Closed ClaritysoftSupp closed 8 months ago
Hi,
Looking for a response to my submission above. We have users who are unable to access our website.
As of 17 minutes ago, claritycrm.com is still being listed by Phishing Database on virustotal.com.
Please let me know if there is anything that can be done to expedite the delisting process.
Thank you
Hi,
We have not received a response for this open issue. Additionally, we have submitted a pull request for claritycrm.com.
Our customers are currently experiencing issues access their data due to this listing.
Please let me know if there is any way to expedite this process.
Thank you
Hi @ClaritysoftSupp
We have not received a response for this open issue
Nope, as I'm looking into it on a volunteer level, I do my best to keep up with various things, so please be patience.
As mentioned in the issue template
We understand it can be frustrating to be marked as potential infected
This is also why the Google infected VirusTotal never marks any domains higher than Potential
with any records from this project.
And here is something just as frustrating for as it then is to you; I do not have access to the scanning logs, which leaves me very blind for what I looking for on your domain(s), which leads to a lot of searching for me, to see if I should give your information any trust, or you are "just saying" a lot of buzz words.
This is giving the whitelist job a lower prio, as I in general spends over an hour on each of these reports... for free... so please don't hesitate to hit @spirillen's sponsor button as well as this project.
@ClaritysoftSupp I'll dig into this issue now, so any clues you can share to help, is appreciated.
For the security perspective, you can hit me up on https://matrix.to/#/@spirillen:matrix.org
You're invited to talk on Matrix
Spyware found on claritycrm.com
https://www.google.com/recaptcha/api.js?render=6LdQ1bAcAAAAAJs_pD4NlkSI7las06lhe9WWhrnE
https://fonts.googleapis.com/css?family=Roboto
Prohibited access to help solve this issue by GoDaddy's censorship and anti Privacy rules
Can't solve this issue without anonymous access to the crm in question
Thanks for your reply. Please go through each below-mentioned points based on your reply.
Looks like it's a miscommunication, we want claritycrm.comhttp://claritycrm.com/ to be white-listed from the phishing database and not claritysoft.comhttp://claritysoft.com/ (which you mentioned in the last reply mail from your side) claritycrm.comhttp://claritycrm.com/ is marked by Phisi. database. We want this domain to be cleaned from your side.
note: claritysoft.comhttp://claritysoft.com/ domain is out of topic and it has no relation with claritycrm.comhttp://claritycrm.com/. claritysoft.comhttp://claritysoft.com/ is our corporate website.
Moreover, the two URLs mentioned by you tagged as spyware,
https://www.google.com/recaptcha/api.js?render=6LdQ1bAcAAAAAJs_pD4NlkSI7las06lhe9WWhrnE https://fonts.googleapis.com/css?family=Roboto are pointing to google.comhttp://google.com/, which is clean.
These URLs belong to Google
These seem to us pretty surprising if the two above urls contain spyware and our domain is marked as unsafe instead of the two Google URL mentioned which are safe.
Lastly, the topic is regarding the Access being denied by Godaddy, it seems that you are trying to access our application by an anonymous "UNTRUSTED" IP (185.220.103.4) which has a serious mispractice reputation [ref. Exhibit-1]. It is blocked by ThreatDown Antivirus Server Agent powered by MalwareBytes. Malwarebytes blocked and in the category: exploit been mentioned in their log report of the IP (185.220.103.4)
Exhibit-1 : in the attchment
Wondering if it is possible from your end to use a trusted IP to scan our domain. If not, we can make the above IP used by you guys in the exclusion list.
Please take the necessary actions from your end to mark our domain claritycrm.comhttp://claritycrm.com/ safe. I do not see anything else we could take to protect and secure our domain. It's fully tight with any kind of security breach with the actions taken by us on the 15th of January, 2024.
Thank you in advance.
Regards Sandip Sandip Nascar @.**@.> +91 7059326999
From: spirillen @.> Date: Tuesday, 23 January 2024 at 2:44 AM To: mitchellkrogza/Phishing.Database @.> Cc: Claritysoft Support @.>, Mention @.> Subject: Re: [mitchellkrogza/Phishing.Database] [FALSE-POSITIVE] (Issue #797)
Spyware found on claritycrm.com
Prohibited access to help solve this issue by GoDaddy's censorship and anti Privacy rules
image.png (view on web)https://github.com/mitchellkrogza/Phishing.Database/assets/44526987/77a1e3d1-b03e-42bd-af4e-0e7f96e63551
Can't solve this issue without anonymous access to the crm in question
— Reply to this email directly, view it on GitHubhttps://github.com/mitchellkrogza/Phishing.Database/issues/797#issuecomment-1904828032, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BFNJ2C7VJSWBYI7ACNBXF3DYP3JBLAVCNFSM6AAAAABB6YVSTWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBUHAZDQMBTGI. You are receiving this because you were mentioned.Message ID: @.***>
claritysoft.comhttp://claritysoft.com/ domain is out of topic and it has no relation with claritycrm.comhttp://claritycrm.com/. claritysoft.comhttp://claritysoft.com/ is our corporate website.
Is used to determine who you are and what you might be doing, to help getting a picture of what to be looking for.
These seem to us pretty surprising if the two above urls contain spyware and our domain is marked as unsafe instead of the two Google URL mentioned which are safe.
Nothing from google is safe for anyone. period, Alphabet are spies, can't be discussed and they do not put anything on the net, unless it is used to spy on people. IT IS THEY BUSINESS model to spy on everyone to among others selling ads, and manipulated elections, meaning interfering with democracy. < These are facts.
used for captcha for added security to stop unauthorized access
Add your own and self hosted solution, EU have freeware recaptcha, and it is one js files, this will also add more trust in your domain.
Next about this is they never works, people dumb enough to let G-captcha slip though there networks firewall, are often fighting up to hours to get through the captcha trap of fingerprinting the user by click and mouse patterns + plus a lot more invasive crap.
Lastly, the topic is regarding the Access being denied by Godaddy, it seems that you are trying to access our application by an anonymous "UNTRUSTED" IP (185.220.103.4) which has a serious mispractice reputation [ref. Exhibit-1]. It is blocked by ThreatDown Antivirus Server Agent powered by MalwareBytes. Malwarebytes blocked and in the category: exploit been mentioned in their log report of the IP (185.220.103.4)
Yes, of curse I'm using tor to access potential infected domains from a closed box via tor... and it is well know that MalwareBytes are working against privacy = democracy.
Meaning: If you like my help to see if the domain can be whitelisted, you will honor the human rights to privacy.
Wondering if it is possible from your end to use a trusted IP to scan our domain
Any Tor IP addresses are from the actual trustworthy network... unlike any connections via #SpyWeb (or #catNet if you prefer). So please be careful, maybe one (1) % of the users on the Tor network have bad intentions... All corps (Adobe, Alphabet, meta and Cloudflare to only mention a few from the top 10) on the #spyWeb have bad intention, which roughly will say 90% of all traffic on the "Clear Net" is tracking, spying, manipulating etc etc etc of badware with evil intention.
Conclusion from you own philosophy... ban spyWeb and allow Tor Nertwork.
I stop wasting further time on this issue as it leads nowhere.
ClaritysoftClarity CRM software helps your business stay connected with your customers, streamline processes, and drive business growth.
ClaritycrmClaritysoft Live Secure Login Page. Login to your database.
Thank you for your reply and patience as we gather our understanding of the situation.
We have added the IP in question to our firewall allow lists.
Please let us know if there is anyway else we can assist with the investigation.
We have added the IP in question to our firewall allow lists.
That makes no sense to add that IP address as it is rotated for every few minutes, as the Tor exit notes are change every few minutes to ensure you privacy, and makes it near impossible to track a default users whereabouts. The only thing you can do, it to permit users to there fundamental right to privacy and allow full access from the Tor-network.
And as I said, I'm not going to waist more time on this domain (issue) as I
As said by you, “Do not have access to the log files for why you are listed” Is it possible for you to share any contact, who are direct authority of it.
So that we can reach out to them and sort out the issue as we are completely nowhere, why still it’s showing as unsafe in the phishing database.
And we don’t block any IP deliberately. Malwarebytes ThreatDown agents running in the server and GoDaddy security blocks all untrusted, unsafe IPs.
From: spirillen @.> Date: Wednesday, 24 January 2024 at 11:48 PM To: mitchellkrogza/Phishing.Database @.> Cc: Claritysoft Support @.>, Mention @.> Subject: Re: [mitchellkrogza/Phishing.Database] [FALSE-POSITIVE] (Issue #797)
We have added the IP in question to our firewall allow lists.
That makes no sense to add that IP address as it is rotated for every few minuteshttps://tor.stackexchange.com/questions/7567/how-often-do-tor-exit-nodes-change-ip-addresses, as the Tor exit notes are change every few minutes to ensure you privacy, and makes it near impossible to track a default users whereabouts. The only thing you can do, it to permit users to there fundamental right to privacy and allow full access from the Tor-network.
And as I saidhttps://github.com/mitchellkrogza/Phishing.Database/issues/797#issuecomment-1908219140, I'm not going to waist more time on this domain (issue) as I
— Reply to this email directly, view it on GitHubhttps://github.com/mitchellkrogza/Phishing.Database/issues/797#issuecomment-1908681161, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BFNJ2C2FOTPD7SEO7BL5UBLYQFGAFAVCNFSM6AAAAABB6YVSTWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBYGY4DCMJWGE. You are receiving this because you were mentioned.Message ID: @.***>
Hello,
As the CEO of Claritysoft and I wanted to send you a message directly. I understand you are offering help in a volunteer capacity, and I truly appreciate your help.
Claritysoft is a CRM software provider, we’ve been in business for over 13 years and have 1000’s of users of our software. During the last 13 years, we have never experienced any issues like the issues we are experiencing today. As a result of our presence on the “Phishing Database” list, many of our customers cannot reach our service and our very existence is at risk.
I have asked my team to work with you to get this resolved. We have now granted the TOR network access to claritycrm.com, so you should be able to scan our site to determine if any malware still exists.
Thank you again for your assistance.
Domains or links https://claritycrm.com claritycrm.com
More Information How did you discover your web site or domain was listed here?
Have you requested removal from other sources? We were listed and have since been delisted by cluster25 as of this morning. We are currently still listed by seclookup and are awaiting delist.
Additional context We had an issue with malware that has since been resolved. Measures have been put in place to prevent issues moving forward.
:exclamation:
We understand being listed on a Phishing Database like this can be frustrating and embarrassing for many web site owners. The first step is to remain calm. The second step is to rest assured one of our maintainers will address your issue as soon as possible. Please make sure you have provided as much information as possible to help speed up the process.
Send a Pull Request for faster removal Users who understand github and creating Pull Requests can assist us with faster removals by sending a PR to mitchellkrogza/phishing repository, on the falsepositive.list file