 06, 2016, 03:01:42 PM

Here is a good reason why it is blocked :
https://sitecheck.sucuri.net/results/www.promety.net

Title: Re: Why our domain is blocked by avast
Post by: polonus on September 06, 2016, 04:19:00 PM

There is a redirect on that page:
URLs that redirect found in: -http://www.promety.net/

1: -http://www.primiti.com/script/primiti.js ->-http://www.primiti.com/script/primiti.js?rc=.asp
This page cannot be found? code 302 - Carrefour Internet -> https://asafaweb.com/Scan?Url=www.primiti.com
Also Fail and warnings.

See: https://asafaweb.com/Scan?Url=www.promety.net%2Fweblg.asp%3Fi_id%3D7659
Fial and warnings.

Check code -https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.promety.net&ref_sel=GSP2&ua_sel=ff&fs=1

Unblock for researchers and developers that know how to evalute the report from redleg's fileviewer only!

Consider -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.promety.net%2Fweblg.asp%3Fi_id%3D7659
landing at: -http://ban-ex.primiti.com/initredir.asp?s=11535
http://toolbar.netcraft.com/site_report?url=http://ban-ex.primiti.com 
A kind of website traffic-doubler?

polonus

Title: Re: Why our domain is blocked by avast
Post by: HonzaZ on September 06, 2016, 04:32:25 PM

We spotted this URL being accessed in our userbase: tpiron.promety[.]net/counter/?ad=1dp41llefwctxmrzjoawlhndgvyhhhkqtz&id=tzua9rmqgd7og0nmilcmed06-a1oxtzdapwqri-shndfznh5vknssfpomht9frlre5lihosicv0&rnd=21
Looks like Locky to me.

Title: Re: Why our domain is blocked by avast
Post by: REDACTED on September 06, 2016, 11:16:10 PM

Hi,
we deleted this site :

tpiron.promety[.]net/counte

Can you reactivate promety.net ?

Thanks

Michel Morin

Title: Re: Why our domain is blocked by avast
Post by: HonzaZ on September 07, 2016, 12:20:40 PM

Hi,
We have seen traffic to tpiron.promety[.]net even today, though not to /counter/.
I am unblocking promety[.]net right now, but please do take security seriously, or the whole domain might be blocked again in the future.