False Malware Alert on my website

[REDACTED]

Hi there,

I just bought Hosting and set up my website at "gameportal.website". When I try to open up, it gives me error. Right now Im getting old website at other server opening up, so I tried directly the IP address of mine. That IP itself is showing me error. Domain should not be an issue as it was brand new domain registered recently.

URL: http://104.156.251.110/
Infection: URL:Mal
Process: C:\Program Files\Google\Chrome\Application\chrome.exe

I don't know why. There is no malware on that IP Address.

Mayank

[polonus]

You'd probably get a "http-cisco-anyconnect:
|_  ERROR: Not a Cisco ASA or unsupported version" (status code 405)
bad zone for server1.gameportal.website
see: http://www.dnsinspect.com/gameportal.website/1441464541
 inconsistent reverse DNS entries.
 No private IPs found for gameportal.website.. Web servers using private IPs can't be reached from the Internet.
Avast blocks -http://www.gameportal.website./ as URL:Mal.
Received data:

Code: [Select]

HTTP/1.1 200 OK\r\n
Date: Sat, 05 Sep 2015 14:52:32 GMT\r\n
Content-Type: text/html; charset=utf-8\r\n
Content-Length: 8\r\n
Last-Modified: Sat, 05 Sep 2015 13:38:22 GMT\r\n
Connection: keep-alive\r\n
ETag: "55eaf04e-8"\r\n
Server: nginx centminmod\r\n
Expires: Sun, 06 Sep 2015 14:52:32 GMT\r\n
Cache-Control: max-age=86400\r\n
Cache-Control: public, must-revalidate, proxy-revalidate\r\n
Accept-Ranges: bytes\r\n
\r\n
testing\n Update - http://centminmod.com/getstarted.htm

pol

[REDACTED]

You'd probably get a "http-cisco-anyconnect:
|_  ERROR: Not a Cisco ASA or unsupported version" (status code 405)
bad zone for server1.gameportal.website
see: http://www.dnsinspect.com/gameportal.website/1441464541
 inconsistent reverse DNS entries.
 No private IPs found for gameportal.website.. Web servers using private IPs can't be reached from the Internet.
Avast blocks -http://www.gameportal.website./ as URL:Mal.
Received data:

Code: [Select]

HTTP/1.1 200 OK\r\n
Date: Sat, 05 Sep 2015 14:52:32 GMT\r\n
Content-Type: text/html; charset=utf-8\r\n
Content-Length: 8\r\n
Last-Modified: Sat, 05 Sep 2015 13:38:22 GMT\r\n
Connection: keep-alive\r\n
ETag: "55eaf04e-8"\r\n
Server: nginx centminmod\r\n
Expires: Sun, 06 Sep 2015 14:52:32 GMT\r\n
Cache-Control: max-age=86400\r\n
Cache-Control: public, must-revalidate, proxy-revalidate\r\n
Accept-Ranges: bytes\r\n
\r\n
testing\n Update - http://centminmod.com/getstarted.htm

pol

Hi, sorry I could not understand all you said. Please explain. Reverse DNS entry is wrong, I am in process of changing it once I figure out what that should be.

But it isn't about domain, the IP 104.156.251.110 itself when opened in browser gives MAL error.

[REDACTED]

I have now removed my website from DNS records.

So gameportal.website does not open now.

The problem is http://104.156.251.110/

This IP Address that my Webhost has give me seems to be affected, blocked by Avast. Should I seek new IP from my host? If Avast has blocked, is it a chance that some other anti virus also blocking this IP? I don't want my websites to get blocked from opening for my users.

Mayank

[Pondus]

Report your problem here  https://support.avast.com -> avast virus lab

[HonzaZ]

I unblocked the IP ;-)