Open DandelionSprout opened 4 years ago
Most bewilderingly of all, the takedown firm seemingly forced Mitchell Krog to take down fraudulent domains (Namely those in https://github.com/mitchellkrogza/Phishing.Database/commit/16bff9d7b7ae3a5c6747dfe035a686c186a878f1) that weren't even owned by the firm's client in question... 😶
Thanks for pointing me to this. Did the (pesudo-)takedown result in any domains being owned by AXUR/Banco Safra to be removed from a blacklist? Given that, as you point out, the domains added to the whitelist are not actually owned by Safra, it wouldn't really make sense to add those domains to BarbBlock, but if they were asking for specific domains they do own to be removed, that could meet the criteria for addition.
It doesn't appear to me that any of the domains are actually owned by Safra, unfortunately enough. Although in my personal view, that only makes the takedown even more illegitimate.
So in addition to the 4 domains in the takedown against Mitchell Krog, and 1 in the takedown against Nano Filters: If we presume that the same firm was also going ballistic over LATAM
before, that would mean that the 6 entries with that phrase in https://github.com/mitchellkrogza/Phishing.Database/blob/master/whitelist.me/whitelist.me were also taken down by them.
That means we're up to 11 fraudulently taken-down domains thus far. I'm currently searching around for more.
I also found this:
Apparently they had a GitHub user at some point earlier this year to try to issue takedowns, which apparently went so poorly that they deleted their account and all their issue reports after filing only 3 takedowns.
After some heavy Google searching, it was apparently the two sicredi
-containing entries in https://github.com/essandess/adblock2privoxy/blob/master/easylist/malwaredomains_full.txt that riled them up so much, although they were ultimately not removed. So now we're up to a final total of 11 or 13 domains. I currently don't think I would be able to find more.
Otherwise I could only find them going after things that weren't even filterlists, such as https://github.com/LudovicRousseau/pcsc-tools/commit/fbacfe51028616f140d525450d788935a2974a29 and https://github.com/PeterNotenboom/SwiftCodes/commit/a71bdd4d078e37394c12e7f5a7f454a52aa00d9c.
It looks like they are just sending removal requests to repo owners, rather than DMCA takedowns sent to GitHub? If so it's annoying, but it's more of a nuisance than an abuse of the system.
Considering their use of In order to avoid a lawsuit from a federal court, please, send confirmation that this email was received along with your guarantee to comply with the requests reported above.
in their default E-mail template, I for one would think it's no mere requests we're talking about here, although I am not a legal expert nor a lawyer.
Jspenguin2017 raised a good point in his thread in that some of the domains could be inactive. So I ran PyFunceble on them to see if they were still active, so now I'm down from 11-13 to 5-6 again. Namely the 4 from https://github.com/mitchellkrogza/Phishing.Database/issues/15 alongside latam-pass.website
and arguably latam.com-voucher-barato.com
.
Although the following is not formally a DMCA takedown, the E-mail threat that is listed in https://github.com/mitchellkrogza/Phishing.Database/issues/15 is close enough to being a takedown that I think it would be something you could check out and consider adding to your lists nevertheless.