Site Flagged for Phishing.
Posted: Sat 23 Sep 2023 10:24 pm
Was recently notified by a few Colleagues that my Site has been marked for Phishing & bring blocked.
Pattern tended to point to users of Telstra Au, but with the first site still being able to visit on one particular PC.
All other PC's Redirect to a Telstra Generated Page that blocks the site.
Have seen it in person at just two clients sites.
Ran a Scan with TotalVirus, https://www.virustotal.com/gui/home/url and it comes up clean.
Lodged this Report with Telstra & they replied with their result that the root, inverellit.com gets a few Positives
https://www.virustotal.com/gui/url/8f15 ... 878b8c7f46
https://www.virustotal.com/gui/url/ddae ... 88e9178a67
Strange thing is though, that I run my Site as a Subdomain.
weather.inverellit.com points to public_html/weather
but Inverellit.com points to public_html/inverellit.com
Strange thing though is that the public_html/inverellit.com directory is essentially empty.
htaccess file that contains only a <lf>,
And empty folders for
.well-known
.well-known/acme-challenge
cgi-bin
Have Browsed all my directories & nothing looks suspicious.
Only other thing that vaguely fits the timing is my 3248 upgrade performed on the 19th, & then first heard the issue mentioned the next day.
Other thing that comes to mind is that maybe a stale DNS record could have been used by a scanner,
pointing to my previous provider that I dumped back in January, when the majority of their customers were compromised.
When using that provider my domain was pointed at 116.0.212.23.
Anyone have any ideas?
Or able to get any further analysis online with other scanning services?
Thanks
Phil.
Pattern tended to point to users of Telstra Au, but with the first site still being able to visit on one particular PC.
All other PC's Redirect to a Telstra Generated Page that blocks the site.
Have seen it in person at just two clients sites.
Ran a Scan with TotalVirus, https://www.virustotal.com/gui/home/url and it comes up clean.
Lodged this Report with Telstra & they replied with their result that the root, inverellit.com gets a few Positives
https://www.virustotal.com/gui/url/8f15 ... 878b8c7f46
https://www.virustotal.com/gui/url/ddae ... 88e9178a67
Strange thing is though, that I run my Site as a Subdomain.
weather.inverellit.com points to public_html/weather
but Inverellit.com points to public_html/inverellit.com
Strange thing though is that the public_html/inverellit.com directory is essentially empty.
htaccess file that contains only a <lf>,
And empty folders for
.well-known
.well-known/acme-challenge
cgi-bin
Have Browsed all my directories & nothing looks suspicious.
Only other thing that vaguely fits the timing is my 3248 upgrade performed on the 19th, & then first heard the issue mentioned the next day.
Other thing that comes to mind is that maybe a stale DNS record could have been used by a scanner,
pointing to my previous provider that I dumped back in January, when the majority of their customers were compromised.
When using that provider my domain was pointed at 116.0.212.23.
Anyone have any ideas?
Or able to get any further analysis online with other scanning services?
Thanks
Phil.