system
1
Hey gang,
A client has a small Squarespace site - hxxps://smokestak[.]co.uk
Recently they’ve been getting some notifications from customers regarding Malware Warnings. The site has been inspected by Squarespace support, I have run my own scans, everything is being served over https and I have installed other malware / virus detection software (AVG and BitDefender) to check what they pickup - everything indicates that the site is clear.
Avast, however, is showing the following warning. I have seen previous posts where these types of warnings have been coming up incorrectly.
Can anyone shed any light on this / suggest a possible fix?
The first Avast warning - http instead of https - is just from where I tested the hxxp://smokestak[.]co.uk before
Thanks in advance.
https://lh6.googleusercontent.com/Dc6UTVyHUFYgGAaGFv70PS6b5Vbh5hdE5p4_ZLsMFsec2TlhdFpJOVmN0SS5kyXMaO4uOj28c4GrBpc=w1100-h803-rw
Asyn
2
Eddy
3
avast doesn’t say that a infection is detected.
avast says that domain and/or IP is blocked/blacklisted.
Blacklistings on that ASN/IP :
http://urlquery.net/report.php?id=1496751620674
Name mismatch with certificate 2 :
https://www.ssllabs.com/ssltest/analyze.html?d=smokestak.co.uk&s=198.185.159.144&latest
Vulnerable library found :
http://retire.insecurity.today/#!/scan/8d9b02f8862b6972cc25c522b11c12ddeb4e80178a14473dcad60890540d568b
Really bad IP history :
https://www.virustotal.com/en/ip-address/198.185.159.144/information/
My advise :
- Fix the vulnerable library problem
- Fix the certificate mismatch
- Get dedicated hosting
https://smokestak.co.uk
http://smokestak.co.uk
Both are blocked by F-Secure. see attached screenshot
I have removed smokestak[.]co.uk from our blacklist 
Eddy
6
I hope only that site is allowed but not the entire IP.
There are thousands of unique domains on those IPs, so it is likely we will not ever block those IPs, unless more than ~50% of the domains are malicious.
Thanks for your help and advice guys.
Beers are on me - everything’s working as it needs to.
