search

mitchellkrogza / Phishing.Database

Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.
MIT License
1.11k stars 254 forks source link

[FALSE-POSITIVE] [Abuse][Santander][C171232] Request for delisting of blacklisted Domain #654

Closed CsirtEntelgy closed 1 year ago

CsirtEntelgy commented 1 year ago

Domains or links [Please list any domains and links listed here which you believe are a false positive.] https://www.santanderconsumer.at https://secure.santanderconsumer.at/federated-login-ui

More Information How did you discover your web site or domain was listed here? Incorrectly marked as Phishing on VirusTotal

Have you requested removal from other sources? Please include all relevant links to your existing removals / whitelistings.

Additional context

[Abuse][Santander][C171232] Request for delisting of blacklisted Domain

To the attention of Phishing Database,

Innotec Security manages the fraudulent actions against Santander and all issues related to security incidents against this company.

We have detected that the domains https://www.santanderconsumer.at, https://secure.santanderconsumer.at/federated-login-ui belonging to our customer, are listed in VirusTotal.

We have contacted VirusTotal, but they have told us that they cannot remove the results of the searches performed in their services and that we have to contact their clients, which in this case would be you. For this reason we ask for your help to remove the malicious search results for our client's legitimate domains.

https://gafe.innotec.security/download.php?id=EgSOo6QhzVzO

This domain corresponds to a legitimate corporate website of our client and our client have taken all the necessary actions in order to stop the possible resources that could be detected as potentially malicious, as cookies or trackers.

Here is evidence of the legitimate corporate websites:

https://gafe.innotec.security/download.php?id=v8s6gUeLxs7B https://gafe.innotec.security/download.php?id=4lp5vEI2SU0a

We are going to add the representation sheet that allows us to act in this type of incident on behalf of our client.

https://gafe.innotec.security/download.php?id=D7Nr8GNVuJyd https://gafe.innotec.security/download.php?id=RqSypTMSsQTA

We need your collaboration to stop this incident by remove blacklisting for this domains. If you need more information regarding this incident, please contact our CSIRT 24/7 by replying to this email.

Thank you very much for your attention. Looking forward to your reply.

Regards,

CSIRT | Entelgy Innotec Security

Email: csirt@innotec.security

We understand being listed on a Phishing Database like this can be frustrating and embarrassing for many web site owners. The first step is to remain calm. The second step is to rest assured one of our maintainers will address your issue as soon as possible. Please make sure you have provided as much information as possible to help speed up the process.

Send a Pull Request for faster removal Users who understand github and creating Pull Requests can assist us with faster removals by sending a PR to mitchellkrogza/phishing repository, on the falsepositive.list file

https://github.com/mitchellkrogza/phishing/blob/main/falsepositive.list Please include the same above information to help speed up the whitelisting process.

funilrys commented 1 year ago

b3f517bf22a538f3c95bf8b5b1129cca8fd28170