False Positive -- seeoine.com

I just created the following website, and I cannot view it when Avast is running on my local computer. There is literally nothing on the site (and never has been) except a placeholder homepage, so I don’t know why it is getting blocked.


URL: http://seeoine.com/
Process: %E7%91%8E%E7%89%A6%EC%B1%B8%E8%A3%93?%E8…
Infection: url:Mal

Also, I have a parked domain (seeoine.org) that points to the same site/content and it comes through fine.

Is there a way to release this?

thanks,
David

Hi, I’m accessing it without trouble. (Blank white page, with the text “seeinone.com” at the top left.)

That suggests it’s not Avast doing it.

What other security software/firewall are you, or have you run on the computer you’re using?

Snap, no problem connecting to the site.

Happy New Year.

Interesting… Thank you for looking at it. I still can’t get to the site without turning of my Real-Time Network Shield.

Indeed, Happy New Year!

It is weird that the consistency isn’t there, same end location but different result.

Looking at the alert info you gave again, the thing that strikes me as strange is the Process responsible for the connection:

Process: %E7%91%8E%E7%89%A6%EC%B1%B8%E8%A3%93?%E8...

I would have expected that to be firefox, chrome or iexplore, etc. what is that, e.g. how were you connecting to the site (and were you connecting in the same way to seeoine.org for the redirect) ?

Have you tried it using a browser as we did in checking it out ?

Thank you for your continued help. I appreciate it.

I’ve tried three different browsers, and I get the same error on all. I’ve cleared all of the browser history, cache, etc…
I’m running Windows XP, and I’ve also flushed my dns cache (ipconfig /flushdns). I’ve restarted my computer multiple times…

When I do stop my Network Sheild and attempt to view the site, I don’t see the actual site (displaying “seeoine.com” at the top). I get a temporary page served by NameCheap, I assume. That makes me think that there could be some DNS issues still lingering…?? But I would have thought those would have been resolved by now…especially since the site seems to be accessible for everybody else…Including my tablet connected to my wireless router. This makes me think that there is a problem with my own PC, but I can’t track it down.

David

Trying other browsers, should result in the Process being the browser executable and not this obfuscated Process.

That is the thing which is baffling me are you running those browsers through some sort of third party application (security/privacy/proxy, etc.), see example image of what I would expect to see on a network shield alert.

We aren’t getting a blank page, so I don’t know why you are, if this were some sort of DNS poisoning I would expect to see that happen on your other system (but that displays the place holder page), as presumably it would be using the same DNS server ?

It is possible there could be something on your system, but if it were redirecting traffic I would expect to see it on other sites not just yours.

If you haven’t already got this software (freeware):
MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. Download, Install, Update, Run and post the contents of the log.

Sorry for my delayed response. And, thank you to all who viewed and responded to help me out.

I wish I knew what the solution/problem actually was, but everything seems to be working. My guess is that it was some sort of DNS caching…it’s still strange that Avast was flagging the site…unless it commonly does this for temporary pages served by a hosting company or domain registrar. I noticed the “fix” after unplugging my network cable for a several hours while I did other things. My hope was that I would get a new IP address from my ISP. I forgot about the whole issue until my wife couldn’t connect to the Internet. And, after plugging back in, I was able to get to the site without Avast alerting me of a dangerous URL and blocking the site.

Thank you, again. I really appreciate the quick responses and continued assistance afforded by this site.
David

You’re welcome.

Avast doesn’t treat temporary pages any differently as it would a permanent page. If a DNS cache or DNS server had the wrong IP address it could be sending you to a different location and one considered malicious and so blocked. But I can’t see how this would be the case given the other site redirecting to the main one would surely end up at the same place if it were a DNS server issue.

So still a mystery to me too.