Author Topic: site blocked... URL Phishing  (Read 1768 times)

0 Members and 1 Guest are viewing this topic.

Offline Nick333

  • Newbie
  • *
  • Posts: 2
site blocked... URL Phishing
« on: November 11, 2019, 04:27:30 AM »
Hi,

Suddenly today Avast blocked my web by URL:Phishing.  sparekorea.com

I checked with google transparencyreport but had no problem.
https://transparencyreport.google.com/safe-browsing/search?url=sparekorea.com

How can I fix this issue? Somebody can help me? little urgent...

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: site blocked... URL Phishing
« Reply #1 on: November 11, 2019, 06:13:41 AM »
TLS/SSL checks are failing >> https://zulu.zscaler.com/submission/22193471-989b-4f92-9756-4930eaa5148e

I've never seen someone put a github repo on their domain before... >> https://sitecheck.sucuri.net/results/sparekorea.com

Pulled this from your source code.

Code: [Select]
   <p class="chromeframe">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> or <a href="http://www.google.com/chromeframe/?redirect=true">activate Google Chrome Frame</a> to improve your experience.</p>

I dislike third party websites, preferring to download directly from the source. However, they (browsehappy) seems to be legit.

Note: Avast! doesn't seem to be blocking your website.

Running engine version: 19.8.2393 (build 19.8.4793.544)
VPS: 191110-0
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Nick333

  • Newbie
  • *
  • Posts: 2
Re: site blocked... URL Phishing
« Reply #2 on: November 11, 2019, 06:56:59 AM »
Thanks,

I forwarded your message to our web service company. Thanks for your help.

By the way, on my computer, Avast still block my web and show same message.  (in Korean), Is it different for regions?

Thanks

nick

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: site blocked... URL Phishing
« Reply #3 on: November 11, 2019, 12:25:37 PM »
Hi Nick333,

This is probably while loading of the site fails (or are we seeing a stage of maintenance/cleansing?)
Quote
Content that was returned by your request for the URL: hxtp://sparekorea.com/
Note: Content displayed is from the redirect location, the URL hxtps://www.sparekorea.com/

1:  < html>
2:  < head> < title> 301 Moved Permanently< /title> < /head>
3:  < body bgcolor="white">
4:  < center> < h1> 301 Moved Permanently< /h1> < /center>
5:  < hr> < center> nginx/1.12.2< /center>
6:  < /body>
7:  < /html>
zip content

From line 5 we see excessive server info proliferation -> nginx/1.12.2
Never let your servers speak that loud: https://github.com/0-complexity/openvcloud/issues/1317

See also: https://www.shodan.io/host/54.68.74.192
Netcraft risk grade 10 red out of 10 at Amazon where site is being hosted:
https://toolbar.netcraft.com/site_report?url=ec2-54-68-74-192.us-west-2.compute.amazonaws.com
so red alerts at Amazon Silicon Forest West-Oregon datacenter, but given as safe here:
https://www.virustotal.com/gui/ip-address/54.68.74.192/relations

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!