[FALSE-POSITIVE]

[sucuriteamarc]

Domains or links Please list any domains and links listed here which you believe are a false positive.

More Information How did you discover your web site or domain was listed here?

1. Virus Total (https://www.virustotal.com/gui/url/8e0fa3032b90dc6b38f7b805c431ef699c445227f4bae3ce35b6cead4b11c6dd?nocache=1)
2. Site was infected by malware.

3. Have you requested removal from other sources? Please include all relevant links to your existing removals / whitelistings.

E-mailed Antiy: support@antiy.cn [undefined:support@antiy.cn] E-mailed SOCRadar: info@socradar.io E-mailed Cluster25: threatintel@cluster25.io E-mailed CyRadar: contact@cyradar.com [undefined:contact@cyradar.com E-mailed Phishtank: https://submit.gdatasoftware.com/privacy https://safetoopen.com/contact https://www.criminalip.io/contact-us https://www.alphamountain.ai/ https://www.avira.com/en/analysis/submit-url https://www.bitdefender.com/consumer/support/answer/29358/ https://www.brightcloud.com/tools/change-request.php# https://helpdesk.vipre.com/hc/en-us/requests/new https://www.brightcloud.com/tools/change-request.php https://www.phishtank.com/phish_detail.php?phish_id=8451615

Additional context We've scanned the site and remove all malicious content.

Sucuri Team :exclamation:

We understand being listed on a Phishing Database like this can be frustrating and embarrassing for many web site owners. The first step is to remain calm. The second step is to rest assured one of our maintainers will address your issue as soon as possible. Please make sure you have provided as much information as possible to help speed up the process.

Send a Pull Request for faster removal Users who understand github and creating Pull Requests can assist us with faster removals by sending a PR to mitchellkrogza/phishing repository, on the falsepositive.list file

https://github.com/mitchellkrogza/phishing/blob/main/falsepositive.list Please include the same above information to help speed up the whitelisting process.

[emidaniel]

We've scanned the site and remove all malicious content.

When you see someone from this "suckuri team" complaining, it almost always means that the page is not removed: https://urlscan.io/result/e8994c9e-324c-40a4-801b-8a8a4d43dc67/

I bet they just launched some "website malware scanner" to delete few scripts/files it considers malicious, then submit these requests and don't care to check even once whether phishing pages actually got deleted.

bishopberrian.com - urlscan.io

urlscan.io - Website scanner for suspicious and malicious URLs

[sucuriteamarc]

Hi there,

Can you please double check this for us. We made sure to remove the suspicious redirects. I have already cleared the cache from the Firewall. Please let us know if you still detect the redirection after we cleared the Firewall cache.

Regards,

John Edward Equiza

GoDaddy WSA | Remediation I

[https://email-sig.gd-resources.net/img/godaddy-guides-lockup.png]

@.**@.>

www.godaddy.com/contact-ushttps://www.godaddy.com/contact-us

www.godaddy.com/helphttps://www.godaddy.com/help

---

From: emi @.> Sent: Thursday, April 18, 2024 11:55 AM To: mitchellkrogza/Phishing.Database @.> Cc: JohnEdward Equiza (Vendor) @.>; Author @.> Subject: Re: [mitchellkrogza/Phishing.Database] [FALSE-POSITIVE] (Issue #868)

You don't often get email from @. Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to @.

We've scanned the site and remove all malicious content.

When you see someone from this "suckuri team" complaining, it almost always means that the page is not removed: https://urlscan.io/result/e8994c9e-324c-40a4-801b-8a8a4d43dc67/

I bet they just launched some "website malware scanner" to delete few scripts/files it considers malicious, then submit these requests and don't care to check even once whether phishing pages actually got deleted.

bishopberrian.com - urlscan.iohttps://urlscan.io/result/e8994c9e-324c-40a4-801b-8a8a4d43dc67/ urlscan.io - Website scanner for suspicious and malicious URLs

— Reply to this email directly, view it on GitHubhttps://github.com/mitchellkrogza/Phishing.Database/issues/868#issuecomment-2062943596, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BH5B646RSGPZGNRA2RT35LTY5474JAVCNFSM6AAAAABGMLU2B2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRSHE2DGNJZGY. You are receiving this because you authored the thread.Message ID: @.***>

[emidaniel]

bishopberrian.com/fitnessbase looks removed now.

We made sure to remove the suspicious redirects. I have already cleared the cache from the Firewall.

Why couldn't you do this before sending these requests?

I've also found that the site is also serving malware:

http://bishopberrian.com/22.exe -> http://bishopberrian.com/1.exe

https://app.any.run/tasks/91ed7f5f-970a-42b2-a7bb-b97c66104095

How come you missed this too? Shouldn't be too hard to find when you have full access to files list.

[emidaniel]

Note that the malware still isn't removed even after all these messages and several months (!!!). The bastards just placed a captcha on every page that resulted in AV crawlers delisting the site as unavaliable. But open in a real browser and enjoy the malware served from their 192.124.249.113 (AS30148 SUCURI-SEC):

That's all you need to know about these suckuris. They don't care about actual security that much than about fleecing people who made a stupid decision to hire their "qualified remediation expert" hindu college-dropoffs to deal with these issues.

[spirillen]

Thanks for the heads up @emidaniel