search

mitchellkrogza / Phishing.Database

Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.
MIT License
1.13k stars 257 forks source link

[FALSE-POSITIVE] #844

Closed karl1194 closed 6 months ago

karl1194 commented 7 months ago

Domains or links bloombreedschools.org

More Information How did you discover your web site or domain was listed here? Virus Total

Have you requested removal from other sources? Cluster25 Criminal IP CyRadar Emsisoft Fortinet Netcraft

Additional context Sucuri Cleanup

:exclamation:

We understand being listed on a Phishing Database like this can be frustrating and embarrassing for many web site owners. The first step is to remain calm. The second step is to rest assured one of our maintainers will address your issue as soon as possible. Please make sure you have provided as much information as possible to help speed up the process.

Send a Pull Request for faster removal Users who understand github and creating Pull Requests can assist us with faster removals by sending a PR to mitchellkrogza/phishing repository, on the falsepositive.list file

https://github.com/mitchellkrogza/phishing/blob/main/falsepositive.list Please include the same above information to help speed up the whitelisting process.

emidaniel commented 7 months ago

https://bloombreedschools.org/bitjdex/ https://bloombreedschools.org/bitjdex/Peehapee1.php https://bloombreedschools.org/bitjdex/gecontroleerd.php

Submitted to Phishtank.

spirillen commented 7 months ago

https://bloombreedschools.org/bitjdex/ https://bloombreedschools.org/bitjdex/Peehapee1.php https://bloombreedschools.org/bitjdex/gecontroleerd.php

Submitted to Phishtank.

Super... but they are now removed = 404

404 Not Found
404 Not Found
404 Not Found
emidaniel commented 7 months ago
  1. An error code still does not always mean that the phisher does not still have access to the site.
  2. The fact that a SECURITY COMPANY sends FAKE notifications about completed cleanups tells a lot about their "expertise". Why did it take them several days to remove the page? Why couldn't they do it immediately and BEFORE requesting blacklist removal?

They also repeatedly submit these "whitelist" requests to other lists like netcraft, openphish etc. Sometimes the site is moved to their subnet (AS30148 SUCURI-SEC) where the phishing page remains available (and in working state!) for weeks before it gets finally removed. Screenshot of the phishing page at the time of my previous message: https://urlscan.io/result/944bf0d7-7a96-4a27-9b6f-4c7258cab5c8/

bloombreedschools.org - urlscan.io
urlscan.io - Website scanner for suspicious and malicious URLs
spirillen commented 7 months ago

@emidaniel You are right, and I can see I have expressed myself in a unusual way by, implying it is firmed. My apologies.

My usual way would be, that I have been unable to confirm anything, and that is why I always ask/requires screenshots in submission reports, for you are right, there are many ways to control who sees what. Depending on location, blocke domain requests, browser(s), add-ons etc.

For your comments, we could never agree more. @mitchellkrogza this is way I would like to be able to peak/search in any of your crawler logs