Seems the FP has been mitigated, I am no longer getting this avast pop-up alert.A likewise generic detection like this one seemed to have been at the culprit of this, again not on all clients:
https://www.reverse.it/sample/8bef79ef4eb547e6a227b31a80fec6565fb073d4a36138ab80fdeed274a7a414?environmentId=100and also consider this one:
https://www.hybrid-analysis.com/sample/145ec5176315a0cec2c56f3ae57dbd22c2d7e09a2e958ef13a3ca28f70439100?environmentId=100 It is anexperimental navigation structure and behavior pattern based on progressive enhancement and responsive web design,
NAV.RWD.checkMetroMode line 87 of the website code where we have to point to according to Redleg.
We are just waiting for an Avast Team Member to react.
Security issue server header info proliferation for Server type:
Apache/2.2.3 (Red Hat) DAV/2 mod_jk/1.2.31 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Not Enabled
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Enabled
RC4:
Not Enabled
OCSP stapling:
Not Enabled
Please check this list for unknown links on your website:
-https://www.bluebird.com/?solid=inavmyaccountbb&inav=menu_my --> 'bluebird alternative to bankin'
-https://www.amexglobalbusinesstravel.com --> 'corporate travel solutions'
-http://www.amextravelresources.com/?us_nu=dd&inav=menu_trave --> 'find a travel service office'
-https://www.amexglobalbusinesstravel.com --> 'corporate travel solutions'
-https://www.amexglobalbusinesstravel.com/meetings-and-events --> 'meetings and events'
-https://www.openforum.com/?cid=inav_home --> 'learn more'
-http://www.fdic.gov/edie/index.html --> 'continue'
-http://www.fdic.gov/edie/index.html --> 'continue'
-https://foursquare.com/americanexpress --> ''
-https://www.bluebird.com/?solid=bbdamexhpbbar&inav=footer_bl --> 'bluebird®'
-https://info.evidon.com/pub_info/1328?v=1&nt=1&nw=true&inav= --> 'adchoices'
polonus (volunteer website security analyst and website error-hunter)