Avast WEBforum

Other => Viruses and worms => Topic started by: Nick333 on November 11, 2019, 04:27:30 AM

Title: site blocked... URL Phishing
Post by: Nick333 on November 11, 2019, 04:27:30 AM

Hi,

Suddenly today Avast blocked my web by URL:Phishing.  sparekorea.com

I checked with google transparencyreport but had no problem.
https://transparencyreport.google.com/safe-browsing/search?url=sparekorea.com

How can I fix this issue? Somebody can help me? little urgent...

Title: Re: site blocked... URL Phishing
Post by: Michael (alan1998) on November 11, 2019, 06:13:41 AM

TLS/SSL checks are failing >> https://zulu.zscaler.com/submission/22193471-989b-4f92-9756-4930eaa5148e

I've never seen someone put a github repo on their domain before... >> https://sitecheck.sucuri.net/results/sparekorea.com

Pulled this from your source code.

Code: [Select]

   <p class="chromeframe">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> or <a href="http://www.google.com/chromeframe/?redirect=true">activate Google Chrome Frame</a> to improve your experience.</p>

I dislike third party websites, preferring to download directly from the source. However, they (browsehappy) seems to be legit.

Note: Avast! doesn't seem to be blocking your website.

Running engine version: 19.8.2393 (build 19.8.4793.544)
VPS: 191110-0

Title: Re: site blocked... URL Phishing
Post by: Nick333 on November 11, 2019, 06:56:59 AM

Thanks,

I forwarded your message to our web service company. Thanks for your help.

By the way, on my computer, Avast still block my web and show same message.  (in Korean), Is it different for regions?

Thanks

nick

Title: Re: site blocked... URL Phishing
Post by: polonus on November 11, 2019, 12:25:37 PM

Hi Nick333,

This is probably while loading of the site fails (or are we seeing a stage of maintenance/cleansing?)

Quote

Content that was returned by your request for the URL: hxtp://sparekorea.com/
Note: Content displayed is from the redirect location, the URL hxtps://www.sparekorea.com/

1:  < html>
2:  < head> < title> 301 Moved Permanently< /title> < /head>
3:  < body bgcolor="white">
4:  < center> < h1> 301 Moved Permanently< /h1> < /center>
5:  < hr> < center> nginx/1.12.2< /center>
6:  < /body>
7:  < /html>

zip content

From line 5 we see excessive server info proliferation -> nginx/1.12.2
Never let your servers speak that loud: https://github.com/0-complexity/openvcloud/issues/1317

See also: https://www.shodan.io/host/54.68.74.192
Netcraft risk grade 10 red out of 10 at Amazon where site is being hosted:
https://toolbar.netcraft.com/site_report?url=ec2-54-68-74-192.us-west-2.compute.amazonaws.com
so red alerts at Amazon Silicon Forest West-Oregon datacenter, but given as safe here:
https://www.virustotal.com/gui/ip-address/54.68.74.192/relations

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)