godaddy - Site Blocked - URL:Phishing

[sys-d]

Hello,

I'm getting URL:Phishing detected by Web Shield for this URL:

https://sso.secureserver.net/?app=email&realm=pass

Immediately after Sign In, URL:Phishing detected by Web Shield with this URL in the log:

https://email17.godaddy.com/webmail.php

Have been using this site on regular basis, but this just started happening yesterday.

Can you please look into this?

thank you

[polonus]

Nothing here: https://www.virustotal.com/gui/url/b4058da8f17eda93970c7e0823024877e44c7ee0b827858eb2ef5f10789e4797/detection
google   notranslate
google-site-verification   t7JT1iH2iscenNr74R-kgXPljL_ru6OPiT9RE8zDk04
viewport   width=device-width, initial-scale=1
Nothing on the Akamai end -> https://www.virustotal.com/gui/ip-address/23.66.133.249/relations
But consider: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c3NdLnN7XnV9e3N7fXZ7fS5ue3RgPHxwcD17bXxbbCZ9e3xsbT1wfHNz~enc
Phishlabs detect the redirect: https://www.virustotal.com/gui/url/320c47eea87468b3ce912e60d67aa393a568af9bf15a95f5fa798bbaf8aba145/detection

Wait for an avast team member to give a final verdict on this detection or whether it is an FP.
Re: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=e218W2wxNy5nXSN8IyN5Ll5dbWB3e2JtfFtsLnBocA%3D%3D~enc

It is with GoDaddy's, contact them, zonemaster domain check alerts: DNSSEC
0   DNSSEC   NOTICE   There are neither DS nor DNSKEY records for the zone.
1   DNSSEC   NOTICE   The zone is not signed with DNSSEC.
SYNTAX - 1   ZONE   NOTICE   SOA 'refresh' value (300) is less than the recommended minimum (14400).
ONE   NOTICE - 3   SOA 'retry' value (600) is less than the recommended minimum (3600).
Target (MX=godaddy-com.mail.protection.outlook.com) found to deliver e-mail for the domain name.

See results: https://en.internet.nl/site/sso.secureserver.net/626511/ & https://en.internet.nl/site/email17.godaddy.com/626512/
Best policies not being implemented:
Your web server supports HTTP compression, which could be a security risk.
Verdict:
Your web server does not offer an HSTS policy.

Web server IP address   HSTS policy
173.201.193.133   None @ -p3plgemwbe17-v05.prod.phx3.secureserver.net

polonus

[sys-d]

thank you for looking into this polonus. all good info.

Wait for an avast team member to give a final verdict on this detection or whether it is an FP.

yes. will like to hear back from avast on FP status.

To troubleshoot/fix this from my side will be a challenge.

Let me know if I can provide any additional info or troubleshooting steps.

[Pondus]

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

[sys-d]

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

I'd reported following URL couple of times in the last few days:
https://email17.godaddy.com/webmail.php

I went ahead and resubmitted it and submitted one for:
https://sso.secureserver.net/?app=email&realm=pass