Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive | s3.us-west-1.amazonaws.com #1123

Open
Evolus-Elliott opened this issue Feb 10, 2025 · 3 comments
Open

False Positive | s3.us-west-1.amazonaws.com #1123

Evolus-Elliott opened this issue Feb 10, 2025 · 3 comments
Assignees
@mitchellkrogza
Labels
bug Something isn't working

Comments

@Evolus-Elliott
Copy link

What are the subjects of the false-positive (domains, URLs, or IPs)?

s3.us-west-1.amazonaws.com

Why do you believe this is a false-positive?

You're blocking all of AWS S3 indiscriminately, phishing or not. This includes millions of AWS's customers. I've noticed you're blocking other regions and possibly Wasabi as well, another popular S3-compatible object storage.

How did you discover this false-positive(s)?

VirusTotal

Where did you find this false-positive if not listed above?

It appears Barracuda may use your phishing database.

Have you requested a review from other sources?

No response

Do you have a screenshot?

Screenshot

Image

Additional Information or Context

I have also noticed that...
@phishing-database-bot
Copy link
Member

Verification Required

@Evolus-Elliott, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

  1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

    • Record Name: _phishingdb
    • Record Value: antiphish-b896a5d9d0da1f274f02ed6c6b1d69d582aec599

    Your Verification ID: antiphish-b896a5d9d0da1f274f02ed6c6b1d69d582aec599

  2. Wait for DNS propagation (this may take a few minutes to a few hours).

  3. Reply to this issue once the TXT record has been set.

Important Notes

  • Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
  • If the record cannot be set or you need alternative methods of verification, please contact us at [email protected] - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

@Evolus-Elliott
Copy link
Author

I don't own Amazon. So this is impossible.

@spirillen
Copy link
Contributor

I do believe that any s3.%.amazonaws.com are whitelisted by default.

However please red this note Phishing-Database/phishing#749 and see if it is applies to this issue

@spirillen spirillen added the bug Something isn't working label Feb 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mitchellkrogza mitchellkrogza

Labels
bug Something isn't working
Projects
Phishing Database Backlog
Status: 🆕 New
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mitchellkrogza @funilrys @spirillen @g0d33p3rsec @Evolus-Elliott @phishing-database-bot