search

oll98 / phpgsb

Automatically exported from code.google.com/p/phpgsb
Other
1 stars 0 forks source link

Phishing site with Full URL doesnt detect #23

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Hi =)

Today, I checked site (http://www.bsdcmail.com/plugins/system/cielo3.php) on 
your demo and phpGSB show that it is clean.

But Google Chrome block it as Phishing site.

Interesting moment, Google block not just Domain, Google block Domain+Full URL, 
maybe problem connected with it.

Original issue reported on code.google.com by spir...@gmail.com on 23 Dec 2011 at 1:51

GoogleCodeExporter commented 8 years ago 
The browsers use a variety of lists to detect phishing/malware sites. I've 
checked on both:
http://www.google.com/safebrowsing/diagnostic?site=http://www.bsdcmail.com/plugi
ns/system/cielo3.php

And via the Lookup API (it returns a 204 header if its safe):
https://sb-ssl.google.com/safebrowsing/api/lookup?client=api&apikey={GOOGLESAFEB
ROWSING_APIKEY}&appver=1.5.2&pver=3.0&url=http://www.bsdcmail.com/plugins/system
/cielo3.php

But neither return the site as suspicious so I'm inclined to think they're 
getting the data from another location (perhaps Phishtank or similar). Thanks 
for flagging though, its always better to check!

Original comment by cleaver....@gmail.com on 1 Jan 2012 at 1:54

GoogleCodeExporter commented 8 years ago 
Yes, you are right, PhishTank block it and some others (NetCraft, Apews, 
MyWOT). Also I checked site on Chromium. And Chromium also block it. Do you 
read Chromium code? How do you think there is a chance to change link to feed 
in PHPGSB for monitoring Chromium  blacklist-database?

Original comment by spir...@gmail.com on 1 Jan 2012 at 11:07

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
This domain aboutconvert . ru got a hit in Google SB and listed as suspicious 
http://www.google.com/safebrowsing/diagnostic?site=aboutconvert.ru
but PHPGSB demo shown it as 

Phishing Result:No Match
Malware Result:No Match

Firexox block it too. Any idea?

Original comment by store2...@gmail.com on 15 Jan 2012 at 5:16

GoogleCodeExporter commented 8 years ago 
Thanks, I'm confirming with the lookup API but it looks like phpgsb isn't 
picking it up for some reason, investigating. I've opened a new issue thread 
for this:
http://code.google.com/p/phpgsb/issues/detail?id=25

Original comment by cleaver....@gmail.com on 16 Jan 2012 at 9:16