URL:MAL

Think this is a false positive but not sure.
I created a new account on one of my servers and when I connect to it from Firefox, Edge, or chrome, Avast is telling me that URL:Mal is detected and wont open the connection.

I have run a scan with Avast and nothing was found.
Ran Malwarebytes and nothing was found.

Checked the blacklists for the server ip and all ok.

If I connect from my phone it opens, and others can connect to it.

So what else should I check?

Any link…!?

earthworksservicesllc.com

Should just be a coming soon page

Logs attached

https://sitecheck.sucuri.net/results/earthworksservicesllc.com

None of my other sites on this SHARED IP have the same result!?

Let me ask this:
Could this be happening because I had the customer redirect the DNS settings from his original site to my servers and the original site was the issue??

https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3Aearthworksservicesllc.com&run=toolpage

Zero results on blacklist…???

You can wait for Polonus, he’s usually willing to dig deeper.

This is being detected: At least 1 third party tracker know you are on this webpage.

-earthworksservicesllc.com -earthworksservicesllc.com

This produces a 404 not found: -images/icon.ico HTTP/1.1 see: https://urlquery.net/report/005679ca-0ffa-4428-8c90-aacf4dbcdc02
as is this: -[img] -earthworksservicesllc.com/images/logo.png

Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=earthworksservicesllc.com&ref_sel=GSP2&ua_sel=ff&fs=1
and https://www.virustotal.com/#/url/697badd358b744d0733dc4456c822e66f75f679fe7eb15cc0b31eefd3bfa5725/details

F-grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=earthworksservicesllc.com

See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=earthworksservicesllc.com%2Fimages%2Flogo.png&ref_sel=GSP2&ua_sel=ff&fs=1
also given as clean: https://www.virustotal.com/#/url/d2a7b1426f0e5c89c209acadb0cde722b120ca4a8f555b98a1b264502ac0d95c/detection

So wait for an avast team member to give the final verdict, as we have relevant knowledge here,
but only avast team members can come and unblock, also in case of a general IP block of sorts.

polonus (volunteer website security analyst and website error-hunter)

OK so all those are saying it is clean also.
So this is a false positive basically? And AVAST team member needs to fix it?

You can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

:slight_smile: Reported for now. We will see what happens. Thanks!!

You’re welcome.