False positive: MULTIPLE examples #1101
Comments
Verification Required@LocalWebDev52, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:
Important Notes
How to Check the TXT Record ?You can verify that the TXT record is properly set using:
Thank you for your cooperation! We will address your issue as soon as possible after verification. The Phishing.Database Project Team. |
|
I set it for kyushuramennoodles.com. Are you going to make us set it for all of them? That seems unfair given how we simply request delists for other vendors. |
No, that’s not the case, but we decide which ones to add randomness to. This is for the security of the domain holder, not to inconvenience legal owners.
I understand how frustrating this can be, but I think it wouldn’t hurt to add a touch of politeness to the tone. Personally, I tend to leave messages like these unanswered for a while until I’m in the right frame of mind to deal with demanding individuals, who often turn out to be mistaken - not intentionally, but because we reveal information they were unaware of. At the beginning of the issue template:
I believe I previously mentioned that you should enclose any URLs and domains in backticks ```! Is that comment still there? And before you direct any negativity towards me, I want to clarify that I’m here to help when I feel up to it. I don’t even use these lists myself, so please keep that in mind before responding. ptcheck Thanks for using my tools. Please add the TXT record to |
|
I apologize for my bluntness. We dealt with an incident nearly four years ago and to date some of our clients are falsely labeled as harmful even to this day - it's frustrating and brings back memories of a truly horrific week. It was certainly not my intention to direct any negativity towards you and I appreciate the response. The owner of fireanddicegames.com is on vacation but I have gone ahead and added the TXT record to newcanaancert.org, darienlandtrust.org, aceautoglassct.com and aikidofc.com - the others are controlled by clients and would need to coordinate a 2FA check. I hope this is satisfactory. How long will it take to recognize the change on VirusTotal when the domains are removed from your list? |
|
Morning... To take the easiest question first
I really don't know 🤷🏻 honestly, it is VT who drags the whitelists from this project, or actually from https://github.com/Phishing-Database/Phishing. But the words says it can take up to a couple of day. My standard saved reply is:
Now to some background work... 👷🏻 |
|
Have I forgot to test any domains @LocalWebDev52 ?. however I proceed to whitelist these 5 domains |
github-project-automation
bot
moved this from 🆕 New
to ✅ Done
in Phishing Database Backlog
|
spent 45m |
|
@spirillen Thank you. Has https://mlwny.org/ been removed as well? Is it common that glitches in this sort of software leads to previously flagged domains being re-flagged? That's more understandable. I appreciate the rapid response. |
|
I shouldn't say for sure, but I think you might be on an old list that was imported after the repo was remade, following GitHub shutting it down for using too many resources. This could also explain the significant increase in the number of issues since the relaunch.
You most welcome... 🎩 I do have a little spot in the corner where you could drop a coin or two http://www.mypdns.org/donate 😉 spent 12m |
|
@spirillen Great! So just to be clear: https://newcanaancert.org/ These were all flagged by Phishing Database, and these have all been whitelisted, it will just take a few days to show on VirusTotal? Thank you for the additional info on old lists. I will have to keep that in mind and be vigilant, especially with the specific links that had compromised content back in 2021 which were promptly cleaned. If Ko-fi works I'd certainly be happy to support someone this diligent about responses. It is very appreciated! |
|
The following domains was added in Phishing-Database/phishing@61a66bd#diff-365e9f086474958b3c3480c084f5376aa2860b057a5d1fb0cde97e0cf7d495dfR166-R170 I then added That should be 6 domains. In alphabetical order And you listed 8... whereof one is on vacation.... So I'm missing one = Let me follow up on them, right now I'm running test on #1067, will continue on this issue once done with #1067
Ko-fi and liberapay are both equal to me :koffe: |
github-project-automation
bot
moved this from ✅ Done
to 📋 Backlog
in Phishing Database Backlog
Cool, adding the last two to the whitelist. Phishing-Database/phishing@7a01e76 |
github-project-automation
bot
moved this from 📋 Backlog
to ✅ Done
in Phishing Database Backlog
|
@spirillen Sorry to bother. VirusTotal is still listing Phishing Database as showing these sites as harmful. Can you confirm that these URLs have all been whitelisted and how long it might take VirusTotal to reflect the changes? Other sources keep falsely flagging URLs based on the existing flags so it's like whack a mole. |
|
you to.... welcome to the club, you are the fourth today that are hit by what looks like a dealing system without any admins to get in touch with. Because I'm tired of trying to write something new about the very same issue, please read here #1067 (comment) @funilrys more bugs everywhere Phishing-Database/phishing#749
|
github-project-automation
bot
moved this from ✅ Done
to 📋 Backlog
in Phishing Database Backlog
What are the subjects of the false-positive (domains, URLs, or IPs)?
You are falsely flagging several of our small business and nonprofit clients as "phishing." Our sites are all carefully maintained and kept safe ever since a hack from June of 2021 caused us to move to a managed server on which we've had zero incidents, which is why this mass false flag is so concerning.
https://newcanaancert.org https://www.virustotal.com/gui/url/f66c10cd41f2e6c9f60b5a3d85d027e1ad8b97e11ea7f291ae19a2b68dc5ebf4
https://harnessap.org https://www.virustotal.com/gui/url/a60a5a4cd82b3216f11ba6711fe1759f865b27cf95bdfd6d541b7287f1796b7a
https://fireanddicegames.com https://www.virustotal.com/gui/url/2b61c9c1489778916a65f9b5e5d46e7019923bc2fb2828a13f676ac94ff9fc69
https://darienlandtrust.org https://www.virustotal.com/gui/url/848a46176c09f5d0b8d0d9618fa29df4be5c5c94b4c7bbdd191115a4dd460134
https://kyushuramennoodles.com https://www.virustotal.com/gui/url/ba91d70864f7a649c5fb2d2509a41927d950f75582418e606c83b7080af1a075
https://mlwny.org https://www.virustotal.com/gui/url/671e9681fb2d6e23583e930d719f0c0ac6347e2cc060b40d6dab9eee21faada5
https://aceautoglassct.com https://www.virustotal.com/gui/url/01827deff99acad281acdc94a44e4e5e0d0379efc155782530a9097e25feeb78
https://aikidofc.com https://www.virustotal.com/gui/url/fdf538b2e927791d821e1d451d9744484b08e5913c566a89dc5c287cdf905458
Get these URLs removed from your database immediately.
Why do you believe this is a false-positive?
These are small websites with zero unsafe content, and are kept clean and regularly scanned with heavy levels of security. We're very upset that the onus is on us to have to correct these issues in your software for you.
How did you discover this false-positive(s)?
VirusTotal
Where did you find this false-positive if not listed above?
I discovered this false-positive by...
Have you requested a review from other sources?
We have requested removal from some other sources that no doubt drew after you, as these URL flagging systems appear to be some kind of ouroboros.
Do you have a screenshot?
Screenshot
Additional Information or Context
I have also noticed that...
The text was updated successfully, but these errors were encountered: