*URGENT* URL Blocked.

[hntemily]

Good afternoon!
This is Emily from Hanatour Korea.

After AVAST updating on 9th april,
My company's 2 web-site was blocked because of URL:MAL popup.
maidas.hanatour.net
gnis.hanatour.net

Virus pattern(140414-0) was updating yesterday, and finally we can access to our web-site.

Could this happen again?
It must on no account be happend again.

This issue is very important matter.
Hanatour is the biggest travel agency in Korea.
And the use of 2 web-sites are crucial in our working.
2 web-sites are global business site for making reservations and accounting.
So if our site block again, we cannot work and it will be very big issue to our company.
Because it may be related to our sales.
If our sales drop, how will you compensate it?

So, truly, i want to know the reason why our site blocked.
And if there was a problem on our site, just let me know what is the problem.
Based on the reply from you, we are willing to amend our web-site.

I am looking forward to your fast reply.
Thank you!


Best regards,
Emily

[SafeSurf]

Since several days have now passed, when it was blocked...did you submit it to Avast to review?  Often it can be a false positive, which it sounds like it was.  Next time it happens, there is a button to click on the bottom of the page to submit to Avast and it is submitted on the next update.

You can also always enter your url into an online scanner to find out if it is clean or not as well for immediate results.

[Pondus]

IP adresses for both sites are on two blacklists ..... apews.org and korea.services.net

maidas.hanatour.net / 222.122.204.194
gnis.hanatour.net / 222.122.70.193

CASE: C-15
Spambots, zombies, contaminated CIDR, bad reputation provider

The South Korean Network Blocking List   http://korea.services.net/

[hntemily]

Why our site are on the blacklist?
There is no problem on our site.
Thats why i am asking you avast, and why exactly was our site blocked?
I need an exact answer from avast headquarters.

[Pondus]

If you think the block is wrong, report it to avast lab here    http://www.avast.com/contact-form.php
You may give a link to this topic in case they reply here

[hntemily]

I already reported it.
But I can't hear any answer from avast head office..

[polonus]

Verified clean: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fgnis.hanatour.net

One site is given as : maidas.hanatour.net,,,Ghosted,  & 
This site is not being blocked by avast! any longer: http://toolbar.netcraft.com/site_report?url=http://maidas.hanatour.net
gnis.hanatour.net,222.122.70.193,,Parked/expired, -> http://toolbar.netcraft.com/site_report?url=http://gnis.hanatour.net
Site is no longer being blocked by avast!
This is not being blocked: hxtp://gnis-weblog.hanatour.net/viewlog.cgi
This is not blocked either: htxp://gnis.hanatour.net/hana/gnis2_login.jsp

IP                             Threats reported by ThreatSTOP

222.122.70.193   1 connection    started 3 years ago      last seen 78 min ago   Threat detection MODIFIED ITAR  threat danger level 1

                                                        started 3 years ago      last seen 79 min ago   Threat detction Republic of Korea threat danger level 1

DNS delegation errors: http://dnscheck.pingdom.com/?domain=gnis.hanatour.net&timestamp=1397648516&view=1

Not flagged here: http://www.ipvoid.com/scan/222.122.70.193/

Nameserver errors SOA issue: http://dnscheck.pingdom.com/?domain=hanatour.net&timestamp=1397648919&view=1

Good the sites became unblocked, the various dns issues should be looked into, another security recommendation can be found here via this link:
http://securitythoughts.wordpress.com/2011/03/30/how-to-modify-apache-coyote1-1-banner/  (link article author = Wasim Halani(


polonus